switches and security

Mark Horn [ Net Ops ] mhornNOSPAM@funb.com
Tue, 30 Jun 1998 16:27:39 -0400


Gerhard Mezger says:
>I am not sure about the security risk imposed by a central switch
>especially because the management of the switch will be done over a
>(separate) VLAN. I am searching for arguments to become either more
>comfortable with this solution or to have strong technical arguments
>against it.

Basically, the configuration of the switch determines the configuration of
the entire security environment.  If someone can get into the switch to
reconfigure it, then they can bypass any of the rules on the firewall.
This is pretty significant, because from our experience, switches are
configured either with telnet or SNMP - both of which use multiple-use
password authentication.

On our firewalls, the authentication is always single use passwords, or
token cards.  Additionally, all of the configuration that is done on the
firewall is done through an encrypted channel.  So there's no fear of TCP
session hijacking, or password sniffing.

So, depending on your security policy, you may be violating it if you use
a switch like you've diagramed it.  Basically if your policy states that:

	1) You must not use multi-use passwords for authentication

	   AND

	2) You must encrypt all management of your firewalls

Then, using a switch, which does neither of these, will violate your
policy.  I would presume that you put the policy in place simply because
you wish to alleviate the risk imposed by doing any of those things.  If
you use a switch, you will incur the risk that you were trying to
alleviate... unless of course your switch allows you to encrypt your
sessions and use stronger authentication than multi-use passwords.

Cheers,
-- 
Mark Horn <mhornNOSPAM@funb.com>

PGP Public Key available at: http://www.es.net/hypertext/pgp.html
PGP KeyID/fingerprt: 00CBA571/32 4E 4E 48 EA C6 74 2E 25 8A 76 E6 04 A1 7F C1