Servers - General
1748060 Members
5317 Online
108758 Solutions
New Discussion юеВ

Webconsole & Lan Console port

 
SOLVED
Go to solution
sinhass
Regular Advisor

Webconsole & Lan Console port

Can anyone help me to understand which one of the Secure webconsole and lanconsole is more secure.

With many thanks

-sinhass
7 REPLIES 7
G. Vrijhoeven
Honored Contributor
Solution

Re: Webconsole & Lan Console port

Hi sinhass,

The lanconsole ( old lanconsole, new servers hav GSP or MP ) do not support encrypted connections. The Secure Webconsole does ( https protocol) The problem with non encrypted connections is that if s.o. sniffs the packages it is relativly easy to capture a username/passwd string. This is harder when the traffic ( ip ) is crypted.
GSP's and MP's support the ssh and https ( crypted )protocol, as well as the telnet protocol ( non crypted ).

HTH,

Gideon
Steven E. Protter
Exalted Contributor

Re: Webconsole & Lan Console port

They are both pretty darned secure in my opinion.

We use web console, because it was the first one I anaged to to get working. I was having terminal key errors with lanconsole.

The Web console has a good java/security package with it and an extra layer of password security before you can get to a normal console prompt.

The advantage here is that all you need to make it work is a supported browser. If there are security flaws, your exposure is the same as any other web document.

Behind a firewall, the real issue is employees.

lanconsole gives you an additional advantage, along with the disadvantage of needing to find and install a proper client, putty works fine btw. You can add a layer of /var/adm/inetd.sec security and control what ip addresses and hosts are allowed to connect. This should be done regardless of whether you use lanconsole or not but you can fine tune the security in a little more granular fashion.

I see these as two equally good products, one of which is slightly easier for a fool like me to set up.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Steven E. Protter
Exalted Contributor

Re: Webconsole & Lan Console port

I know of 3 ways to do this:

1) Serial consoles, which I assume we are not talking about.
2) Lanconsole which is substantially a telnet/ssh connection and network configuration.
3) Secure Web Console.

Even though I did a recent install on this, the first thread response writer is way more up to date than me an the technical aspects.

Take that into account when making your decision.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
SS_6
Valued Contributor

Re: Webconsole & Lan Console port

Both have same funtion and secure. Web console are old one and is extra hardware but lan console is inbuilt. No one can remove it, no extra cables needed.I think every new server have this feature as default.
By providing solutions I am helping myself
sinhass
Regular Advisor

Re: Webconsole & Lan Console port

Thanks to Everybody
-sinhass
Bill Hassell
Honored Contributor

Re: Webconsole & Lan Console port

In my opinion (and many other sysadmins), there is nothing secure about the Web Console. Here is one of many (old) references to decoding the web console:

http://www.security-express.com/archives/bugtraq/1999-q4/0157.html

So the answer is that neither should be used a security device. Console connections, regardless of the platform or appliance, are critical entry points into the system. And as such, they should be treated as highly vulnerable and to be protected. So I would remove lanconsole connections and web consoles (don't forget your network appliances), and replace them with serial connections into a secure terminal server. Cyclades makes an embedded Linux box that supports from 1 to as many as 48 consoles in a 1U rack space. There are a couple of other manufacturers that offer console servers with SSH access.

The reason that this is important is that you don't want any of the consoles directly connected to a network. You will use SSH to terminal server and then select the port you need. Another advantage of modern terminal servers is that they remember text that was sent to the console even though no one was connected to the port.


Bill Hassell, sysadmin
Wodisch
Honored Contributor

Re: Webconsole & Lan Console port

Hi,

to add to what Bill wrote:
use something like "nmap" to do a so-called "portscan" on one of those "consoles" - and they usually are hung up (and you'll need to unplug the power-cable from it to get it back to work. That's especially nasty with the GSPs, i.e. built-in lan-/web-consoles).

FWIW,
Wodisch