A Core Competence Product Evaluation
Conclusions
The Port Switch Hub is a fine piece of hardware. We're generally
pleased with the flexibility port switching provides over basic repeaters,
and we are impressed with the MAC level security features.
We have recommended some enhancements to 3COM that would
improve the manage-ability and security of the Hub and make
a good product even better.
SLIP rather than PPP is supported for analog remote access. Support for PPP would
provide better authentication through Challenge Handshake
Authentication Protocol (CHAP).
We could not identify a way to backup and restore a PS Hub 40 configuration.
We can identify at least two situations where the absence of a backup facility
might present problems to network administrators, both related to the effects
an inadvertent or malicious initialization of the hub may have on an
production VLAN. When the hub is initialized (set to factory defaults) the
unit reverts back to providing a single LAN segment for all attached end stations.
Administrators have to be prepared to deal with restoring virtual LAN
communications provided via the hub, but must do so by recreating rather
than restoring the working configuration. We recommend that you
painstakingly record every port and segment assignment and security
configuration for your hub or stack and that you implement a manual
change control and auditing until 3Com
provides a configuration management facility.
From a security standpoint, initialization of Hub must be viewed as a
serious vulnerability, especially given that SLIP may be the only
defense against unauthorized dial access to the equipment.
With factory defaults, end station communications presumed to be
compartmentalized using segmentation, authorized addresses, disconnect
unauthorized device, and need to know are no longer in effect. We would
prefer that the hub revert to a non-communicating state on all ports,
requiring direct console access for restoration of service.
Although the 12 port model supports 4 internal LAN segments,
it is really not suited for standalone multi-segment deployment,
since you can exhaust 4 ports as uplinks to switches and other
hubs, leaving only 8 endstation ports. The better application
for the 12 port model is as a component of a stack, or for
small businesses or branch offices where
a select few endstations must be isolated from all others, or where
a DMZ or screened subnet must be carved out from the LAN
environment to support servers for public Internet access. If you
really need more than two VLANs, you should consider the 24-port
model.