[GTALUG] Netgear 5-port Gigabit switch -- $10 ?
Alvin Starr
alvin at netvel.net
Sun Mar 27 08:55:57 UTC 2016
On 03/26/2016 11:32 PM, James Knott wrote:
> On 03/26/2016 09:58 PM, David Thornton wrote:
>> "As for security, I do a fair bit of work with Cisco gear and am a CCNA.
>> Telnet is very often used to configure them, which is plain text."
>>
>> Oh god my eyes.
>>
> I don't recommend telnet, but many people do use it. However, it's not
> as risky as it used to be. Back in the days of coax or hub based
> Ethernet, anyone could see all the traffic on the network. This made it
> easy to intercept IDs and passwords. With switches, in order to do
> that, you'd need one of those taps I mentioned earlier or management
> access to the switch. Of course, telnet still shouldn't be used over
> the Internet. Also, while some gear supports ssh, there is still a lot
> that's telnet only.
>
Even with SSH the first thing coming back from the switch is a set of
well defined headers and prompts so I would be willing to bet that SSH
on a switch is fairly crackable.
A lot of the lower end switches use a http web interface which is no
more secure than telnet.
Sadly switch configuration has not changed much in the last 20+ years.
It would be interesting to see cheap Openflow switches but that
technology is still a few years away from permeating the SME market.
--
Alvin Starr || voice: (905)513-7688
Netvel Inc. || Cell: (416)806-0133
alvin at netvel.net ||
More information about the talk
mailing list