Community discussions

 
stanelie
just joined
Topic Author
Posts: 19
Joined: Sun Jun 03, 2012 9:32 pm

unsecured access to admin interface?

Thu Aug 15, 2019 7:42 pm

Hello.

I am a bit worried about my password being sent in clear when I log into my swos switch since the web interface does not use https.

Are there any plans to implement this basic security feature?
 
pe1chl
Forum Guru
Forum Guru
Posts: 5523
Joined: Mon Jun 08, 2015 12:09 pm

Re: unsecured access to admin interface?

Thu Aug 15, 2019 8:48 pm

Can your switch run RouterOS instead of SWOS? (some models can do that)
I think that is the only viable solution as SWOS is an extremely small system that is not likely to be extended.
 
stanelie
just joined
Topic Author
Posts: 19
Joined: Sun Jun 03, 2012 9:32 pm

Re: unsecured access to admin interface?

Thu Aug 15, 2019 9:04 pm

It's really easier and less time consuming to manage the switch and vlans from the swos os. The management of the switch component from within RouterOS is a lot clumsier, I am more prone to mistakes in there, and it takes a lot more time.

Really, https is a basic security feature, and it's everywhere except in swos...
 
pe1chl
Forum Guru
Forum Guru
Posts: 5523
Joined: Mon Jun 08, 2015 12:09 pm

Re: unsecured access to admin interface?

Fri Aug 16, 2019 12:11 am

SWOS is like 64KB is size. sixty-four KILObytes. Like the memory size of a Commodore 64.
RouterOS is more like 8 megabytes.
Is it surprising that SWOS lacks some features?
Only the addition of an SSL library will at least double the size of SWOS.
 
stanelie
just joined
Topic Author
Posts: 19
Joined: Sun Jun 03, 2012 9:32 pm

Re: unsecured access to admin interface?

Fri Aug 16, 2019 12:19 am

Yes,
I am well aware that it is very small in size. However, I do not care about its size, only that it is secure (or not). I couldn't care less if it blew up in size to 64 GB, as long as it is secure.
So, again, are there any plans to implement this basic security feature?
 
pe1chl
Forum Guru
Forum Guru
Posts: 5523
Joined: Mon Jun 08, 2015 12:09 pm

Re: unsecured access to admin interface?

Fri Aug 16, 2019 11:34 am

You have to consider that the first switches where SWOS was used do not have more memory than that.
Of course these days the dual-boot SWOS/RouterOS switches do have more memory but they can use RouterOS.

It is not useful to ask about plans here. This is a user forum, for users to help eachother.
To ask something to mikrotik lookup their e-mail addresses on the website and mail there.
 
stanelie
just joined
Topic Author
Posts: 19
Joined: Sun Jun 03, 2012 9:32 pm

Re: unsecured access to admin interface?

Fri Aug 16, 2019 3:53 pm

Well,

I disagree. From my experience, Mikrotik is not the fastest at answering inquiry emails, so, I thought I would ask here where I seem to get answers faster.

Also, I've seen people from Mikrotik answer from time to time on these forums, even if this is a "users" forum, I was hoping to get an answer from them instead.

Mikrotik didn't use to have big switches that tried to compete with Cisco, Aruba, HP... Now they do. I expect them to strive for the same level of features completeness, including a (very basic) SSL auth mechanism.

If these newer, bigger, better switches can run a full fledged RouterOS, they can certainly spare a few megs for an SSL library.

If they don't want to improve on SWOS because of its lineage or other limitation, maybe they could improve the switch chip management interface within winbox to easily manage it from RouterOS?

My two cents...
 
pe1chl
Forum Guru
Forum Guru
Posts: 5523
Joined: Mon Jun 08, 2015 12:09 pm

Re: unsecured access to admin interface?

Fri Aug 16, 2019 5:04 pm

Well, I have never seen a MikroTik employee answer any question regarding "plans" here with anything more specific than "It happens, when it happens"...
True there sometimes are answers regarding technical matters, but far more from other users than from MikroTik employees.

W.r.t. switches that compete with Cisco, Aruba, HP... I think that must be a joke!
There are so many "enterprise features" that are not available in MikroTik switches that they still are mostly on the hobby market and maybe some admins who never used more professional switches and/or are on an extremely tight budget.

For now, when you want to use MikroTik switches, just make sure you have a separate management VLAN where the use of plaintext auth is not a problem.
 
stanelie
just joined
Topic Author
Posts: 19
Joined: Sun Jun 03, 2012 9:32 pm

Re: unsecured access to admin interface?

Fri Aug 16, 2019 5:29 pm

Ok,

I will do that, thanks.

Who is online

Users browsing this forum: No registered users and 2 guests