Security Basics mailing list archives
Re: Managed switches outside firewalls?
From: Nathaniel Hall <lists () spider-security net>
Date: Tue, 29 May 2007 11:08:11 -0500
Hari Sekhon wrote:
I'm not quite sure what security stance to take on this. I know I can restrict the management interface to certain IPs, but I'm still not sure if this is asking for trouble to have switches will accessible IPs. Perhaps I should use a dumb switch and forgo any management features...I have the same issue where I work. My recommendation to our hardware guys was to use two methods protection:
1) Set the default gateway as your protecting firewall and not the upstream router and do not set any static routes. By doing so, any traffic destined to the switch will be sent to your firewall and not back to the initiating host.
2) Set ACLs to only allow traffic between your trusted network and the switch. This will help prevent any connections being initiated to the switch unless they come from your trusted network.
-- Nathaniel Hall, GSEC GCFW GCIA GCIH GCFA Spider Security
Current thread:
- Managed switches outside firewalls? Hari Sekhon (May 29)
- RE: Managed switches outside firewalls? Dean Davis (May 29)
- RE: Managed switches outside firewalls? Dedric Ramsey (May 29)
- Re: Managed switches outside firewalls? Ansgar -59cobalt- Wiechers (May 30)
- Message not available
- Re: Managed switches outside firewalls? Hari Sekhon (May 30)
- Re: Managed switches outside firewalls? Bryan S. Sampsel (May 30)
- Re: Managed switches outside firewalls? Hari Sekhon (May 30)
- RE: Managed switches outside firewalls? ragdelaed (May 30)
- RE: Managed switches outside firewalls? Kenneth Klinzman (May 30)
- Re: Managed switches outside firewalls? Lars Braeuer (May 30)
- Re: Managed switches outside firewalls? Nathaniel Hall (May 31)
- <Possible follow-ups>
- Re: Managed switches outside firewalls? jc (May 29)
- RE: Managed switches outside firewalls? Nhon Yeung (May 30)