Your question knightmb is relative to tools, but could be extended to general management data (SNMP, Telnet, ....).

That's a huge security problem that networking should resolve better than trusting application layer.

In my opinion security level is high as it rely on low layer. Separate Physical access gives u 100% security but it's not very comfortable especially if you want remote access from the internet.

But what can networking do for u, is to minimize access point to your management interfaces. For instance the use of VLAN (802.1q) will separate data & mgt flows at a layer 2 stand point (There is some known threat at the MAC level but they are easier to mitigate than for L3P, L4P & so on).

The 802.1q VLAN will give a very good level of protection for remote mgt data but what if u wanna remote control from the internet (Data will have to rely on layer 3 in order to be routed)?

The answer is use IPsec with a single access point to your mgt VLAN. IPsec is known to 99,99% security against Man In the Middle attack. Therefore a Threat to your management will come from the mgt VLAN that you own & control.

With such an architecture you have a very good level of security for all ur management interfaces. But you can still enhance it (if ur paranoid like I am) with secured administration tools.

Hope it could help...