3Com last month introduced software that uses switches as enforcement points to shut down attacks on business networks, making it possible for users to quarantine infected machines that propagate malicious code.
New software for the company’s TippingPoint Intrusion Prevention System lets the IPS intervene if individual machines violate security policies. The package requires no dedicated quarantine client on each device, which would require administration time to distribute, configure and maintain.
The new software can apply security policies to an IP device on the network including servers, desktops, PDAs, IP phones and printers. When devices log on to the network via 3Com’s automatic media access control (MAC)-based Radius Authenticated Device Access (RADA), it grants access to authorized virtual LANs and QoS on the network.
Other vendors are making similar efforts to block attacks and minimize any damage. Alcatel and third-party intrusion detection vendors team to use the company’s Automated Quarantine Engine in Alcatel switches. Nortel’s switches also support third-party intrusion-detection systems. Cisco’s Clean Access software imposes similar restrictions. Enterasys’ Automated Security Manager quarantines traffic via its switches.
The 3Com quarantine software works with any vendor’s switches, but 3Com says response time for taking enforcement action is faster with 3Com switches by a matter of seconds, but has no specific numbers to support the claim.
With 3Com’s gear, when a device connects to the network, its MAC address and IP address are logged, as well as the switch port where the device is connected. If the IPS identifies the device as generating malicious traffic, the TippingPoint IPS can trigger remedial action such as shutting down the switch port or redirecting the machine to a secure VLAN that displays a Web page explaining what has happened. For instance, the page might say the machine has been infected by a virus and to contact the help desk.
The software is an upgrade to current TippingPoint IPS and ships with new orders. 3Com also is announcing a new switch family, the 5500 series stackable switches, and the 7750 modular switch chassis.
The 5500 series includes both 10/100M bit/sec and Gigabit Ethernet models and comes with either 24 or 48 ports. The gigabit platform supports Power over Ethernet (PoE), as well as fibre connections.
The boxes come with two different software loads, standard and enhanced. The enhanced versions enable stacking eight of the switches rather than two and supports link aggregation to create larger logical links and to support redundancy.
The 7750 modular switch supports 48-port 10/100 or Gigabit Ethernet cards and comes in a four-slot and a seven-slot version. So the smaller version can deliver PoE to 144 ports and the larger to 288 ports. Described as a PoE update for the 3Com 7700 switch, it lacks a redundant management card, something that was available with the 7700.
3Com also is announcing upgrades to its Enterprise Management System that supports role-based access to management functions and logging of rules changes that can be used for auditing to meet regulatory requirements such as the Health Insurance Portability and Accountability Act and the Sarbanes-Oxley Act. The platform also supports improved integration with umbrella management systems such as Tivoli, OpenView and Unicenter, making it simpler to manage multiple thousands of devices.
The 10/100 models ship this month; the gigabit models ship in September. Non-PoE 10/100 switches range from US$2,500 to US$4,500, and from US$3,800 to US$6,500 for PoE.