N+I: Cisco targets Web services security

Cisco Systems has made Web services a key concern as it unveiled a range of initiatives that aim to integrate security more...

Cisco Systems has made Web services a key concern as it unveiled a range of initiatives that aim to integrate security more deeply into network infrastructures.

Executives revealed the plans yesterday in a question-and-answer session at the Networld+Interop Show in Las Vegas after a keynote address from John Chambers, Cisco's president and chief executive.

Mike Volpi, senior vice-president for Cisco's Internet Switching and Services Group, said that the rapid growth of Web services, designed to allow systems in different companies and departments to interact machine-to-machine to deliver business processes automatically, will raise both network congestion and security issues.

Bob Gleichauf, chief technology officer of Cisco's VPN and Security Business Unit, said: "You have the IT departments in conflict with the people who are running the business and new offerings in companies."

For example, Web services could utilise HTTP (Hypertext Transfer Protocol) as an envelope and use Port 80, typically used for Web-page traffic, Gleichauf said.

"Clever people are starting to use that not only to send valid traffic but to effectively use it as a conduit for [malicious] misuse . . . and the firewall isn't in its current form necessarily well suited to deal with that," he added.

Gleichauf cited the need for deep packet inspection, a computation-intensive technique that most network equipment today is not designed to do, because it is designed to make decisions based on certain kinds of packet header information.

Greater network intelligence also is needed to provide functions such as load-balancing of Web services traffic, based on XML (Extensible Markup Language), Volpi said.

Cleichauf said that enterprises have, so far, balked at security by not budgeting it into their networks, adding that Cisco aims to make it an integral part of a company's IT services.

If companies are to realise productivity gains from IT, chief information officers need to embrace technology that benefits the business while also maintaining security, Chambers said.

"They can't just be the traffic cops or policemen or women, they have to say, 'How do you do this in parallel?', " he said.

Read more on IT risk management