zlacker

[return to "Show HN: TinyPilot – Build a KVM over IP using a Raspberry Pi"]
1. fulafe+Fv[view] [source] 2020-07-23 16:52:45
>>mtlync+(OP)
A major con of the enterprisey ilom systems (such as the idrac) is their atrocious security track record. You are basically giving up your "the network is untrusted, I can survive its compromise" badge if you plug in one of those.
◧◩
2. parlia+8D[view] [source] 2020-07-23 17:28:38
>>fulafe+Fv
Well those ports should never face the internet anyway. Most servers will have a dedicated (physical) port you use for IPMI or whatever -- vlan that and only allow access from your VPN. If you're extra secure you can full on disable the switchport until you need it.
◧◩◪
3. fulafe+3W[view] [source] 2020-07-23 19:02:02
>>parlia+8D
This fail-open "should" is bad besides for the obvious reasons, also because it'll be extra ops complexity compared to a secure kvm widget that you don't have to handle with kid gloves.

(And thirdly because of the sibling comment noted footgun.. or silent foot-boobytrap more properly)

[go to top]