Network administrators will be able to put in place more safeguards
against attackers from inside an enterprise, as a result of a
series of enhancements to Cisco Systems' desktop switches.
The company said it will add software features for switches in its
Catalyst 3550 Series and 2950 Series that let administrators secure
their network management traffic, control access to company
resources and require user names and passwords from employees
logging on to the network.
The moves are part of an overall Cisco strategy to provide security
throughout the network, using both dedicated security appliances
and security capabilities that are built into other equipment. The
security functions now offered for the desktop switches, which are
the boxes where end users connect to the local area network (LAN),
are part of a blueprint for security that reaches from the edge of
the LAN into the service-provider network.
On some switches Cisco will add SSH (Secure Shell) and SNMP (Simple
Network Management Protocol) Version 3 technology for encrypting
network management traffic. Port-based ACLs (Access Control Lists)
that run at wire speed, without degrading performance, will keep
users away from restricted resources. In addition, Cisco is
extending the IEEE 802.1x standard for user authentication to
Catalyst 2950 Series switches with Standard Software Image.
Cisco will also add DHCP (Dynamic Host Configuration Protocol)
Interface Tracker to the 3550 Series. This provides an easier
mechanism for tracking down a DHCP (Dynamic Host Configuration
Protocol) user who may be connecting from an unauthorised
location.
"Although you may have been able to do something similar before, it
actually makes it doable from an administrator's standpoint," said
Ishmael Limkakeng, product line manager for Cisco's desktop
switching business unit.
Cisco has also enhanced its Cisco Secure URT (User Registration
Tool) software, allowing users to sign on to the network securely
with a Web browser, and added support for LDAP (Lightweight
Directory Access Protocol) authentication. URT can also work with
RADIUS (Remote Access Dial-in User Service) authentication on the
Cisco Secure Access Control Server. Available previously on the
3550 Series switches, URT has been added to the 2950 line.
In addition to introducing the new security software, Cisco has
unveiled the Catalyst 3550-24-FX-SMI which is equipped with 24
100Base-FX ports that carry Fast Ethernet traffic via multimode
fibre instead of copper. Snoopers cannot tap fibre in the same way
as copper and some service providers need the longer reach provided
by fibre, Limkakeng said. The switch is also equipped with two
slots for fibre or copper Gigabit Ethernet interfaces.