LAN Routing
cancel
Showing results for 
Search instead for 
Did you mean: 

HP Switch compromise damage potential

 
Highlighted
Occasional Contributor

HP Switch compromise damage potential

We have several HP Procurve E2910al switches. One thing I was curious about is the potential for damage from a compromised switch. In the event that a black-hat hacker is able to access the config for the switch, what could they realistically do?

Of course if they sabotage the config then we would know immediately, given that it would no longer work correctly. My bigger concern is if it's possible for an attacker to create some kind of rule that would send data offsite, thus capturing potential sensitive information. Is this a realistic threat?

3 REPLIES 3
Highlighted
Honored Contributor

Re: HP Switch compromise damage potential

Hi, first of all it's worth to say - from a broader security perspective - that the HP ProCurve 2910al Switch series went EoL many years ago...said so...totally depending on your internal network scenario a major worry would be not to send data off-site (or creating a sort of denial of service through a bad configuration) but gaining switch access to mirror local data to an illegal collector host on-site...so physical and logical access to switch should be a priority to be sure its correct running configuration is secured at best as you can from leakages and modifications.

Clearly the potential damage should be also referenced to the logical position (and to the active features) the switch you're referring to has on your network topology.

Highlighted
Occasional Contributor

Re: HP Switch compromise damage potential

I don't deny the importance of on-site security but when speaking specifically about offsite, are you saying that such an attack is unlikely/impossible? From what I understood in your post, a compromised switch would first have to send data to another device which illegally collects information before sending offsite.

Thank you

Highlighted
Honored Contributor

Re: HP Switch compromise damage potential

Well you have to consider that a primary task of a Switch is to switch packets and, eventually, to route them to other networks...so an attacker would change VLAN tagging or IP routing but both those changes need to be part of a more complex attack scenario involving other compromised hosts/devices on your internal network...I'm keen to be more worried about an insider silently placing (or hacking an host into) a collector inside a network and modifying running configuration on a proper switch to send (mirror) backplane traffic to that host...then, after collecting, an attacker could perform data filtering and find the way to move relevant findings outside (that last step is not necessary if what is looking for are plaintex data or whatever similar to perform/gain illegal accesses to other systems...).