03-19-2006 12:49 AM - edited 03-03-2019 02:21 AM
Hi There,
Can somebody advise how secure is it to place a L2 switch on my network perimter? I heard that it is easy to flood a switch that's exposed to the internet but I'm not sure how accurate is this sentence because I'm aware that switches are not stateful devices so what concerns should I worry about when exposing my switch to the internet?
Thanks!
Haitham
03-19-2006 07:38 AM
Keeping your switch located near the Internet is not a concern unless you have all your traffic on one VLAN. The main design concept here is to segment your traffic onto different VLAN's. This allows you scaleability and security. You need to isolate your Internet traffic to a VLAN (Not your native or management VLAN). Good Luck..Please rate...
03-19-2006 01:11 PM
In many cases you can't avoid putting a layer 2 switch on the perimeter. You have your ethernet handoff from the provider and quite often you have other interfaces in this "dirty" network, such as VPN concentrators, IPS/IDS devices, etc. I am not quite sure how you can use VLANs since you typically have a public IP range that's all in the same subnet. I would recommend not putting an IP address on the switch and shuting down the management interface (vlan 1). In addition you can turn off unnecessary services like CDP, STP and SNMP in order to minimize your exposure. In terms of flooding your network your router (assuming you don't have a switched ethernet service) would most likely take the hit before your layer 2 switch would.
03-24-2006 12:15 PM
Hi,
I don't want to use any VLANs on my border switch as I'm concerned if any vulnerability regarding VLAN security got exploited, it could cause bypassing my security layers and having access to my internal subnets. The scenario I have is a border router, switch and then 2 IPS units. The IPS should protect me from rate-based attacks but I was concerned if the switch or the border router will fail before the IPS even receives the traffic and protects my internal networks.
Regards,
Haitham
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide