I don't understand what you are saying. Are you suggesting that you simply unpack your switches and plug them into the network right from the box?
Please don't say it's so, you've posted a lot of good thoughts in the past, and I can't believe you'd actually suggest that now. Bear in mind that a lot of switches out of the box grab an IP address via bootp all on their own, and also tend to have web management enabled with default passwords. IP addresses on switches are in my opinion a very good idea, because then I can monitor the traffic of each port on the switch, whereas otherwise I'd have to load snmp agents on each server. Not only that, but it's a very common management model in businesses to have separate WAN and LAN teams. The person monitoring the switches often doesn't have any administrative access to the servers. On Wed, 9 Jan 2002, Paul Robertson wrote: > On Wed, 9 Jan 2002, Ken Milder wrote: > > > Because this is a firewalls list, this thread can serve as a good segue > > into a question about switch security that has been on my mind for some time: > > > > Most switches support remote management features like web interfaces, SNMP, > > telnet, etc. If these switches hacked, someone can not only cause a denial > > of service, but use the port mirroring feature to sniff traffic. So, I am > > curious to know the thoughts of others in addressing this issue. (I know > > that some of the more expensive switches and routers can utilize encrypted > > passwords, but I believe community strings are still clear text, correct?) > > My take- > > If you need to "manage" a switch, you've got WAY too much time on your > hands. I've never put an IP address on a switch, and can't see any valid > reason for doing so that isn't better done at some other level or via a > different vector (such as a terminal server wired to console ports.) > > In-band management wasn't good for the phone system, and it's not good for IP > networks. > > > Paul > ----------------------------------------------------------------------------- > Paul D. Robertson "My statements in this message are personal opinions > [EMAIL PROTECTED] which may have no basis whatsoever in fact." > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls > _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
