Network Switches

Cybersecurity Diary Entry - A Tale of Two Switches

Network switches are devices used in computer networks to connect devices together. They operate at the data link layer (Layer 2) of the OSI model and are responsible for forwarding data packets to their intended destination within a local area network (LAN).

The Tale of Two Switches

The fans in switches generate a lot of noise, especially when the cases are removed.  Here I sat, the guts of an old Cisco 3750X open before me, belching out the squeal of fans, while I pressed the Mode button as it booted.  Cisco is not really a fan of their equipment being resold, but also assigns an end of sale and life to all their inventory.  In order to ensure the development of a product to be used in production network environments, it becomes necessary to procure the same equipment.  As such, unbeknown to me, I sat between the age of wisdom and foolishness.

Two network switches, the same model, manufactured a year apart. While arriving in the same shipment, both had a very different story to tell.  The one I was currently working on formerly belonged to a bank, hailing from the Midwest of the United States.  How might one know this?  Well, the switch had a banner claiming as much, including legal jargon threatening anyone with accessing said device without permission. 

As such, I was pressing the Mode button to try and get to a place where I could delete the configuration, something the bank most certainly should have done before selling the device as used.  A few moments later, I was greeted with victory, the screen displaying a prompt reading “switch:” and awaiting further input.  Now, as some might be aware, the Mode button is accessible from the outside, so why bother opening the case?

Well, this particular bank had disabled the button by removing it from the small circuit board. Previous versions of this switch faced a specific problem where network cables could inadvertently press the button. As illustrated in the diagram below, provided by Cisco (and a somewhat amusing engineering oversight). However, it’s plausible that the button on this model, which was supposedly not susceptible to the same issue, might have been removed by the bank for security reasons, as indicated by the red circle.

two switches

Unfortunately, we had paid good money, for this device, and I was not about to by stymied by such foolishness.  As such, I removed the same circuit board from the other switch we had purchased and plugged it into the ribbon cable on the bank’s former switch. So instead of simply deleting the configuration, I took a well-deserved peek for my efforts.

The switch was programmed beautifully, the configuration was art.  Yes, I am a geek, but you’re reading this, so what does that make you?  Really, though, it was wonderful.  Everything I thought of and more was there, I even had to look up a couple of things I did not recognize.  The security was perfect, very well programmed, ensuring even the greatest of hackers would not likely find their way in.  Unless, of course, they didn’t wipe the device before selling it.

That was it.  A couple of commands later, the configuration was gone.  The second switch was quite the opposite and had very little story to tell.  But, someone had gone to the lengths of not only deleting the configuration, but the software to run the switch, as well.  While there is a happy ending to this story, since I wanted to stack these switches, it was only after a couple of hours of transferring the software via console cable that both switches were recalled to life.

March 29th, 2022