03:41 PM
Connect Directly

Cisco Makes A Flurry Of Security Enhancements

It updated its IOS Software to help users detect and defeat denial-of-service attacks on their networks.

Cisco Systems on Tuesday announced the release of an updated version of its Cisco IOS Software which includes new security enhancements.

Cisco has added what it calls the IP Source Tracker, which helps users identify and locate where denial-of-service attacks may be entering a network. It also provides a "reserved management channel" to a router, even when that router may be under a denial of service attack, so administrators can take appropriate measures at the device to mitigate the performance disruption of the attack. Also added is a new role-based interface, so users can define access to devices based on administrative roles which, the company says, should help reduce problems due to network misconfigurations.

Cisco also has added anomaly protocol inspection for ESMTP, the Extended Simple Mail Transfer Protocol, to its IOS Software, so users can better defend against known mail attacks. Enhanced firewall support also gives users the ability to segment their networks without altering their existing IP-addressing configurations. The new IOS Firewall for IP version 6 includes stateful inspection for traffic running on both IP versions 4 and 6.

The company also unveiled Cisco Security Device Manager 1.1, which makes it easy for administrators to manage the security policy of their routers. The new version also supports Cisco 7200 and 7301 series routers, in addition to the 800, 1700, 2600, and 3700 series.

While Cisco has been touting its vision of the "self-defending" network, analysts say the networking company has much more to do before its security software reaches that lofty goal. "It's a good concept, and they're on the right track," says Eric Ogren, a senior analyst at the Yankee Group.

Ogren says he'd like to see Cisco's security get more specific in its approach to protecting networks. For instance, while Cisco's software can spot and then stop traffic from IP addresses where an attack is originating, he says, it now will stop all traffic from the offending IP address, rather than only stopping the attack. "It would be good to drop only the malicious messages or protocols, that is stop the bad traffic while letting the good traffic through," he says.

Cisco also unveiled an addition to its VPN 3000 series of concentrators, the Cisco VPN 3020. The VPN 3020 provides both IPSec and Secure Sockets Layer remote VPN access in a single device.

Comment  | 
Print  | 
More Insights
IT's Reputation: What the Data Says
IT's Reputation: What the Data Says
InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Government Oct. 20, 2014
Energy and weather agencies are busting long-held barriers to analyzing big data. Can the feds now get other government agencies into the movement?
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.