Robert Bonomi wrote:
| Or, if you can't change configuration without taking it down to
| 'single user'?
| A solution:
| This takes -two- firewall machines, and a 'secure server' behind each one.
| you run a secure, encrypted, channel from the management location to either
| 'secure server', as needed. The 'secure server' connects, via _serial_ port,
| to the *other* firewall box's console port.
And when both machines foobar due to AC failing, followed by
power failing? Can you accept 24 hours of downtime? And UPSs fail as
well. Remember what happened to BBNPlanet's Stanford facility.
| A less expensive solution is to have someone _local_, _who_speaks_the_same_
| _language_ (*fluently*!) as support -staff-, who can be called on to play
| "voice actuated terminal", for those occasions where 'secure remote access
| _through_ the box' fails. This person merely needs the ability to follow
| directions _precisely_, and observe and report *accurately*. The risk here
| is mostly an added exposure to a 'social engineering' attack.
But you also have someone who can go by to check on the
physical security and integrity of your location. I would not run a
firewall without a unix sysadmin type with a few brain cells within a
reasonable transit distance. If you've got office space in the area,
you've got people. If you don't have office space in the area, why
are you deploying security tools there?
"It is seldom that liberty of any kind is lost all at once."