Cisco puts security in its place

Cisco Systems Inc. now offers enhanced security features for some of its network-edge switches, and the company says these improvements put protection where it belongs.

Cisco figures security should not be attached after the fact, but instead built into the boxes that comprise the network, said Ishmael Limkakeng, the firm’s product line manager in San Jose.

“In the past, most people thought of security as firewall and gateway or router issues. But…we came across best practices from customers that pointed to the fact that you should really be thinking about this in the base infrastructure of the switches.”

To that end Cisco upgraded the security features in its Catalyst 3550 and 2950 Series Intelligent Ethernet Switches. The devices get SSH and SNMPv3 encryption for secure Telnet SNMP sessions, 802.1x technology for improved user authentication and a DHCP interface tracker to keep tabs on users’ whereabouts.

The switches also gain improved access control lists (ACLs) to make sure users stay out of forbidden zones.

Limkakeng said the protective technology is part of “a company-wide effort here at Cisco to look at security as a more pervasive, network-wide problem.”

Dan McLean, an analyst with IDC Canada Ltd. in Toronto, said Cisco’s security upgrades reflect a shifting attitude among users and vendors. Both camps see security as an increasingly important part of network architecture.

“Look back a couple of years,” he said. “We did some research into security and got the message that yes, security is important. There were a lot of good, practical reasons to have it. But nobody wanted to spend much money on it. Now we’re at the point where that has changed…Security isn’t a nice to have thing, it’s an essential thing.”

Embedded security features such as Cisco’s enhancements are particularly important to users when buying network gear, he said. “People look at inherent security in products and say…that’s going to be the determining factor for me buying this product.”

For Ben Hockenhull, built-in security made a difference when he went shopping for switches. The network administrator at Webster University in St. Louis, Hockenhull is fond of the Catalyst 3550s the school uses in its data backbone. “We’re buying primarily Cisco switches at this point,” he said. “Part of the reason for that is performance and part of the reason is for these types of (security) features.”

Cisco’s security upgrades for the Catalyst 3550 and 2950 switches are free of charge. The firm also has a new version of the 3550 for fibre-optic networks and a new Gigabit Interface Converter (GBIC) available now. For more information see Cisco’s Web site at