1752579
Members
4321
Online
108788
Solutions
Hi, first of all it's worth to say - from a broader security perspective - that the HP ProCurve 2910al Switch series went EoL many years ago...said so...totally depending on your internal network scenario a major worry would be not to send data off-site (or creating a sort of denial of service through a bad configuration) but gaining switch access to mirror local data to an illegal collector host on-site...so physical and logical access to switch should be a priority to be sure its correct running configuration is secured at best as you can from leakages and modifications.
Clearly the potential damage should be also referenced to the logical position (and to the active features) the switch you're referring to has on your network topology.
I'm not an HPE Employee
Well you have to consider that a primary task of a Switch is to switch packets and, eventually, to route them to other networks...so an attacker would change VLAN tagging or IP routing but both those changes need to be part of a more complex attack scenario involving other compromised hosts/devices on your internal network...I'm keen to be more worried about an insider silently placing (or hacking an host into) a collector inside a network and modifying running configuration on a proper switch to send (mirror) backplane traffic to that host...then, after collecting, an attacker could perform data filtering and find the way to move relevant findings outside (that last step is not necessary if what is looking for are plaintex data or whatever similar to perform/gain illegal accesses to other systems...).
I'm not an HPE Employee
I'm not an HPE Employee