On Thu, 2 Jul 2015 10:11:09 +0000 (UTC) Chris Olson <chris_e_olson at yahoo.com> wrote: ... > My initial recommendation was to use a totally separate network for > any service processors +1 for this. We typically put all management ports for a 'system/project' on a sep. non-routed eth. segment to which only the, for the 'system/project', designated management servers can connect. It is probably a good idea to consider random ethernet connected 'things' as soft security wise and not suitable for the big bad internet... As for bios/firmware on servers the best one can do is to use non-deprecated hardware from responsible vendors and keep up to date with their sec. info and update promptly when required. /Peter