this post was submitted on 21 Oct 2023
176 points (98.4% liked)
Technology
58833 readers
4993 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Or, hear me out, maybe we don’t expose network management interfaces to untrusted networks? Sure, shit can still get breached by very deep intrusions, but at least you don’t show up on shodan!?
At least have a source IP access list only allowing trusted IP ranges. Ideally it would only be reached from an internal IP range or bastion host, but not all companies have a security hat to wear.
This is the barest of minimalistic security. It's a router. You don't allow external admin access to the router. Period. End of story.
I dont disagree with you if a company has a competent employee configuring them.
It shouldn't even be allowed by the router software.