On Wed, 9 Jan 2002, Ken Milder wrote: > Because this is a firewalls list, this thread can serve as a good segue > into a question about switch security that has been on my mind for some time: > > Most switches support remote management features like web interfaces, SNMP, > telnet, etc. If these switches hacked, someone can not only cause a denial > of service, but use the port mirroring feature to sniff traffic. So, I am > curious to know the thoughts of others in addressing this issue. (I know > that some of the more expensive switches and routers can utilize encrypted > passwords, but I believe community strings are still clear text, correct?)
My take- If you need to "manage" a switch, you've got WAY too much time on your hands. I've never put an IP address on a switch, and can't see any valid reason for doing so that isn't better done at some other level or via a different vector (such as a terminal server wired to console ports.) In-band management wasn't good for the phone system, and it's not good for IP networks. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions [EMAIL PROTECTED] which may have no basis whatsoever in fact." _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
