On 2014-06-02 07:19, Andrew Latham wrote:
I use OpenVPN to access an Admin/sandboxed network with insecure
portals,
wiki, and ipmi.
Same here. My entire in band management plane (DRAC
(disk/cpu/temperature etc telemetry to my OpenManage/Zenoss server),
OpenSSH and 80/443 for backend stuffs) is all behind OpenVPN. Zero
outside exposure.
Out of band, is a cyclades (acs48) directly on the internet with all my
consoles hooked up and it controls daisy chained Cyclades PDUs. I have
fairly strong passwords on it, everything is SSH.
How important is it to setup ACLs on it? Like say some VPS that's
outside my infra and lock the Cyclades down to that? Is that really a
much higher level of security?
