Mon Jul 6 08:28:31 UTC 2015
Peter Kjellstrom <cap at nsc.liu.se>

On Thu, 2 Jul 2015 10:11:09 +0000 (UTC)
Chris Olson <chris_e_olson at yahoo.com> wrote:

> My initial recommendation was to use a totally separate network for
> any service processors

+1 for this. We typically put all management ports for a
'system/project' on a sep. non-routed eth. segment to which only the,
for the 'system/project', designated management servers can connect.

It is probably a good idea to consider random ethernet connected
'things' as soft security wise and not suitable for the big bad

As for bios/firmware on servers the best one can do is to use
non-deprecated hardware from responsible vendors and keep up to date
with their sec. info and update promptly when required.