Cisco Makes A Flurry Of Security Enhancements

Cisco Systems on Tuesday announced the release of an updated version of its Cisco IOS Software which includes new security enhancements.

Cisco has added what it calls the IP Source Tracker, which helps users identify and locate where denial-of-service attacks may be entering a network. It also provides a "reserved management channel" to a router, even when that router may be under a denial of service attack, so administrators can take appropriate measures at the device to mitigate the performance disruption of the attack. Also added is a new role-based interface, so users can define access to devices based on administrative roles which, the company says, should help reduce problems due to network misconfigurations.

Cisco also has added anomaly protocol inspection for ESMTP, the Extended Simple Mail Transfer Protocol, to its IOS Software, so users can better defend against known mail attacks. Enhanced firewall support also gives users the ability to segment their networks without altering their existing IP-addressing configurations. The new IOS Firewall for IP version 6 includes stateful inspection for traffic running on both IP versions 4 and 6.

The company also unveiled Cisco Security Device Manager 1.1, which makes it easy for administrators to manage the security policy of their routers. The new version also supports Cisco 7200 and 7301 series routers, in addition to the 800, 1700, 2600, and 3700 series.

While Cisco has been touting its vision of the "self-defending" network, analysts say the networking company has much more to do before its security software reaches that lofty goal. "It's a good concept, and they're on the right track," says Eric Ogren, a senior analyst at the Yankee Group.

Ogren says he'd like to see Cisco's security get more specific in its approach to protecting networks. For instance, while Cisco's software can spot and then stop traffic from IP addresses where an attack is originating, he says, it now will stop all traffic from the offending IP address, rather than only stopping the attack. "It would be good to drop only the malicious messages or protocols, that is stop the bad traffic while letting the good traffic through," he says.

Cisco also unveiled an addition to its VPN 3000 series of concentrators, the Cisco VPN 3020. The VPN 3020 provides both IPSec and Secure Sockets Layer remote VPN access in a single device.