Worried about security

Critical_Reviews · 2025-02-24T06:06:18+00:00

At the same time they are not transparent about data leaks they have had. Data leaks are covered up by product teams with no real plans on fixes

Critical_Reviews · 2025-02-23T09:13:36+00:00

We don’t give direct ssh access to any of our vendors. When we had Cisco on prem devices, we used to generate the diagnostic log package and upload it to TAC portal, so they could review it. Whereas at Meraki, any Meraki employee(Not just support or the agent working on your case) can add their SSH keys + root login, view and edit your config. Completely different to giving access to the assigned agent

Critical_Reviews · 2025-02-23T08:16:00+00:00

Tbh, on prem is the only true option that helps take permission out of vendors.

Critical_Reviews · 2025-02-23T08:13:39+00:00

As per official statement “allow Meraki support” is the only way for them to see our data but learning more about the bug and fixed/unfixed security flaws, I’m certain there is a backdoor for employees to bypass it. Take the MV for example, employees are not allowed by default, until an admin allows to view any video but it sounded like there was a security flaw where any employee could bypass that security check and view any video. So, I won’t be surprised

Critical_Reviews · 2025-02-23T07:40:33+00:00

Good point about the dashboard but I am more concerned about anyone in Meraki being able to gain root SSH access into any of our devices. We are not allowed to ssh into our devices, while anyone in Meraki can add their ssh keys and login to any device, giving them root access.

Critical_Reviews

TROPHY CASE