Xref: utzoo comp.dcom.lans:2127 comp.periphs:1402 comp.terminals:1008 Path: utzoo!attcan!uunet!lll-winken!lll-lcc!ames!mailrus!ukma!rutgers!caip.rutgers.edu!scarter From: scarter@caip.rutgers.edu (Stephen M. Carter) Newsgroups: comp.dcom.lans,comp.periphs,comp.terminals Subject: Re: Terminal Servers? Message-ID: Date: 21 Dec 88 06:47:50 GMT References: <147@iquery.UUCP> <12380@cup.portal.com> <689@hscfvax.harvard.edu> <442@maxim.ERBE.SE> <280@wubios.wustl.edu> Reply-To: scarter@caip.rutgers.edu (Stephen M. Carter) Organization: Rutgers Univ., New Brunswick, N.J. Lines: 24 >> Both Bridge and Cisco terminal servers will boot either from themselves >> (Bridge uses a floppy, cisco uses roms (look ma! no moving parts) or over >> the network. >and what about the security implications when these devices reboot over the >network? [....] Almost anything can be broken into. Given my sad all-night experiences of updating a handload of Bridge CS-100 floppies, plus the fact that a terminal server is not very high on a hacker's hit list, I'll prefer the network load (from my choice of unix boxes too, thank you--not a special, add-on, expensive boot device, aka server-server). Two more points: 1) In Cisco's product, one could purchase the optional NV memory board for the configuration information and use the prom to boot. This still leaves the option of a controlled mass configuration update via the network and leave the network access off at other times for the security minded people. 2) In Bridge's case, you are mistaken if you think you have a secure system by having the floppy. A rather trivial 20 line program can get you Global access on any Bridge on the network (even through gateways). Stephen Carter CAIP Center, Rutgers University