Cisco Expands Security Features

Enterprise Networks & Servers, Apr 2004

Cisco Systems has announced an array of threat defense system capabilities through Cisco TOS Software Release. 12.3T that are designed to help networks be more resilient to malicious network attacks while simultaneously enhancing the flexibility and performance of networked business systems.

"Security is no longer best layered onto networks and applications as an afterthought," said Eric Ogren, senior analyst with the Yankee Group. "Cisco clearly understands that security is a network service to be embedded throughout the infrastructure, and this announcement extends on that vision."

The new Cisco IP Source Tracker, a Cisco IOS Software-based security capability, helps customers identify and locate network entry points for denial of service (DoS) attacks to minimize business disruption. New control-plane-policing features provide network administrators with a reserved management channel into a router, even when it may be under a DoS attack, for more effective response to network attacks.

The addition of new role-based command-line interface (CLI) capabilities enable customers to define access based on administrative roles, letting network or security operations personnel exercise more precise control over network security, and minimizing the possibility for network attacks due to misconfigurations.

New transparent firewall support gives customers the flexibility to segment the network into security "trust zones," while preserving the network's existing IP addressing scheme and simplifying security deployment.

The new Cisco IOS Firewall for Internet Protocol version 6 (IPv6) provides stateful inspection to both existing IPv4 and IPv6 traffic on a single interface for enhanced performance, along with better management of the IPv6 migration process.

Cisco Systems is also introducing security router and virtual private network (VPN) hardware products as well as security management software enhancements that will increase the performance and scalability of enterprise and service provider security and VPN deployments.

Cisco has extended VPN support to the Cisco 7301 Router central-site customer premises equipment (CPE) hardware product offering integrated security in head-end network environments. The Cisco 7301 now supports 370 megabits-per-second VPN throughput, and is integrated with stateful firewalling, routing and quality of service (QoS) management capabilities in a one-rack unit.

The Cisco 7301 Router also includes support for the new Cisco Security Device Manager Version 1.1 for simplified configuration and administration.

A new addition to the Cisco VPN 3000 Series of concentrators, the Cisco VPN 3020 offers integrated IPSec and Secure Sockets Layer (SSL) remote VPN access to meet the requirements of any remote user population in a single device and management framework. The Cisco VPN 3020 offers advanced security in IPSec VPN deployments by supporting both Triple Data Encryption Standard (3 DES) and Advanced Encryption Standard (AES), along with scalable support for 750 concurrent users.

www.cisco.com