03:41 PM

Cisco Makes A Flurry Of Security Enhancements

It updated its IOS Software to help users detect and defeat denial-of-service attacks on their networks.

Cisco Systems on Tuesday announced the release of an updated version of its Cisco IOS Software which includes new security enhancements.

Cisco has added what it calls the IP Source Tracker, which helps users identify and locate where denial-of-service attacks may be entering a network. It also provides a "reserved management channel" to a router, even when that router may be under a denial of service attack, so administrators can take appropriate measures at the device to mitigate the performance disruption of the attack. Also added is a new role-based interface, so users can define access to devices based on administrative roles which, the company says, should help reduce problems due to network misconfigurations.

Cisco also has added anomaly protocol inspection for ESMTP, the Extended Simple Mail Transfer Protocol, to its IOS Software, so users can better defend against known mail attacks. Enhanced firewall support also gives users the ability to segment their networks without altering their existing IP-addressing configurations. The new IOS Firewall for IP version 6 includes stateful inspection for traffic running on both IP versions 4 and 6.

The company also unveiled Cisco Security Device Manager 1.1, which makes it easy for administrators to manage the security policy of their routers. The new version also supports Cisco 7200 and 7301 series routers, in addition to the 800, 1700, 2600, and 3700 series.

While Cisco has been touting its vision of the "self-defending" network, analysts say the networking company has much more to do before its security software reaches that lofty goal. "It's a good concept, and they're on the right track," says Eric Ogren, a senior analyst at the Yankee Group.

Ogren says he'd like to see Cisco's security get more specific in its approach to protecting networks. For instance, while Cisco's software can spot and then stop traffic from IP addresses where an attack is originating, he says, it now will stop all traffic from the offending IP address, rather than only stopping the attack. "It would be good to drop only the malicious messages or protocols, that is stop the bad traffic while letting the good traffic through," he says.

Cisco also unveiled an addition to its VPN 3000 series of concentrators, the Cisco VPN 3020. The VPN 3020 provides both IPSec and Secure Sockets Layer remote VPN access in a single device.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of July 17, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.