I proposed 9600,n81 as a recommended standard, not higher, not lower, because having a SET baud rate and framing parameters that can be expected regardless of configuration state (or lack thereof) is useful. Of all network hardware I have encountered, 9600,n81 is by far the most universal default. I think I have a broad enough range of experience in that area to say that this constitutes a reasonable majority of the deployed equipment.
On Wed, 22 Oct 2003, Randy Bush wrote:
> Why not specify ATLEAST 9600/8/n/1 ?
is 1200 baud less secure?
Randy, you have a way with few words :-)
I did have some question about whether this was a security feature at all and would welcome comment. It's also the only place now where the requirment itself lists a specific technology (all others leave that for the examples)....so it's a bit of an odball.
That being said, I think having a guarenteed-to-work-everybody-can-do-it way of accessing the box for managemnt and config during an attack or to load a new version of code offline IS a security issue (availability mostly, managability) and I would be hard pressed to name something current that is more widespread than RS232.
---George
Attachment:
pgp00001.pgp
Description: PGP signature