Securing the pfSense console access by modem
-
I have a remote site that I support where the entire network is powered by a single Linux box serving as a NAT Gateway/Firewall, Inter-VLAN router, DHCP Server, TFTP Server, Samba Domain Controller, and other things. I've been wanting to separate out these services for a while and have decided to try and use pfSense to do it because of its great capabilities but easy to use interface. I have a wonderful "enterprise grade" configuration right now that is very complex to manage because there is no GUI and little documentation but I think I could duplicate pretty much all of it very easily. That makes me very happy. ;-) However, one part I haven't quite figured out is the backup modem that I have configured to provide a console on the Linux box in the event where I need to diagnose connectivity problems and can't reach the site using traditional means. It's come in quite handy already, and I would rather not lose it.
Right now the modem is simply hanging off a getty and therefor using the Linux login process and associated authentication. Is there a way I could hang a modem off the pfSense box and obtain access to the pfSense console in a similar but secure fashion? I'm not sure that people wardial anymore, but I don't quite feel right leaving any part of my network open with no authentication, even if it is just through a modem that I doubt anyone will ever find.
Any thoughts?
-
connect it through another com port to pfsense and edit the /etc/ttys file to mark the port as secure.
That should give you a standard unix login prompt.