On Wed, Mar 20, 2002 at 02:29:28PM +0100, Måns Nilsson wrote:
> --On Wednesday, March 20, 2002 12:40:10 +0100 John Angelmo
> <[log in to unmask]> wrote:
> > WLAN is as much as a security issue as regular LAN, bad management is
> > the big problem.
> > The easiest way to implent WLAN at a NOC for service personel is to
> > simply but a VPN box behind the AP. You get IP from the DHCP server but
> > to access ANYTHING you need to authenticate yourself trough the VPN
> Or "Do not telnet to the core routers from the WLAN directly without data
> channel encryption, bounce on a management box." That plus clever
> directives about system security and other practices goes a long way
> towards securing the management system.
> doing "saw-off-the-branch" config changes), I would argue that all control
> protocols (as in telnet or SNMP) should be made robust enough to survive an
> open WLAN -- or they should not be used. That is the proper fix, not a
> band-aid like a VPN or limited access to management resources.
> This of course is somewhat utopic. But still, it is what we should strive
Ssh feels like a step in the right direction.
It's turned into something of a defacto standard for [unix] server
remote administration, let's hope the same happens for
routers/switches/etc so we can forget all about telnet.
I'd say snmp needs a major overhaul for people to regain any amount of
confidence in it after the recent CERT announcement.