Thanks for your comments. You must have a small network. We have several hundred subnets and thousands of nodes. Gathering traffic statistics, installing patches and software upgrades, trouble shooting, and other network management functions make remote management of our switches essential. It is inefficient to have a tech jump into a truck and drive 20 miles to a remote site every time we need to trouble shoot a compliant about poor network performance.
Take care,
-Ken
At 1/9/2002 04:18 PM, Paul Robertson wrote:
On Wed, 9 Jan 2002, Ken Milder wrote:
> Because this is a firewalls list, this thread can serve as a good segue
> into a question about switch security that has been on my mind for some time:
>
> Most switches support remote management features like web interfaces, SNMP,
> telnet, etc. If these switches hacked, someone can not only cause a denial
> of service, but use the port mirroring feature to sniff traffic. So, I am
> curious to know the thoughts of others in addressing this issue. (I know
> that some of the more expensive switches and routers can utilize encrypted
> passwords, but I believe community strings are still clear text, correct?)
My take-
If you need to "manage" a switch, you've got WAY too much time on your
hands. I've never put an IP address on a switch, and can't see any valid
reason for doing so that isn't better done at some other level or via a
different vector (such as a terminal server wired to console ports.)
In-band management wasn't good for the phone system, and it's not good for IP
networks.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
Kenneth H. Milder
Los Alamos National Laboratory
Computing, Communications & Networking Division (CCN)
Network Engineering Group(CCN-5)
Network Support Team (NST)/X Division Computing Services Team (XCS)
MS-F645
Los Alamos, New Mexico 87545-0010
Office: (505)667-2552
Fax:
E-mail: [EMAIL PROTECTED]
*********************************************************************
