[c-nsp] Looking-glass software?

Patrick M. Hausen hausen at punkt.de
Fri May 19 03:23:45 EDT 2017


> Am 18.05.2017 um 21:08 schrieb Saku Ytti <saku at ytti.fi>:
> On 18 May 2017 at 21:47, Patrick M. Hausen <hausen at punkt.de> wrote:
>> I am in no way planning to make this public. We have had routerproxy in
>> place as a convenient tool for our own admins, specifically the ones who
>> are not IOS gurus and just want to look up stuff, not configure the systems.
> I get that, but you shouldn't use system() or back-ticks ever,
> regardless security posture. Because it is 0 cost to do this right
> (e.g. popen) versus wrong, so you have no upside on the wrong way.
> Also, you may intend it internal use only, but then you leave the
> company, and customer RFP mandates looking glass, and fastest way to
> do it, is to expose the NOC tool to customer.

I know - but honestly I wasn't planning to code one myself.

And of course the comments about private tools suddenly
turning public years later are spot-on.

Either the one bundled with rancid works or I'll "fix it in the
documentation" and do a write up for my colleagues on
how to do it with SSH and the CLI. Might serve as a cheat
sheet for myself in situations of sudden pressure, too ;-)

Thanks for all hints.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20170519/bd1867f7/attachment.sig>

More information about the cisco-nsp mailing list