Cisco readying security initiatives

A Cisco Systems Inc. official Tuesday hinted at several upcoming security initiatives, including a gigabit-speed intrusion detection appliance and an effort to enable service providers to offer new classes of VPN and voice-over-IP services.

David Ofsevit, a member of Cisco’s Enterprise Solutions Engineering team, said the new efforts would extend the company’s wide range of security offerings, which include everything from firewalls to network- and host-based intrusion detection systems to policy management software. Further technical details weren’t available on the appliance, expected later this year, or the carrier effort, an extension of the Cisco Powered Network program that he said will likely be carried out with service providers such as AT&T Corp., SBC Communications Inc. and Verizon Communications Inc.

Ofsevit spoke at a small gathering of IT people from the financial services industry that also were addressed by representatives from Compliance Coach, OpenSystems and Network Catalyst.

Cisco recommends that customers take a multi-layered approach to network security that goes well beyond firewalls. “Everything is a target,” Ofsevit said, lamenting today’s often sloppy corporate security practices (he noted, for example, that “Cisco123” is said to be the most popular password on the ‘Net).

Wall Street firms in particular have “new religion” about security since the Sept. 11 attacks, especially in light of their interest in supporting up to tens of thousands of additional remote workers via VPNs, Ofsevit said. Such interest is among the drivers behind Cisco’s upcoming effort with carriers to bolster VPN and voice-over-IP services.

Meanwhile, Cisco continues to flesh out its SAFE blueprint, which it announced in the fall of 2000 to help companies safeguard converged networks. Cisco will soon release a SAFE white paper on securing telephony networks, Ofsevit said. Four existing SAFE white papers – on topics ranging from wireless nets to IPSec VPNs – are available on Cisco’s Web site.

Among the advice passed along by Ofsevit for securing networks is to separate network management traffic from production traffic, so that in the event of a production network break-in, management systems can still be used to address the problem.

Cisco Canada is at