I’m looking at getting a 10 gigabit network switch. I only have 3 devices that could use that speed right now but I do plan on upgrading things over time.
Gonna disagree here. Microtik is a problematic company at best. They’re super lax on security, and they’ve had a lot of issues with their products in general. They also offer no real warranty, but I assume that’s because they aren’t a dedicated networking company (they make other things).
Just last year the flags were raised on dated firmware that left something like a million devices vulnerable, and their response was lacking.
On the plus side: they are part of the EU, so data protection laws apply, and they do seem to be in the forefront on uptake of modern equipment and standards.
Can you elaborate on how their response was lacking? From what I found the stable branch had a patch for that vulnerability available for several months before the first report while the lts branch had one available a week before the first article (arguably a brief period to wait before releasing news about the vulnerability but not unheard of either).
MikroTik also offers a 2 year warranty since they legally have to, no idea what you’re on about there. Also also not sure what you think they sell other than networking because for the life of me I can’t find anything other than networking related stuff on their website.
Yeah I’ve worked at WISPs that were pushing TBs through their core routers every day. Those core routers? Mikrotiks. Every apartment buildings core routers and fiber aggregation switches? Mikrotiks. You had to get down to the access layer switches that fed the individual apartments to hit Cisco equipment.
This person is just repeating some shit they read somewhere, hoping it makes them sound knowledgeable. In another post they’re recommending trendnet shit. Get back to me when you can set up BGP peering on your trendnet lol.
Wow you found three different articles, all about the same CVE, that the manufacture published a firmware patch for before any public disclosure was made. That’s definitely just as bad as pretending you don’t know about CVEs in your products lol.
Yeah they definitely could have been quicker with the patches but as long as the patches come out before the articles they are above average with how they handle CVE’s, way too many companies out there just not giving a shit whatsoever.
the manufacture published a firmware patch for before any public disclosure was made
They were pretty quick for the stable branch, so I guess the miss is prioritizing it for LTS. But if it’s just the one time, I’m completely fine with that.
So first of all I see no point in sharing multiple articles that contain the same copy-pasted info, one of those would have been enough. That aside, again, patches were made available before the vulnerability was published and things like MikroTik not pushing Updates being arguably more of a feature since automatic updates cause network downtime via a reboot and that would be somewhat problematic for networking equipment.
Could they have handled that better? Yes, you can almost always handle vulnerabilities better but their handling of it was not so eggregious as to warrant completely avoiding them in the future.
If I buy a switch and that thing decides to give me downtime in order to auto update I can tell you what lands on my blacklist. Auto-Updates absoultely increase security but there are certain use cases where they are more of a hindrance than a feature, want proof? Not even Cisco does Auto-Update by default (from what I’ve managed to find in this short time neither does TrendNet which you’ve been speaking well of). The device on its own deciding to just fuck off and pull down your network is not in any way a feature their customers would want. If you don’t want the (slight) maintenance load that comes with an active switch do not get one, get a passive one instead.
As far as warranty goes, Trendnet does Lifetime for their enterprise metal devices, which OP mentioned being interested in. Just looked at Microtik official warranty page, and it says to email support. Big difference.
You seem REALLY on the Microtik brand for some reason. I presented one that didn’t have those issues, you retorted with some stuff, I responded with valid issues. What’s your problem?
Every. Single. Brand. Has. CVEs. I’ve used Mikrotik, I’ve used Cisco, I’ve used Juniper, I’ve used Ubiquiti. I have a trendnet Poe switch in my attic powering some cameras and an AP right now. I have no “problem” with any brand of anything.
I do have a problem with you implying that a company doesn’t take security seriously when they do. I start to think you’re intentionally lying when you lift up trendnet as the model, because they have quite an especially atrocious history of it.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !selfhosted@lemmy.world
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
I’m partial to mikrotik gear, the CRS305 has 4 sfp+ ports for around $150.
Gonna disagree here. Microtik is a problematic company at best. They’re super lax on security, and they’ve had a lot of issues with their products in general. They also offer no real warranty, but I assume that’s because they aren’t a dedicated networking company (they make other things).
Just last year the flags were raised on dated firmware that left something like a million devices vulnerable, and their response was lacking.
On the plus side: they are part of the EU, so data protection laws apply, and they do seem to be in the forefront on uptake of modern equipment and standards.
Can you elaborate on how their response was lacking? From what I found the stable branch had a patch for that vulnerability available for several months before the first report while the lts branch had one available a week before the first article (arguably a brief period to wait before releasing news about the vulnerability but not unheard of either).
MikroTik also offers a 2 year warranty since they legally have to, no idea what you’re on about there. Also also not sure what you think they sell other than networking because for the life of me I can’t find anything other than networking related stuff on their website.
Yeah I’ve worked at WISPs that were pushing TBs through their core routers every day. Those core routers? Mikrotiks. Every apartment buildings core routers and fiber aggregation switches? Mikrotiks. You had to get down to the access layer switches that fed the individual apartments to hit Cisco equipment.
This person is just repeating some shit they read somewhere, hoping it makes them sound knowledgeable. In another post they’re recommending trendnet shit. Get back to me when you can set up BGP peering on your trendnet lol.
https://fieldeffect.com/blog/mikrotik-devices-risk-super-admin-elevation-flaw
https://thehackernews.com/2023/07/critical-mikrotik-routeros.html?m=1
https://www.bleepingcomputer.com/news/security/super-admin-elevation-bug-puts-900-000-mikrotik-devices-at-risk/
Wow you found three different articles, all about the same CVE, that the manufacture published a firmware patch for before any public disclosure was made. That’s definitely just as bad as pretending you don’t know about CVEs in your products lol.
Yeah they definitely could have been quicker with the patches but as long as the patches come out before the articles they are above average with how they handle CVE’s, way too many companies out there just not giving a shit whatsoever.
They were pretty quick for the stable branch, so I guess the miss is prioritizing it for LTS. But if it’s just the one time, I’m completely fine with that.
So first of all I see no point in sharing multiple articles that contain the same copy-pasted info, one of those would have been enough. That aside, again, patches were made available before the vulnerability was published and things like MikroTik not pushing Updates being arguably more of a feature since automatic updates cause network downtime via a reboot and that would be somewhat problematic for networking equipment. Could they have handled that better? Yes, you can almost always handle vulnerabilities better but their handling of it was not so eggregious as to warrant completely avoiding them in the future.
Well because one is WAY WORSE than the other, and the response of commitment is way different. You’re just plain wrong.
My dude. You are not a serious person. I’m blocking you so I don’t waste my time with you in the future. Enjoy your life I guess.
If I buy a switch and that thing decides to give me downtime in order to auto update I can tell you what lands on my blacklist. Auto-Updates absoultely increase security but there are certain use cases where they are more of a hindrance than a feature, want proof? Not even Cisco does Auto-Update by default (from what I’ve managed to find in this short time neither does TrendNet which you’ve been speaking well of). The device on its own deciding to just fuck off and pull down your network is not in any way a feature their customers would want. If you don’t want the (slight) maintenance load that comes with an active switch do not get one, get a passive one instead.
You are a foolish person.
https://www.bleepingcomputer.com/news/security/super-admin-elevation-bug-puts-900-000-mikrotik-devices-at-risk/
As far as warranty goes, Trendnet does Lifetime for their enterprise metal devices, which OP mentioned being interested in. Just looked at Microtik official warranty page, and it says to email support. Big difference.
API went wonky
Wow. You do you, budday.
You seem REALLY on the Microtik brand for some reason. I presented one that didn’t have those issues, you retorted with some stuff, I responded with valid issues. What’s your problem?
You presented one that doesn’t have security vulnerabilities? Here’s yet another CVE out for trendnet: https://nvd.nist.gov/vuln/detail/CVE-2018-19239
Every. Single. Brand. Has. CVEs. I’ve used Mikrotik, I’ve used Cisco, I’ve used Juniper, I’ve used Ubiquiti. I have a trendnet Poe switch in my attic powering some cameras and an AP right now. I have no “problem” with any brand of anything.
I do have a problem with you implying that a company doesn’t take security seriously when they do. I start to think you’re intentionally lying when you lift up trendnet as the model, because they have quite an especially atrocious history of it.
Do you have too much time to rant here but not read the articles you asked for? Lol 🤡
API went wonky
https://www.rapid7.com/db/modules/exploit/linux/misc/cisco_ios_xe_rce/
We can go back and forth on RCEs literally all day. If your bar for using a product is “no RCEs”, get off the grid entirely my guy.
MikroTik is just as serious a network company as Cisco or Juniper, and vastly more serious from an enterprise networking point of view than trendnet.
Also where tf did OP mention anything about warranties?
Edit - https://medium.com/tenable-techblog/trendnet-ac2600-rce-via-wan-8926b29908a4
Edit - https://www.archcloudlabs.com/projects/trendnet-731br/
Edit - lol holy shit look how customer focused trendnet is! They just plugged their ears and pretended an unauthenticated RCE in their product didn’t exist haha. https://arstechnica.com/information-technology/2015/04/no-patch-for-remote-code-execution-bug-in-d-link-and-trendnet-routers/
Edit - oof yikes look there’s more. https://www.nccgroup.com/us/research-blog/technical-advisory-multiple-vulnerabilities-in-trendnet-tew-831dr-wifi-router-cve-2022-30325-cve-2022-30326-cve-2022-30327-cve-2022-30328-cve-2022-30329/
Yeah, I trust Mikrotik much more than Trendnet, though I’m happy to use Trendnet for internal switches.
API went wonky