We're looking for a solid Ethernet switch for our medium-sized enterprise. I've been reading that several vendors are coming out with Ethernet switches for SMBs that claim to offer enterprise-grade security features. Are these switches viable when it comes to security, or should we spend more for something higher-end?
Ask the Expert!
Have questions about network security for expert Matt Pascucci? Send them via email today! (All questions are anonymous.)
Before looking into purchasing an Ethernet switch or stack of switches for your environment, ensure that the models you're looking at are in fact capable of meeting industry standards, regardless of what size company a vendor says they're intended for. Here are a few things to look for when weighing the decision to purchase an enterprise switch or an SMB switch, from a security point of view:
- Verify that you're able to setup VLANs on the switch and that they're able to span to other switches in a stack, in case your network ends up growing. This is important and should be a default feature in whatever switch you choose to ensure secure network segmentation as network demands increase.
- Make sure that there can be security on the port level. Security at this level helps mitigate a number of issues, such as rogue workstations being plugged into your network. It can also help detect multiple media access control addresses coming from one port, which could mean it is a Trojan or someone plugged in a hub to the port.
- The ability to log in to a switch securely either by SSH or HTTPS with a Web GUI is mandatory. If you can't authenticate securely to the switch, you are leaving a hole in the network.
- Similarly, the ability to log in to a centralized repository is another area that you should review. Determine if the switch can perform syslog to back up its logs for review when needed.
In today's economy, it's important to justify security with the budget at hand. If you don't have the budget to spend on enterprise Ethernet switches, then an SMB switch will have to do for now. If you do have the budget, it's prudent to conduct an overall network risk assessment to determine the most significant risks to your organization and use that budget to address those risks.
This was first published in March 2013