Nortel's new defense gear offers better protection

  • Tim Greene (Network World)
  • 09 December, 2004 08:00

Nortel Networks is now able to protect businesses from never-before-seen threats using new intrusion detection and prevention technology that monitors network traffic and blocks the traffic that seems malicious.

Called Threat Protection System, the new defense gear consists of hardware probes that gather data about traffic and an appliance called Defense Center that tells the sensors what to look for and analyzes the data they collect. If Defense Center identifies anything suspicious, it can automatically trigger a new filter in a Nortel switch/firewall to block it.

For example, the system has been used for four months by Coppin State University in Baltimore, where it has caught and isolated viruses that slipped by the school's anti-virus protection, says Ahmed El-Haggan, Coppin's CIO and vice president of IT. The school is beta testing Threat Protection System.

The school installs McAfee Inc. anti-virus software on all its machines, but students and faculty can connect to the network with laptops they own, says El-Haggan These might not have anti-virus software, and so may be infected. Based on the amount of traffic a virus was generating in one instance, Threat Protection System tracked down the dorm room where the guilty machine was located. The system sent an alarm and administrators shut down the infected machine's access port. "It stopped the propagation," El-Haggan says.

Threat Protection can be configured to signal a Nortel switch/firewall to shut down the traffic as well. Later Nortel says it plans to enable Threat Detection to make Nortel load-balancing Applications Switches and LAN switches block traffic as well.

Sensors for the protection system come in two models, the 2050 with throughput of 100M bit/sec available Dec. 27, and the 2070 with throughput of 750M bit/sec, available Jan. 1. Nortel has not released their prices yet.

Separately, Nortel is introducing a new VPN gateway that handles SSL and IPSec sessions at high enough capacity for large enterprises and even service providers.

Called VPN Gateway 3070, the new device can handle a blend of 4,000 SSL and IPSec remote access users at a time, and encrypts using Triple-DES at up to 600M bit/sec. This is up from 2,000 users and 300M bit/sec for its previous VPN platform, VPN Gateway 3050.

A new software release for the VPN platforms enables setting up multiple security domains on each gateway, so, for instance, a service provider could use one box to support multiple customers, each with its own set of policies. The VPN Gateway Version 5.0 also enables clustering multiple devices and is available in mid-December.

Earlier versions of the software supported only IPSec or only SSL on a single device, but 5.0 supports both. The software also makes it possible to check remote machines trying to connect to the VPN to determine if their configuration meets security polices so they can be allowed to connect.

Remote users can make network-layer connections to SSL VPNs thanks to a new feature that supports downloading an Active X agent to the remote machine that intercepts traffic at the network layer. This makes it appear as if remote sessions are taking place on the LAN rather than using a Web interface that looks and functions differently than the LAN version.

For customers that already have a corporate portal for remote access users, the new software supports offloading SSL session processing from Web servers to the VPN Gateway hardware. This lifts a processing burden from Web servers and improves their performance.

In another area, Nortel has beefed up its support for extensible authentication protocol (EAP) that makes it possible to use switch ports to authenticate multiple users.