[j-nsp] Junos EVO RE Filters
heasley
heas at shrubbery.net
Wed Jun 19 13:35:49 EDT 2024
Wed, Jun 19, 2024 at 08:58:01AM +0300, Saku Ytti:
> To me none of the above matters. I don't care how insecure the BMC is.
> I just want a true OOB port that works when my router does not work. I
> want an OOB port that won't break my router, when my OOB LAN has a
> broadcast storm or some other unexpected behaviour. I want an OOB port
> over which I can bootstrap factory new router.
With current BMCs, you will have moved the target and degraded the
security. A successful compromiser would have SOL access, BIOS access
(or equiv), potentially an ether port shared with the CP, ....
> Perfect is the enemy of done
And enemy of security is lack of effort? Current BMCs would be
a step backward, imiho. I wish they were better; a lot of
potential..
More information about the juniper-nsp
mailing list