3Com quarantines malicious traffic

3Com next week will introduce software that uses switches as enforcement points to shut down attacks on business networks, making it possible for users to quarantine infected machines that propagate malicious code.

New software for the company’s TippingPoint Intrusion Prevention System lets the IPS intervene if individual machines violate security policies. The package requires no dedicated quarantine client on each device, which would require administration time to distribute, configure and maintain.

The new software can apply security policies to an IP device on the network including servers, desktops, PDAs, IP phones and printers. When devices log on to the network via 3Com’s automatic media access control (MAC)-based Radius Authenticated Device Access (RADA), it grants access to authorized virtual LANs and QoS on the network.

Other vendors are making similar efforts to block attacks and minimize any damage. Alcatel and third-party intrusion detection vendors team to use the company’s Automated Quarantine Engine in Alcatel switches.

Nortel’s switches also support third-party intrusion-detection systems. Cisco’s Clean Access software imposes similar restrictions. Enterasys’ Automated Security Manager quarantines traffic via its switches.

The 3Com quarantine software works with any vendor’s switches, but 3Com says response time for taking enforcement action is faster with 3Com switches by a matter of seconds, but has no specific numbers to support the claim.

With 3Com’s gear, when a device connects to the network, its MAC address and IP address are logged, as well as what switch port the device is connected. If the IPS identifies the device as generating malicious traffic, the TippingPoint IPS can trigger remedial action such as shutting down the switch port or redirecting the machine to a secure VLAN that displays a Web page explaining what has happened and what action the user should take. For instance, the page might say the machine has been infected by a virus and to contact the help desk.

The software is an upgrade to current TippingPoint IPS and ships with new orders.

3Com also is announcing a new switch family, the 5500 series stackable switches, and the 7750 modular switch chassis.

The 5500 series includes both 10/100M bit/sec and Gigabit Ethernet models and comes with either 24 or 48 ports. The gigabit platform supports Power over Ethernet (PoE), as well as fiber connections.

The boxes come with two different software loads, standard and enhanced. The enhanced versions enable stacking eight of the switches rather than two and supports link aggregation to create larger logical links and to support redundancy. The devices also have one slot for an IPv6 router. The slot also can support a wireless switch, reducing the need for a separate device.

These switches are similar to high-density stackables from Enterasys, Extreme Networks and Nortel. They add PoE support in the 3Com line, something it lacked in high-density switches, says Steve Schuchart, an analyst with Current Analysis.

Customers adding switches to their networks that don’t include wireless or VoIP might want to add them and seek the assurance that they can get it without replacing all their switches again, he says. “Not every customer is going to buy [PoE], but you’ve got to have it,” he says.

The 7750 modular switch supports 48-port 10/100 or Gigabit Ethernet cards and comes in a four-slot and a seven-slot version. So the smaller version can deliver PoE to 144 ports and the larger to 288 ports.

Schuchart describes this as a PoE update for the 3Com 7700 switch, and says it lacks a redundant management card, something that was available with the 7700. “If you’re considering doing telephony with a switch, you want redundancy,” he says.

3Com also is announcing upgrades to its Enterprise Management System that supports role-based access to management functions and logging of rules changes that can be used for auditing to meet regulatory requirements such as the Health Insurance Portability and Accountability Act and the Sarbanes-Oxley Act.

The platform also supports improved integration with umbrella management systems such as Tivoli, OpenView and Unicenter, making it simpler to manage multiple thousands of devices.

The 10/100 models ship this month; the gigabit models ship in September. Non-PoE 10/100 switches range from US$2,500 to $4,500, and from $3,800 to $6,500 for PoE.

Non-PoE gigabit switches range from $6,000 to $11,000 and from $7,500 to $13,500 for PoE.

The 7700 chassis costs $1,800 to $4,0005, switch cards cost $5,000, and a 48-port gigabit card costs $5,000.

Related links:

3Com swings wide to stir corporate Canada

Enterprise commitment and 3Com don’t go together

Related Download
What is an Application Delivery Controller Sponsor: Softchoice
What is an Application Delivery Controller
Download this white paper to learn the core services ADCs provide and its benefit to both users and application administrators.
Register Now