This article was written by guest blogger Richard Thompson. Richard Thompson works for MilesTek which has been providing complete connectivity solutions since 1981. His goal is to provide relevant information to tech conversations across the Internet. Richard discusses some common vulnerabilities in network switches that can be exploited by cyber-attackers.
Network switches are the hardworking hardware devices we rely on to connect computer networking devices. With so much emphasis put on developing software to combat attacks (such as ARP Spoofing), the network switch has been overlooked—until now—as a place to not only create tighter security but also to improve data center functions.
ARP Vulnerability at the Switch Level
ARP Spoofing is a type of “man-in-the-middle” attack. Basically, it’s a technique that diverts traffic away from a specific IP address to a different address (the attacker’s). Since a network switch is the connection between two devices, it’s typically the point at which information is diverted.
An ARP Spoofing attack typically leaves you vulnerable to more attacks. Hackers will use this tactic as a means to gain access to sensitive information, and to wreak havoc such as denial of service or inserting malicious code.
Network switches are susceptible to ARP spoofing, but they also present an opportunity to combat such attacks. Security Tip: for larger networks in particular, you can set “port security” to restrict MAC addresses to only one per switch.
Possibilities of OCP’s “Wedge” Network Switch for the Internet
Earlier this year, Facebook’s Open Compute Project (OCP) unveiled a new stripped down network switch they dubbed the “wedge.” In keeping with the open source nature of the project, the wedge is designed to be flexible and customizable. Ultimately, it allows a network switch to be as powerful as the server itself.
By modifying the hardware of network servers, it’s possible to improve upon the security of data centers. OCP’s main goal is to strip down the core technologies that comprise data centers, in order to improve upon those same technologies and create flexible and scalable systems more adaptable to advanced software. Since this project is open sourced, you might think that it creates more security problems than it solves—but actually the opposite is true. By addressing the fundamental structures in our hardware, we can isolate the weak areas and build a stronger network overall.Share
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com