• thejml@lemm.ee
    link
    fedilink
    English
    arrow-up
    85
    ·
    1 month ago

    with the US-based security vendor on November 11 urging customers to pull their management interfaces off the public internet or restrict them to known IP addresses.

    Why would you EVER put management interfaces on the public internet? What terrible decisions led them down that path? VPN is so quick and easy at a minimum.

    • qjkxbmwvz@startrek.website
      link
      fedilink
      English
      arrow-up
      27
      ·
      edit-2
      1 month ago

      The network gear I manage is only accessible via VPN, or from a trusted internal network…

      …and by the gear I manage, I mean my home network (a router and a few managed switches and access points). If a doofus like me can set it up for my home, I’d think that actual companies would be able to figure it out, too.

    • catloaf@lemm.ee
      link
      fedilink
      English
      arrow-up
      11
      arrow-down
      2
      ·
      1 month ago

      Management interfaces shouldn’t even be accessible from the general LAN.

    • yeehaw@lemmy.ca
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      1 month ago

      Once I read this I just stopped lol. You almost deserve to be explored if you do this, this is like security 101.

    • VonReposti@feddit.dk
      link
      fedilink
      English
      arrow-up
      17
      ·
      1 month ago

      They’re spamming all web logs too with an advertisement for their services in the user agent. I decided to ban them from all my websites because the logs took up too much space.

    • yeehaw@lemmy.ca
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 month ago

      “urging customers to pull their management interfaces off the public internet or restrict them to known IP addresses.”

      Sounds more like pebkac and less of a big deal. Management interface should be in your management VLAN, plus I don’t know another vendor that can touch them in terms of security features.