LISTSERV mailing list manager LISTSERV 15.5

Help for NORDNOG Archives


NORDNOG Archives

NORDNOG Archives


View:

Next Message | Previous Message
Next in Topic | Previous in Topic
Next by Same Author | Previous by Same Author
Chronologically | Most Recent First
Proportional Font | Monospaced Font

Options:

Join or Leave NORDNOG
Reply | Post New Message
Search Archives


Subject: Re: Beer + Wlan
From: John Angelmo <[log in to unmask]>
Reply-To:Network management discussion for Nordic region <[log in to unmask]>
Date:Wed, 20 Mar 2002 20:10:38 +0100
Content-Type:text/plain
Parts/Attachments:
Parts/Attachments

text/plain (51 lines)


Simon wrote:
> On Wed, Mar 20, 2002 at 02:29:28PM +0100, Måns Nilsson wrote:
>
>>--On Wednesday, March 20, 2002 12:40:10 +0100 John Angelmo
>><[log in to unmask]> wrote:
>>
>>
>>>WLAN is as much as a security issue as regular LAN, bad management is
>>>the big problem.
>>>The easiest way to implent WLAN at a NOC for service personel is to
>>>simply but a VPN box behind the AP. You get IP from the DHCP server but
>>>to access ANYTHING you need to authenticate yourself trough the VPN
>>
>>Or "Do not telnet to the core routers from the WLAN directly without data
>>channel encryption, bounce on a management box." That plus clever
>>directives about system security and other practices goes a long way
>>towards securing the management system.
>
>
> [...]
>
>
>>doing "saw-off-the-branch" config changes), I would argue that all control
>>protocols (as in telnet or SNMP) should be made robust enough to survive an
>>open WLAN -- or they should not be used. That is the proper fix, not a
>>band-aid like a VPN or limited access to management resources.
>>
>>This of course is somewhat utopic. But still, it is what we should strive
>>for.
>
>
> Ssh feels like a step in the right direction.
> It's turned into something of a defacto standard for [unix] server
> remote administration, let's hope the same happens for
> routers/switches/etc so we can forget all about telnet.

ssh is great, using openssh wouldn't be that hard, I THINK it has quite
a small footprint. But theres still coming out to many new bugfixes and
new releases coming out, updating with new images every second month
isn't that fun.

>
> I'd say snmp needs a major overhaul for people to regain any amount of
> confidence in it after the recent CERT announcement.
>

time seems to also be the factor here, in a few months it might be OK
once again.


/John

Back to: Top of Message | Previous Page | Main NORDNOG Page

Permalink



LISTSRV.NORDU.NET

CataList Email List Search Powered by the LISTSERV Email List Manager