[Info-vax] rx8640 ILO MP port faulty?

[Scott Dorsey]

=?UTF-8?Q?Arne_Vajh=c3=b8j?=  <arne at vajhoej.dk> wrote:
>On 7/16/2023 10:29 AM, Scott Dorsey wrote:
>> Simon Clubley  <clubley at remove_me.eisner.decus.org-Earth.UFP> wrote:
>>> On 2023-07-11, David Turner <dturner at islandco.com> wrote:
>>>> Try an old windows 7 box that wasn't recently updated and then connect to it
>>>> SSH and Browsers all fail here when I try to connect to an rx2660. New
>>>> SSL/TLS requirements prevent connection
>>>> Pain in the aXX
>>>
>>> Security can be a pain sometimes. However, the alternative is far worse.
>> 
>> The problem is that hardware is difficult to change, and software people see
>> change for change's sake as being a good thing, and there is a fault line
>> between them where the earthquakes happen.  And that fault line includes
>> embedded web servers.
>
>If it has to be secure then it has to happen.

Maybe.  Or maybe something else has to happen, like having more severe
restrictions on access to the network accessing the iLO interfaces.  There
is almost always more than one way to skin a cat.

Security people often think of outward-facing web servers seen on the public
internet when they hear "web server."  They don't think of printer maintenance
pages, iLO interfaces, or spectrum analyzers.  You take security precutions 
based upon vulnerabilities and the perceived or modelled risk, not because
it's "standard industry practice."

>The vendors need to ensure that the thing is upgradeable.
>
>And the owners need to do the upgrades.

You are asking for an awful lot, especially in that first case.  Although in
the second case I will say that I have stopped doing any firmware upgrades
to the DL380 machines (gen7 through gen9) after twice having such "upgrades"
brick the machine.  Upgrades like this I don't need.
--scott

-- 
"C'est un Nagra. C'est suisse, et tres, tres precis."