I have switch (HP ProCurve 1810-24G to be exact) and it's placed in a datacenter.
To secure the switch, there's a lenghty password on it. But, there's one great downside: anyone with the IP address has access to the login screen. While this normally not an issue, I don't like it. There are some brute-force attacks going on and who knows there might be a zero-day exploit available for the switch. The switch doesn't have the option to 'auto-ban' IP's with exessive login attempts nor does it have a whitelist for allowed IP's.
So, my question is: how to secure this switch better than I currently have? I was thinking about giving it a private IP address, but then when my server crashes, I would be unable to access the switch (if I need to for any reason).
What are best practises for something like this?
Configure the switch so it is not accessible from the public-facing network, and ideally from a specific management LAN connection.
Then connect using a VPN - configure it to use certificate authentication in addition to your logon.
If you absolutely cannot do this, configure the firewall between this switch and the internet to only accept management connections from your IP address. This isn't perfect security, but it limits visibility of the logon screen so will increase security.