[c-nsp] Vulnerabilities in HTTP server on Catalyst Switches
John Neiberger
jneiberger at gmail.com
Thu Jun 9 15:19:30 EDT 2005
I'm only interested in the security aspects of the http server on the
switches, not the usability of the GUI. I also prefer the CLI but I'm
considering offering CNA to some of the other people in our department
so they can do some basic troubleshooting on their own without
involving me.
Thanks,
John
On 6/9/05, Gert Doering <gert at greenie.muc.de> wrote:
> Hi,
>
> On Thu, Jun 09, 2005 at 09:28:56AM -0600, John Neiberger wrote:
> > Can any of you think of a good reason to leave the http server on a
> > Catalyst switch turned off?
>
> Oh yes. Web UIs are slow and annoying (and the java stuff is especially
> bad). Command line rules.
>
> But that's personal user preferences.
>
> From a security point of view, the best practice for switch management
> is to put the management VLAN behind a HUGE firewall (preferably the
> air-gap type) and stop worrying about L3 exploits against your nice
> L2 devices.
>
> gert
> --
> USENET is *not* the non-clickable part of WWW!
> //www.muc.de/~gert/
> Gert Doering - Munich, Germany gert at greenie.muc.de
> fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
>
More information about the cisco-nsp
mailing list