my current setup doesn't allow me to put my iRMC behind a firewall, so the iRMC's IP is open to the internet.
Now I wonder, does iRMC support modern and important authentication methods (such as TLS client certificates) for the web UI?
I mean, it is secured with server-side TLS, but an attacker could try and brute-force the basic auth password (and username). There is also no such thing as a "fail2ban" behavior, like restricting retries of passwords to 10/hour or so.
What I like is how the SSH port is accessible using certificates. I could also live with enabling/disabling the HTTP server from the SSH shell.
But apparently there is nothing I can do to make an attacker's life harder except changing the password very frequently.
Does anyone have suggestions or ideas?
I find it really strange that this topic is still treated like we were living in '99.
My 30€ Raspberry Pi has all security features linux offers, but the expensive iRMC doesn't... really?
And the only answer is dont make it accessible to the internet?