[j-nsp] ACX5048 - protect remote access (telnet, ssh, http, snmp)

[Mark Tinka]

On 2/Apr/16 11:04, Saku Ytti wrote:

>
> I've always wondered why is this a hard problem, especially in low
> end? Naively I'd think that from your ASIC waste one revenue port as
> host-bound facing and implement normal port ACLs there.

It is exactly for that reason. Vendors will assume all low-end
requirements place more emphasis on cost than security (however basic)
or generally well-practiced network operational requirements.

They'll further justify it by saying, "If you want all the bells &
whistles, we have box for that".

Mark.