Header banner
Revain logoHome Page
Brad Phifer photo
Netherlands, Amsterdam
1 Level
722 Review
37 Karma

Review on Liebert WEBCARD Intellislot Management Adapter by Brad Phifer

Revainrating 3 out of 5

Working but out of date

When I first plugged this card in and opened its web interface, I received a very ominous message that it was connected to an unsupported device. After some time I updated the firmware via TFTP and after a reboot I found that my device is still supported. Maybe I still have some old stock. It would be nice if I could do this over the internet; TFTP is never painless. The web interface home page is nice and mostly functional, although a closer look reveals that the interface was designed by someone unfamiliar with users or interfaces. The telnet interface is actually easier to use. No ssh support. boo! Macs don't even ship with "telnet" anymore. Likewise, there is no TLS support for email notifications. Those are strange omissions for the firmware update released in September 2017. It has native SNTP support, which is a good thing. SNMP supports UPS MIB RFC 1628, so it's fine. Although the default settings are a bit unusual. Changing almost all settings requires a card reboot, which takes almost two minutes. Overall, it gets the job done but is a bit stuck in the past. It supported HTTPS, but its list of ciphers/protocols is so outdated that literally every option it can negotiate is provably insecure. (And it's in September 2017 firmware! By that point, you've heard of TLS 1.1, folks!) The current version of Google Chrome considers it so insecure that it won't even connect. And even if you can negotiate the connection, it generates a self-signed certificate that cannot be overwritten. Therefore, the most secure web management setting for this device is "disabled". Not that telnet is any better. But that's not a problem, this card doesn't do anything worth protecting properly such as: B. the power management of a number of critical hardware. Oh wait a minute. (Of course you need to put this on a private control LAN with RFC 1918 addresses, and of course if someone is monitoring that LAN you're already in trouble, but if your company policy is "encrypt everything" you're going to have a bad time Looks like we'll end up disabling both web and telnet and accessing it over RS-232 from an ssh-enabled console server.) I'd happily go back and return a fourth star if a future firmware update fixes some issues with Security. (In fact, the fifth star was also lost due to firmware issues, so even that could theoretically be on the table if they fully update the whole thing.)

Pros
  • Internal components
Cons
  • Corrupt