Cisco Systems Inc. last month announced a blueprint for securing enterprise networks engaging in e-commerce.
The blueprint, called Safe, advises customers on how to embed security into their e-business infrastructures so they can safely transact business over the Internet. The strategy is based on Cisco’s Architecture for Voice, Video and Integrated Data, which encompasses client devices, network infrastructure, routing control and applications, such as e-commerce and supply chain.
The Safe strategy combines Cisco’s security products with those of vendor partners. For example, the Cisco products include the PIX Firewall, IOS Firewall Feature Set, Intrusion Detection System (IDS) and VPN Concentrators; third-party offerings include antivirus packages, host-based intrusion detection, log analysis and authentication systems.
Partners in the Safe initiative include RSA Security Inc., Secure Computing Corp., Entrust Technologies Inc., Microsoft Corp. and VeriSign Inc.
Web hosting service provider Exodus Communications Inc. plans to implement a security service based on the Safe model this month.
Cisco also rolled out several new products under the Safe umbrella. The Cisco Secure IDS 4210 intrusion-detection system is an appliance for corporate customers that detects unauthorized traffic traversing a network, such as hacking activity, by analyzing traffic in real time. When unauthorized traffic is detected, the 4210 can send alarms to a management console and deactivate sessions.
The 4210 is optimized for 45Mbps environments, such as multiple T-1/E-1 circuits, T-3 links and Ethernet LANs. The product costs US$8,000 and is available this quarter.
Another component of Safe is the IDS module Cisco introduced last week for the Catalyst 6000 switch.
The Cisco Secure Policy Manager Version 2.2 is a policy-based security management system that lets users establish policies for controlling IDS devices, firewalls and VPN routers. Users can configure IDS devices and consolidate IDS event monitoring, alarming and status information with Policy Manager 2.2.
The software costs US$2,000 for a three-unit bundle, or US$15,000 for an enterprise license. It is available this quarter.
The Cisco Secure Access Control Server Version 2.5 is a Web-based package that lets administrators establish authentication parameters for users on a network. It runs on Windows 2000 and NT, and supports Remote Authentication Dial-In User Service and TACACS+ authentication routines for controlling user access to large-scale VPNs, dial-up and voice networks. It costs US$6,000 and is available this quarter.
The Cisco Security Encyclopedia is an on-line repository of security vulnerability information. It provides Cisco customers with access to network security problem resolution information. The encyclopedia is also available this quarter.
“Safe is our effort to look at enterprise security from a complete perspective,” said David King, director of security solutions marketing at Cisco.
The Safe elements, designed and tested in Cisco labs, identify where and why security products are needed throughout the network. Issues such as potential security threats, responses, performance, and secure management were considered in module development.
The modular set-up gives businesses flexibility to implement network security in stages, depending on specific needs. This flexibility is a key issue for enterprises contemplating converged systems that combine voice, video, and data on one network, Cisco officials said.
Among other issues, e-business efforts in particular have heightened the security risks faced by enterprises, according to Cisco.
“Security becomes more of a risk [in e-business] because you open your network,” King said. “When you leverage the Internet and public networks, security risks increase.”
Despite the sweeping nature of the Safe rollout, it is still a work in progress. Cisco is working with a few of its Safe partners to define a method to instrument applications with agents that will provide application-level information on potentially intrusive activity.
“We need a consistent message format from devices and applications for intrusion detection and security management and monitoring,” said Richard Palmer, vice-president and general manager of Cisco’s VPN and security services business unit. “The challenge is not so much the inspection but the volume of messages.”
Palmer said Cisco’s goal is to have this message format defined and published before year-end.
Cisco is also working with SAFE partners to map VPN-like encryption to wireless networks, Palmer said.