[c-nsp] Vulnerabilities in HTTP server on Catalyst Switches

[Gert Doering]

Hi,

On Thu, Jun 09, 2005 at 09:28:56AM -0600, John Neiberger wrote:
> Can any of you think of a good reason to leave the http server on a
> Catalyst switch turned off? 

Oh yes.  Web UIs are slow and annoying (and the java stuff is especially
bad).  Command line rules.

But that's personal user preferences.

>From a security point of view, the best practice for switch management
is to put the management VLAN behind a HUGE firewall (preferably the
air-gap type) and stop worrying about L3 exploits against your nice
L2 devices.

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de