I work for a large organization (University) that is in the process of moving from public IP Ranges to private IP Ranges and in the process the organization has decided to move away from Access Control Lists (ACLs) on the internal routers. As a result, all of the internal networks will now be able to communicate with all other internal networks.
For the most part, this will not be an issue as we can use local firewalls to stop any unwanted network traffic that comes from networks that we do not want to access our assigned networks and devices.
The problem that I have is that I have 50+ servers of various ages (1 to 10 years) that are now accessible from any other network in the organization.
In the past, we would use ACLs to restrict access to these server's management interfaces (IPMI/iDRAC/IMM). With the ACLs being removed I am trying to find an alternative to the ACLs as a means of restricting access.
Most server management interfaces have rudimentary firewall capabilities (i.e. you can whitelist one IP range)
I have no access to the routers/firewalls/switches, and all requests for ACLs have been denied.
I am looking for a way to restrict access to these servers so I can lock them down so that they can only be accessed from three different sub-nets.
Does anyone have any ideas that would allow me to secure my servers without using ACLs or network firewalls?
No comments:
Post a Comment