From  CertCities.com
News

Cisco Executes on Self-Defending Network Strategy


3/16/2004 -- Last week, Cisco Systems Inc. announced several new defensive system capabilities that it's offering as part of its Self-Defending Network strategy.

New IOS features include a range of threat defense and secure connectivity products and services, such as Cisco IP Source Tracker, control-plane-policing, and role-based command-line interface (CLI) capabilities.

Cisco IP Source Tracker can help network administrators identify potential entry points that could expose enterprise networks to denial of service (DoS) attacks, while the new control-plane-policing features that Cisco announced support a reserved management channel into a router, which lets administrators more effectively respond to it if it's under attack. The control-plane-policing and CLI capabilities, for their part, support access based on administrative roles, which Cisco says minimizes the possibility of network attacks due to misconfigurations.

Cisco also unveiled IOS Firewall for IPv6 and introduced new VPN support for its Cisco 7301 central site router, along with improved performance (up to 370 Mbps VPN throughput). Elsewhere, Cisco added the Cisco VPN 3020 -- which can service as many as 750 users, and which supports both 3DES and AES encryption standards -- to its VPN 3000 portfolio. In SSL VPN deployments, Cisco says that the VPN 3020 can support as many as 200 concurrent users at up to 50 megabits per second.

Joel Conover, a principal analyst for enterprise infrastructure with consultancy Current Analysis Inc., says that some of the new features, such as the enhanced firewall and VPN capabilities, help bring Cisco up to speed with competitors. "[Cisco] needed to be able to respond to competitive and customer challenges that its hardware couldn't stand up to DoS attacks, and because competitors such as Check Point and Netscreen have been moving in on its core territory by offering internal security solutions to address firewalling and zone security where Cisco couldn't," he confirms.

The new features are designed to make it easier to secure Cisco routers, which Conover notes have a reputation for being difficult to configure. "Cisco's routers are perceived as difficult to secure due to the many security options and features that are available on the platform, and Cisco's new tools attempt to alleviate some of the complexity," he concludes.  -Stephen Swoyer

 

 

top

Copyright 2000-2005, 101communications LLC. See our Privacy Policy.
For more information, e-mail .