Security Basics mailing list archives

RE: Out-of-band management network -more secure?

From: "Burton M. Strauss III" <BStrauss () acm org>
Date: Tue, 23 Mar 2004 11:28:33 -0600

Remember, you are only as secure as the weakest link.


Plus:

Keeps all of the management traffic out of the network and thus - if
properly configured - invisible to mortals (what they can't see isn't going
to spark interest).
Keeps the management traffic (say your netFlow data) from eating bandwidth.

Minus:

More complex to implement and maintain.
Double... wiring, nics, routers, etc - more stuff to buy, more stuff to
fail, more stuff to support/maintain.


The fallacy of OOB is that it makes you secure.  It doesn't - in fact, it's
a more attractive target to attack because there's more 'good stuff' out
there.  It may also be a softer target because if you think it's secure you
may not be keeping those hosts patched and updated.



-----Burton

-----Original Message-----
From: Kip Sr. [mailto:kipsr1 () yahoo com]
Sent: Monday, March 22, 2004 6:46 PM
To: security-basics () securityfocus com
Subject: Out-of-band management network -more secure?

Hello there!

I am looking for opinions about implementing an
out-of-band management network. I am talking about
dual homing NICs of web/db servers, routers, switches,
etc. - to both production network and management
network.

Can someone tell me the main reason for implementing
OOB? Any security implications I should be aware of?

Thank you all in advance!

Thanks!
Kip.



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

Out-of-band management network -more secure? Kip Sr. (Mar 23)
- RE: Out-of-band management network -more secure? Burton M. Strauss III (Mar 23)
- <Possible follow-ups>
- RE: Out-of-band management network -more secure? Shawn Jackson (Mar 23)