|
Security Basics
mailing list archives
Re: Managed switches outside firewalls?
From: Nathaniel Hall <lists () spider-security net>
Date: Tue, 29 May 2007 11:08:11 -0500
Hari Sekhon wrote:
I'm not quite sure what security stance to take on this. I know I can
restrict the management interface to certain IPs, but I'm still not
sure if this is asking for trouble to have switches will accessible
IPs. Perhaps I should use a dumb switch and forgo any management
features...
I have the same issue where I work. My recommendation to our hardware
guys was to use two methods protection:
1) Set the default gateway as your protecting firewall and not the
upstream router and do not set any static routes. By doing so, any
traffic destined to the switch will be sent to your firewall and not
back to the initiating host.
2) Set ACLs to only allow traffic between your trusted network and the
switch. This will help prevent any connections being initiated to the
switch unless they come from your trusted network.
--
Nathaniel Hall, GSEC GCFW GCIA GCIH GCFA
Spider Security
 By Date 
By Thread
Current thread:
- Re: Managed switches outside firewalls?, (continued)
RE: Managed switches outside firewalls? ragdelaed (May 30)
Re: Managed switches outside firewalls? Lars Braeuer (May 30)
Re: Managed switches outside firewalls? Nathaniel Hall (May 31)
Re: Managed switches outside firewalls? jc (May 29)
RE: Managed switches outside firewalls? Nhon Yeung (May 30)
|
Intro
