We ran into a problem with switches of a certain vendor when activating SSH. As we are still testing
the issue, I don't want to name the vendor. As it seems, opening the SSH port to the world, is not
good with this device. The switch locked up every one to two weeks when the management port was open.
At the moment we are trying to find out if it's really SSH or anything else, like ICMP messages that
caused the problem. We are now also tracking traffic on the management interface, in order to see if
the packetrate rises, before the switch locks up.
With Cisco switches we never had a problem opening up ssh in the DMZ.
Best,
Lars
Hari Sekhon wrote:
> Hi,
>
> I need to get some new switches outside of my firewalls, which means
> that they will have publicly accessible IPs if they are manageable
> switches.
>
> I'm not quite sure what security stance to take on this. I know I can
> restrict the management interface to certain IPs, but I'm still not
> sure if this is asking for trouble to have switches will accessible IPs.
> Perhaps I should use a dumb switch and forgo any management features...
>
> Do any of you guys have policies for this (like unmanaged switches
> outside firewalls and managed ones inside)?
>
> Any thoughts and suggestions welcome.
>
> -h
>
Received on May 30 2007
Intro
