- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Servers - General
- >
- Webconsole & Lan Console port
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-16-2004 06:06 AM
тАО04-16-2004 06:06 AM
With many thanks
-sinhass
Solved! Go to Solution.
- Tags:
- SWC
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-16-2004 06:26 AM
тАО04-16-2004 06:26 AM
SolutionThe lanconsole ( old lanconsole, new servers hav GSP or MP ) do not support encrypted connections. The Secure Webconsole does ( https protocol) The problem with non encrypted connections is that if s.o. sniffs the packages it is relativly easy to capture a username/passwd string. This is harder when the traffic ( ip ) is crypted.
GSP's and MP's support the ssh and https ( crypted )protocol, as well as the telnet protocol ( non crypted ).
HTH,
Gideon
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-16-2004 06:30 AM
тАО04-16-2004 06:30 AM
Re: Webconsole & Lan Console port
We use web console, because it was the first one I anaged to to get working. I was having terminal key errors with lanconsole.
The Web console has a good java/security package with it and an extra layer of password security before you can get to a normal console prompt.
The advantage here is that all you need to make it work is a supported browser. If there are security flaws, your exposure is the same as any other web document.
Behind a firewall, the real issue is employees.
lanconsole gives you an additional advantage, along with the disadvantage of needing to find and install a proper client, putty works fine btw. You can add a layer of /var/adm/inetd.sec security and control what ip addresses and hosts are allowed to connect. This should be done regardless of whether you use lanconsole or not but you can fine tune the security in a little more granular fashion.
I see these as two equally good products, one of which is slightly easier for a fool like me to set up.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-16-2004 07:27 AM
тАО04-16-2004 07:27 AM
Re: Webconsole & Lan Console port
1) Serial consoles, which I assume we are not talking about.
2) Lanconsole which is substantially a telnet/ssh connection and network configuration.
3) Secure Web Console.
Even though I did a recent install on this, the first thread response writer is way more up to date than me an the technical aspects.
Take that into account when making your decision.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-16-2004 08:17 AM
тАО04-16-2004 08:17 AM
Re: Webconsole & Lan Console port
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-16-2004 11:41 AM
тАО04-16-2004 11:41 AM
Re: Webconsole & Lan Console port
-sinhass
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-16-2004 12:51 PM
тАО04-16-2004 12:51 PM
Re: Webconsole & Lan Console port
http://www.security-express.com/archives/bugtraq/1999-q4/0157.html
So the answer is that neither should be used a security device. Console connections, regardless of the platform or appliance, are critical entry points into the system. And as such, they should be treated as highly vulnerable and to be protected. So I would remove lanconsole connections and web consoles (don't forget your network appliances), and replace them with serial connections into a secure terminal server. Cyclades makes an embedded Linux box that supports from 1 to as many as 48 consoles in a 1U rack space. There are a couple of other manufacturers that offer console servers with SSH access.
The reason that this is important is that you don't want any of the consoles directly connected to a network. You will use SSH to terminal server and then select the port you need. Another advantage of modern terminal servers is that they remember text that was sent to the console even though no one was connected to the port.
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-17-2004 12:38 AM
тАО04-17-2004 12:38 AM
Re: Webconsole & Lan Console port
to add to what Bill wrote:
use something like "nmap" to do a so-called "portscan" on one of those "consoles" - and they usually are hung up (and you'll need to unplug the power-cable from it to get it back to work. That's especially nasty with the GSPs, i.e. built-in lan-/web-consoles).
FWIW,
Wodisch