News and Product Updates

Improved Security Features for JumboSwitch® Interface Cards

As a result of third-party penetration testing on JumboSwitch® systems, a number of improvements have been made to ensure continued security when using JumboSwitch products.

These updates are available in the latest version of software updates for the JumboSwitch interface cards for all users with a support contract.

The updates are as follows:

High-Impact

1. Updated SSH server to enhance security
2. Updates around improved security for SNMP denial of service attacks, including using an updated SNMP library
3. Ensured that all web UI pages operate with authentication to eliminate web UI bypass.
4. Username password encryption now AES256
5. Added sanitation checks in web UI to remove potential cross-site scripting vulnerability

Medium-Impact

6. Updated HTTPS to support TLS 1.2

Low-Impact

7. Added HTTPS Strict Transport Security (HSTS)

To stay current on our other JumboSwitch product updates, follow the links below.

Product Updates:

• PDV Function LED
• Digital Potentiometer
• 1+1 Hitless Redundancy