LISTSERV mailing list manager LISTSERV 15.5

Help for NORDNOG Archives


NORDNOG Archives

NORDNOG Archives


View:

Next Message | Previous Message
Next in Topic | Previous in Topic
Next by Same Author | Previous by Same Author
Chronologically | Most Recent First
Proportional Font | Monospaced Font

Options:

Join or Leave NORDNOG
Reply | Post New Message
Search Archives


Subject: Re: Beer + Wlan
From: Simon <[log in to unmask]>
Reply-To:Network management discussion for Nordic region <[log in to unmask]>
Date:Wed, 20 Mar 2002 16:14:07 +0100
Content-Type:text/plain
Parts/Attachments:
Parts/Attachments

text/plain (35 lines)


On Wed, Mar 20, 2002 at 02:29:28PM +0100, Måns Nilsson wrote:
> --On Wednesday, March 20, 2002 12:40:10 +0100 John Angelmo
> <[log in to unmask]> wrote:
>
> > WLAN is as much as a security issue as regular LAN, bad management is
> > the big problem.
> > The easiest way to implent WLAN at a NOC for service personel is to
> > simply but a VPN box behind the AP. You get IP from the DHCP server but
> > to access ANYTHING you need to authenticate yourself trough the VPN
>
> Or "Do not telnet to the core routers from the WLAN directly without data
> channel encryption, bounce on a management box." That plus clever
> directives about system security and other practices goes a long way
> towards securing the management system.

[...]

> doing "saw-off-the-branch" config changes), I would argue that all control
> protocols (as in telnet or SNMP) should be made robust enough to survive an
> open WLAN -- or they should not be used. That is the proper fix, not a
> band-aid like a VPN or limited access to management resources.
>
> This of course is somewhat utopic. But still, it is what we should strive
> for.

Ssh feels like a step in the right direction.
It's turned into something of a defacto standard for [unix] server
remote administration, let's hope the same happens for
routers/switches/etc so we can forget all about telnet.

I'd say snmp needs a major overhaul for people to regain any amount of
confidence in it after the recent CERT announcement.

--
Simon

Back to: Top of Message | Previous Page | Main NORDNOG Page

Permalink



LISTSRV.NORDU.NET

CataList Email List Search Powered by the LISTSERV Email List Manager