OT: Security

[John Van Ostrand]

On Fri, 2006-03-03 at 23:30 +0800, Jerome Macaranas wrote:

> > You can't change BIOS settings or deal with boot time problems from an X
> > desktop, or SSH connection.
> >
> > Because of their nature don't all IP-KVMs support authentication? I
> > would also expect them to support SSL or some form of encryption too.
> 
> yes they do... but I want to have some other challenges... I dont want to rely 
> only on the vendor's security...  ATEN for example can be accessed via 
> HTTPS.. and ACLs



I'm with you there, but I give a little if it makes sense.



> >
> > We use IBM's remote service adapter, which has a built-in KVM and power
> > switch, etc. We don't allow access to it from the Internet at large. A
> > VPN connection is required (or an SSH tunnel.)
> >
> 
> your using the KVM module on the blade center?


Yes, we have customers that are. They don't access it outside of their
own network though.

The RSA card that I speak of is for the bulk of the systems that we
support. As an IBM vendor we put in an RSA card for remote management on
standalone and rackmount servers. They are cheap enough (far less than
MSRP) that we are now putting them in all servers we ship.


> > Without a firewall, you would have to rely on the vendor's security.




-- 
John Van Ostrand
         Net Direct Inc.
 
Director of Technology
564 Weber St. N. Unit 12
   Waterloo, ON N2L 5C6 
 map 
john-Da48MpWaEp0CzWx7n4ubxQ at public.gmane.org
        Ph: 519-883-1172
 ext.5102
Linux Solutions / IBM
Hardware
        Fx: 519-883-8533
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/legacy/attachments/20060303/492c215c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://gtalug.org/pipermail/legacy/attachments/20060303/492c215c/attachment.sig>