Next-Gen Nets Need Next-Gen Security

The news this week that Cisco's proprietary source code for its Pix firewall software is up for sale to the highest bidder certainly isn't welcome by network administrators anywhere. A shadowy group describing itself as the Source Code Club (SCC) offered the code for sale on Usenet to any taker for $24,000, and while it's not clear whether the group actually had its hands on the code, administrators are taking the threat seriously.

If that wasn't bad enough, Cisco also announced that many of its routers and switches are vulnerable to Denial of Service (DoS) attacks.

The events are an uncomfortable reminder that no network is absolutely secure. And it's also a reminder that one of the greatest roadblocks to new technologies such as WLANs , IP telephony, and Voice over Wireless Networks (VoWLAN) isn't a technological one, or even one having to do with price. It's simple security.

Consider this: A recent survey by Infonetics Research found that security is the biggest obstacle to WLAN adoption. That shouldn't be a surprise to anyone, because WiFi's WEP encryption is notoriously insecure. And even the much-stronger WPA encryption scheme was recently cracked.

That's not to say that network vendors are sitting back and waiting to be victimized. In fact, the opposite is true. At a recent teleconference about its quarterly earnings, Cisco emphasized that it sees security as a growth opportunity, and is throwing significant resources at it, expecting a significant payback. It also recently expanded its family of network security offerings by buying Perfigo, Inc., a developer of packaged network access control solutions for a cool $74 million.Recognizing that the future is in the convergence of voice, video, and data, Cisco is making a big bet on converged networks - and it's strengthening the security of those networks as well. Several weeks ago, it enhanced its IP telephony security with the launch of CallManager 4.1, which provides voice media and signaling encryption for new and currently installed 7940G and 7960G IP telephones. The new media encryption features will shield IP voice conversations from eavesdropping, while signal encryption protects against tampering with the signaling packets, such as denial of service attacks. The release is part of Cisco's effort to lock down security across much of its IP telephony line.

Of course, Cisco isn't alone in introducing new-generation networking security products and services. AT&T for example, announced that it has added worm and virus protection to its Internet Protect service network-based firewall that lets businesses protect themselves from a variety of threats without having to deploy firewalls at each of their locations.

Nokia just released the newest version of its SSL VPN, which gives remote users secure network-level access, including access to business applications, data, and network services. And MCI rolled out a new IP VPN service, IP VPN Broadband, a managed solution that encrypts the traffic between remote locations and corporate headquarters over MCI's DSL offerings.

It's not only the big names that have introduced new security products. A host of smaller companies recognize that next-generation network services require next-generation network security. One of the more intriguing ideas is the use of Open Source to tackle network security. TippingPoint Technologies has introduced Tomahawk, an open source testing tool designed to evaluate the capabilities of network-based intrusion prevention systems (IPS). It protects VoIP infrastructure, routers, switches, DNS and other critical infrastructure from targeted internal and external cyber attacks and traffic anomalies.

The existence of security problems doesn't mean that enterprises should stop investigating next-generation networking capabilities. But it does mean they should be looking to Cisco and other vendors to provide security along with all the new whiz-bang features as well.Hackers Offer To Sell Cisco Firewall Source Code
Group calling itself the Source Code Club offers Pix firewall software for $24,000 on Usenet newsgroup.

Cisco Warns Routers And Switches Are Vulnerable To Denial Of Service Attacks
Cisco releases an advisory warning that certain devices running IOS Version 12.2S can be disabled by hackers.

Cisco Enhances IP Phone Security
New version of Cisco's IP telephony system provides voice media and signaling encryption.

Cisco Unveils Dual-Band APs, Beefs Up Security
Cisco adds 802.11i and WPA2 security to new 802.11a/g access points and intrusion detection to its SWAN framework.

TippingPoint Releases Open Source Network Protection Tool
Software provides application protection, performance protection, and infrastructure protection at gigabit speeds. AT&T Adds Worm And Virus Protection To Firewall Service
Lets businesses protect themselves from a variety of threats without having to deploy firewalls at each of their locations.

Cisco Adds To Security Offerings With Perfigo Purchase
Buys privately held Perfigo, Inc., a developer of packaged network access control solutions.

MCI Rolls Out New DSL, IP VPN Services For Businesses
MCI' releases IP VPN Broadband, a managed solution that encrypts the traffic between remote locations and corporate headquarters over MCI's DSL offerings.

Nokia Releases Newest Version Of SSL VPN
New Secure Connector feature gives remote users secure network-level access, including access to business applications, data, and network services.

DEEP BACKGROUND Survey: Voice Over WLAN Use To Skyrocket 450% By 2006
Study also finds that WLANs have become mainstream as security barriers are overcome.

Funk Software Releases WiFi Secure Access Client With WPA2 Support
Upgrade to Odyssey Client also adds support for the WLAN protocols EAP-FAST and EAP-SIM, and Microsoft machine credentials.

Report: IP VPN Use Will Skyrocket In 2005
Forrester says 82% of companies already use them, up from 55% in 2003

Stonestreet Intros Firewall And VPN Optimized For Mobile Users
Targets mobile users by supporting dynamic IP addresses on firewall interfaces and the forwarding of dynamic IP requests through the firewall.