Cisco Systems last week announced a blueprint for securing enterprise networks engaging in e-commerce.
The blueprint, called Safe, advises customers on how to embed security into their e-business infrastructures so they can safely transact business over the Internet. The strategy is based on Cisco's Architecture for Voice, Video and Integrated Data, which encompasses client devices, network infrastructure, routing control and applications, such as e-commerce and supply chain.
The Safe strategy combines Cisco's security products with those of vendor partners. For example, the Cisco products include the PIX Firewall, IOS Firewall Feature Set, Intrusion Detection System (IDS) and VPN Concentrators; third-party offerings include antivirus packages, host-based intrusion detection, log analysis and authentication systems.
Partners in the Safe initiative include RSA Security Inc., Secure Computing Corp., Entrust Technologies Inc., Microsoft Corp. and VeriSign Inc.
Web hosting service provider Exodus Communications Inc. plans to implement a security service based on the Safe model this month.
Cisco also rolled out several new products under the Safe umbrella. The Cisco Secure IDS 4210 intrusion-detection system is an appliance for corporate customers that detects unauthorized traffic traversing a network, such as hacking activity, by analyzing traffic in real time. When unauthorized traffic is detected, the 4210 can send alarms to a management console and deactivate sessions.
The 4210 is optimized for 45M bit/sec environments, such as multiple T-1/E-1 circuits, T-3 links and Ethernet LANs. The product costs $US8,000 and is available this quarter.
Another component of Safe is the IDS module Cisco introduced last week for the Catalyst 6000 switch (www.nwfusion.com, DocFinder: 1032).
The Cisco Secure Policy Manager Version 2.2 is a policy-based security management system that lets users establish policies for controlling IDS devices, firewalls and VPN routers. Users can configure IDS devices and consolidate IDS event monitoring, alarming and status information with Policy Manager 2.2.
The software costs $US2,000 for a three-unit bundle, or $US15,000 for an enterprise license. It is available this quarter.
The Cisco Secure Access Control Server Version 2.5 is a Web-based package that lets administrators establish authentication parameters for users on a network. It runs on Windows 2000 and NT, and supports Remote Authentication Dial-In User Service and TACACS+ authentication routines for controlling user access to large-scale VPNs, dial-up and voice networks. It costs $US6,000 and is available this quarter.
The Cisco Security Encyclopedia is an online repository of security vulnerability information. It provides Cisco customers with access to network security problem resolution information. The encyclopedia is also available this quarter.
Despite the sweeping nature of the Safe rollout, it is still a work in progress. Cisco is working with a few of its Safe partners to define a method to instrument applications with agents that will provide application-level information on potentially intrusive activity.
"We need a consistent message format from devices and applications for intrusion detection and security management and monitoring," says Richard Palmer, vice president and general manager of Cisco's VPN and security services business unit. "The challenge is not so much the inspection but the volume of messages."
Palmer says Cisco's goal is to have this message format defined and published before year-end.
Cisco is also working with SAFE partners to map VPN-like encryption to wireless networks, Palmer says.