Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Out of Band Management

Management Interfaces Should Never Be Accessible Via The Open Internet.

Terms

NMI — Network Management Interface

Dedicated Interface used exclusively for Administrative Access.

In-Band

The network for normal and routine traffic.

OOB — Out-Of-Band

A secondary network, not the routine path.

NMI Network

A OOB network that aggregates NMIs.

Jump Server

A special node approved to access in-band equipment.

Zero Trust

Assuming the network is already compromised.

Remote Hands

An on-site person, who can physically touch the equipment to plug and unplug cables.

VRF — Virtual Route Forwarding

A different routing table, not the global table.

Segmentation

Splitting the network into an in-band, and OOB network via VRFs.

In-Band Access Examples

  • Internet
  • Company Network

Out-of-Band Examples

  • NMI network accessible via VPN only to Network Admins.
  • NMI Accessible via Jump Server.
  • NMI Accessible via Remote Hands.

References

BOD 23-02: Mitigating the Risk from Internet-Exposed Management Interfaces | CISA

SC-37: Out-Of-Band Channels - CSF Tools

Commission Delegated Regulation (EU) 2024/1774 – Article 13 (Network Security Management)

Last Modified • Sunday, June 14, 2026. 5:02 pm UTC+00:00 • Commit: 3aedc3f