[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A few potential requirements

To: Bill Woodcock <woody@pch.net>
Subject: Re: A few potential requirements
From: "R.P. Aditya" <aditya@grot.org>
Date: Mon, 25 Jun 2001 15:00:50 -0700
Cc: ops-nm@ops.ietf.org
Delivery-date: Mon, 25 Jun 2001 15:01:55 -0700
Envelope-to: ops-nm-data@psg.com
Reply-To: "R.P. Aditya" <aditya@grot.org>

On Mon, Jun 25, 2001 at 01:29:01PM -0700, Bill Woodcock wrote:
> I'm for requiring that vendors provide a reasonable secure method for
> across-the-network configuration.  I'd prefer to see ssh/scp, but I'm not
> religious about it.  But I strongly feel that this is secondary to making
> sure I can get into the box with whatever tools I have at hand.  Meaning
> that I must first have telnet before I require SSH.  And I have to be able
> to get in from a TTY with a serial cable, and no crypto smarts at all.
> 
> Do you agree on that, or do you mean that you want _only_ encrypted
> channels into the box?  That would rule out craft ports.

I agree. Most importantly, whether one connects remotely, or "locally" via a
serial console, the management interface should be identical (which seems most
likely do-able only via a CLI). I think having a CLI command that brings up an
*optional* menu-driven interface is okay.

- Another requirement that comes to mind is that the operator must be able to
specify which "in-band" method(s) to activate explictly. The default is that
they are all disabled. That is, I don't want to have to worry about the
web-interface, SNMP and CLI being enabled when I first install the box,
however I do want explicit knobs to turn those on. The serial console
"out-of-band" should always be on.

Adi

Prev by Date: Re: Question regarding the scope of the WG
Next by Date: Re: text format of configurations
Prev by thread: Re: Fwd: Re: A few potential requirements
Next by thread: Re: A few potential requirements
Index(es):
- Date
- Thread