Security Basics: Re: Managed switches outside firewalls?

[Hari Sekhon <hpsekhon () googlemail com>]

no. In fact I've decided to just stick with unmanaged switches outside 
the firewall for safety and I can't think of any feature that I will 
need to have a managed switch for.
I'm not intending to port mirror and outside port or anything.

-h

Hari Sekhon



Buz Dale wrote:
> Can you put the management port on a dedicated VLAN and run a separate
> physical link to it using RFC 1918 addresses?
>
> Buz
>
> On 5/29/07, Hari Sekhon <hpsekhon () googlemail com> wrote:
> > Hi,
> >
> >    I need to get some new switches outside of my firewalls, which means
> > that they will have publicly accessible IPs if they are manageable 
> > switches.
> > I'm not quite sure what security stance to take on this. I know I can
> > restrict the management interface to  certain IPs,  but I'm still not
> > sure if this is asking for trouble to have switches will accessible IPs.
> > Perhaps I should use a dumb switch and forgo any management features...
> >
> > Do any of you guys have policies for this (like unmanaged switches
> > outside firewalls and managed ones inside)?
> >
> > Any thoughts and suggestions welcome.
> >
> > -h
> >
> > --
> > Hari Sekhon