index_221
UNCLASSIFIED
Appendices
Version 1.0g
UNCLASSIFIED
221
8.2. Application to Ethernet Switches and Related Non-Router
Network Hardware
This appendix identifies specific principles and recommendations from the main
body of this guide that apply to Ethernet switches, managed hubs, access servers, and
other network hardware components that are not IP routers. Prior to the 1990s,
routers were the only LAN components with sufficient flexibility to need security
configuration. Since the mid-1990s, hubs, switches, access servers, and other LAN
components have been gaining substantial capabilities; many of them are as flexible
and configurable as a router. Such devices almost always support remote
administration and management, and are therefore subject to compromise over the
network. Because they are vital to network operations and because they can be used
as a staging area for additional attacks, it is important to configure them securely.
The discussion below focuses mainly on media -level network components: switches,
managed hubs, and bridges. These devices are characterized by participation in the
network itself but forwarding and switching traffic based on a media layer address
(e.g. an Ethernet MA C address). Because they cannot perform network layer or
transport layer traffic filtering, switches and hubs cannot generally enforce security
policies on network traffic. The focus for security for these devices is protecting
their own configuration, and preventing their use by unauthorized individuals and
attacker.
Another kind of common network device that needs protection is the access server.
An access server is a device that services a set of phone lines, and provides dial-up IP
access for remote users. These kinds of devices usually have very extensive security
and remote administration support, and configuring them securely requires a great
deal of care. Configuring access servers is outside the scope of this guide.
8.2.1. Security Principles and Goals
The general security goals for a switch or smart hub are similar to those for a router,
but simpler because such a network component does not act as a boundary device
between different networks. The security goals for a switch or hub are listed below.
§ preventing unauthorized examination of device state and configuration
§ preventing unauthorized changes to the device state and configuration
§ preventing use of the device for attacking the local network
§ preventing unauthorized remote management/monitoring of the device
To achieve these goals, the device must be configured to strictly limit all forms of
access: physical, local connections, and remote network connections. If possible, it is
best to create a security checklist for LAN switches. Follow the general form of the
security checklist given at the end of Section 3.