HPE Community
HPE 9000 and HPE e3000 Servers
1753725 Members
4837 Online
108799 Solutions
New Discussion юеВ

Re: Secure MP?

 
jmb
Regular Advisor

тАО05-28-2004 09:50 AM

тАО05-28-2004 09:50 AM

Secure MP?

Is there a way to make the management port on an 11.11 system secure? (This is a 7420). I see that SSL is available for Itanium servers, but this is RISC. Any way of putting ssh into the MP? Ideas?

Thanks.
0 Kudos
4 REPLIES 4
Sridhar Bhaskarla
Honored Contributor

тАО05-28-2004 10:08 AM

тАО05-28-2004 10:08 AM

Re: Secure MP?

Hi,

No way I know of. You can probably try to limit it. Have another system (ssh gateway) in the same subnet as of your MP network and make sure it is on the same switch. Connect to the system using ssh and from there use telnet. This way only communication between the ssh gateway and the MP of the target system is unencrypted. If they are located in the same datacenter, then the risk is minimal.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Bill Hassell
Honored Contributor

тАО05-30-2004 01:05 PM

тАО05-30-2004 01:05 PM

Re: Secure MP?

Other than the very latest servers, the management ports (LAN, modem or serial console) are far too open to allow remote access. For serial consoles, they should be connected to a secure terminal server that uses SSH to the server. For modems, always use airgap security (that is, throw away the phone cord). And for LAN connections to the managemant ports, never connect them to an open subnet. They should be isolated with a DMZ router and communication with the LAN consoles should take place via a system on the same LAN that only supports SSH from the outside world.


Bill Hassell, sysadmin
0 Kudos
jmb
Regular Advisor

тАО06-01-2004 02:53 AM

тАО06-01-2004 02:53 AM

Re: Secure MP?

Bill, you say, "other than the latest servers". Which new servers are the exception to what you suggest, and how are they more secure?
0 Kudos
Bill Hassell
Honored Contributor

тАО06-01-2004 03:59 AM

тАО06-01-2004 03:59 AM

Re: Secure MP?

I believe as you mentioned that the Itanium servers (non-PA-RISC) have SSL available. I don't think any PA-RISC servers have it.


Bill Hassell, sysadmin
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.