So I just added a TP-Link switch (TL-SG3428X) and access point (EAP670) to my network, using OPNSense for routing, and was previously using a TP-Link SX-3008F switch as an aggregate (which I no longer need). I’m still within the return window for the new switch and access point, and have to admit the sale prices were my main reason with going for these items. I understand there have been recent articles mentioning TP-Link and security risks, so I’m thinking if I should consider returning these, and upping my budget to go for ubiquity? The AP would only be like $30 more for an equivalent, so that’s negligible, but a switch that meets my needs is about 1.6x more, however still only has 2 SFP+ ports, while I need 3 at absolute minimum.
I’m generally happy with the performance, however there is a really annoying bug where if I reboot a device, the switch drops down to 1G speed instead of 10G, and I have to tinker with the settings or reboot the switch to get 10G working again. This is true for the OPNSense uplink, my NAS and workstation. Same thing happened with the 3008F, and support threads on the forums have not been helpful.
In any case, any opinions of switching to ubiquity would be worth it?
I run infrastructure that’s mostly ubiquity, with a sprinkling of mikrotik. I have no complaints, I really like the devices. They just work.
A switch you need to manually configure after every reboot sounds quite annoying. I don’t know if that’s something you can fix in software, if not sounds like a deal breaker to me.
As far as security risks go: you really need to model your threats, and your level of risk tolerance. Every single device, everyone, regardless of who makes it, has security faults. There is a remote code exploit for every device out there, some of them haven’t been discovered yet, some of them will never get discovered, but they all exist. So the real question is, how much work, how much money, do you want to spend to reduce the probability? And if it does get exploited what is your next fallback? Your network should have defense and depth. Breaking into one component should not breach everything.
Ubiquiti is great, because they’ve supported all of their devices, automatic updates. But they’re a big force now, which means they’re a big target. Which means there’s more effort put into breaking into the systems. Not to mention they really really really really really really want to control everything via cloud accounts, so that’s a huge risk surface that other network products don’t have.
Going onto your risk tolerance, if you’re trying to do all the best practices, internally in your network you would have some intrusion detection system, maybe a honey pot. Those would alert you. These systems exist because it’s inevitable eventually your system will get breached, the question is how long before you notice?