[CentOS] IPMI/BMC/BIOS
Peter Kjellstrom
cap at nsc.liu.se
Mon Jul 6 08:28:31 UTC 2015
On Thu, 2 Jul 2015 10:11:09 +0000 (UTC)
Chris Olson <chris_e_olson at yahoo.com> wrote:
...
> My initial recommendation was to use a totally separate network for
> any service processors
+1 for this. We typically put all management ports for a
'system/project' on a sep. non-routed eth. segment to which only the,
for the 'system/project', designated management servers can connect.
It is probably a good idea to consider random ethernet connected
'things' as soft security wise and not suitable for the big bad
internet...
As for bios/firmware on servers the best one can do is to use
non-deprecated hardware from responsible vendors and keep up to date
with their sec. info and update promptly when required.
/Peter
More information about the CentOS
mailing list