Even with SSH the first thing coming back from the switch is a set of well defined headers and prompts so I would be willing to bet that SSH on a switch is fairly crackable. I thought ssh was secure. IIRC, the key changes frequently, with the
On 03/27/2016 08:55 AM, Alvin Starr wrote: public/private key pair used only to set up the connection, with a random key used to carry the data. I do not know for sure but It was my understanding that if you know the
On 03/27/2016 10:02 AM, James Knott wrote: payload it is possible to back calculate the encryption keys and invariably switches sent a standard banner and a Username: Password:. There may be better security with key based login and no password. On the other hand I am sure the encryption is good enough to stop all but nation states or folks like SPECTRE or KAOS.
A lot of the lower end switches use a http web interface which is no more secure than telnet. Many use https, instead of plain http. Again, it's the same key situation as with ssh. True but you also end up with standard pages on each login. Sadly switch configuration has not changed much in the last 20+ years. It would be interesting to see cheap Openflow switches but that technology is still a few years away from permeating the SME market. I normally use the console port, when working with equipment. However, with large networks, you have to rely on some remote connection.
As I mentioned earlier, in order to attack a password, you have to see the data. That doesn't happen much with switches, though it was quite easy prior to switches. Also, remote management is generally done via vlan, which makes it a bit more difficult for a casual eavesdropper.
I have to lots of switch management remotely. I do login to the local networks via VPN but you never know what is in the middle on the internet or even the local network. -- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||