Best practice when selecting a management interface is to use the first physical or virtual interface (for example, eth0) as a dedicated management interface. By dedicated we mean that only management traffic is permitted -- no production application server traffic is sent across this network. This is often described as Out-of-Band Management.

This best practice is common across the industry and recommended by US government standards, as well as by many vendors. US government best practices are described in the document Network Management Security At-a-Glance (Section 2.2).

A similar document is also available from Dell that discusses Management Networks for Dell EMC Networking.

Access to this network as well as access to the ‘bal’ user credentials (and any user logins configured with all permissions) should be restricted to trusted administrative personnel only.