Cisco Beefs up Switch Security

Cisco Beefs up Switch Security

Matt Hicks

Cisco Systems Inc. is adding new security features to its local area network switches in an attempt to help enterprises prevent internal security threats.

Cisco, of San Jose, Calif., announced today a series of IOS system software enhancements to its Cisco Catalyst 3550 and 2950 Series Ethernet switches. They focus on making network administration more secure, beefing up user authentication and improving security management. They help prevent breaches such as network sniffing and data theft that can occur from internal users, said Ishmael Limkakeng, product line manager for Cisco’s desktop switching.

“We’ve seen not only malicious theft, but also people who are just curious and happen to stumble upon the ability to see HR information or product planning information that should be kept close to the vest,” Limkakeng said.

The software upgrade, which is free for the switch customers, adds additional encryption to prevent unauthorized access to password and configuration information from administration sessions through support of the Secure Shell (SSH) and SNMPv3 (Simple Network Management Protocol) protocols, he said.

To strengthen user authentication, the software update is enabling support for more extensions in the 802.1x standard, which is already supported on the switches, as well as providing a Dynamic Host Configuration Protocol (DHCP) Interface Tracker to locate users. The upgrade also allows network administrators to restrict network access through a set of port-, virtual LAN- and router interface-based Access Control Lists (ACLs), officials said.

To ease management, Cisco is adding a Security Wizard to its Cluster Management Suite that allows users to configure and troubleshoot Catalyst switches using a Web browser.

Along with the software upgrade, Cisco launched another Catalyst 3550 to support multimode fiber environments and a new 1000BaseT Gigabit Interface Converter (GBIC). The Catalyst 3550-24-FX-SMI provides 24 100BaseFX multimode fiber ports and two GBIC-based Gigabit Ethernet ports in a rack stackable unit. It is available now and costs $5,495.

The new GBIC is compatible with a full range of modular and desktop switches and is available now for $395.

Cisco’s Secure User Registration Tool is gaining some new capabilities as well. The update provides Web-based logon capabilities to the tool for most commonly used client operating systems and provide authentication support for both lightweight directory access protocol (LDAP) and Remote Access Dial In User Service (RADIUS) directories.

Related Stories:

Cisco Rolls Out Switches, Software Upgrades

Cisco on Guard

Copyright © 2002 Ziff Davis Media Inc. All Rights Reserved. Originally appearing in eWEEK.