In
computing
Computing is any goal-oriented activity requiring, benefiting from, or creating computing machinery. It includes the study and experimentation of algorithmic processes, and development of both hardware and software. Computing has scientific, e ...
, a management interface is a
network interface dedicated to configuration and management operations. Management interfaces are typically connected to dedicated
out of band management networks (either
VPN
A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. The be ...
s or physical networks), and non-management interfaces are not allowed to carry device or network management traffic. This greatly reduces the
attack surface
The attack surface of a software environment is the sum of the different points (for "attack vectors") where an unauthorized user (the "attacker") can try to enter data to or extract data from an environment. Keeping the attack surface as small as ...
of the managed devices, as external attackers cannot access management functions directly, and thus improves
network security
Network security consists of the policies, policies, processes and practices adopted to prevent, detect and monitor unauthorized access, Abuse, misuse, modification, or denial of a computer network and network-accessible resources. Network securi ...
.
In some cases,
serial port
In computing, a serial port is a serial communication interface through which information transfers in or out sequentially one bit at a time. This is in contrast to a parallel port, which communicates multiple bits simultaneously in parallel. ...
s are used to access the
command line interface
A command-line interpreter or command-line processor uses a command-line interface (CLI) to receive commands from a user in the form of lines of text. This provides a means of setting parameters for the environment, invoking executables and pro ...
directly, avoiding transport over a generic network stack completely, providing a further layer of isolation from network attacks.
See also
*
Management plane
{{networking-stub
Network architecture