Network Security

‘We now have to deal with zero-hour damage’

Cisco's strategy for self-defending networks includes protection from known, unknown and DDoS attacks. To ensure this, Cisco is offering security mechanisms at various levels. K.C. Soh, Senior Manager, Advanced Technologies, Asia Pacific, Cisco Systems gives us the details. by Brian Pereira

Why has Cisco devised yet another security strategy? What's it all about?

Today's security paradigm is changing—it's no longer about point products. You don't put in a product and feel that you are protected. We are now talking about ‘zero-day attack’ or ‘zero-hour damage’. Which means, stopping an unknown attack as it happens.

Our self-defending strategy includes integrated security, industry collaboration with the anti-virus & alliance partners, and system level security.

We want to address customer concerns about security; this goes beyond point products. We will develop, partner, and acquire companies to provide technology to protect the network and what's around it (including the servers). Explain the concept of self-defending networks.

The concept of self-defending networks was announced at the end of 2003. The idea is to provide in-depth defense. It's about having different levels of security at different layers. One level is Threat Defense, where you look at solutions like firewalls (guarding the edge of the network), IDS (patrolling the interior), and the Cisco Security Agent (CSA).

CSA is a policy-based security software that resides on clients and servers. It warns you when there's a violation of policy. If the CSA detects abnormal behavior in the PC, it raises an alert and stops the attack. So you have a combination of signature based anti-virus software (for known attacks) and CSA behavioral based technology (for unknown attacks).

At other levels in this strategy map, you have Trust and Identity, Secure Communication, and Management.

What about protection from Distributed Denial of Service attacks?

While CSA protects the server from actions that do not comply with the security policy, it is not a solution for a distributed denial of service (DDoS) attack.

We are in the process of acquiring a company (and a technology for this). The company is called Riverhead and it offers a product that protects servers from DDoS attacks.

When the Riverhead security product (an appliance) detects the DDoS attack, it redirects all the bad DDoS traffic out of the network—and allows only the good traffic to pass through, and reach the server.

So, known threats will be blocked by signature based anti-virus; unknown threats will be tackled by CSA (based on behavior). DDoS attacks will be handled by the Riverhead appliance.

Comment on the integration of Cisco security technologies with those of commercial security products.

We are working closely with three major anti-virus companies and building technology that will prevent clients and servers from connecting to the network—unless their anti-virus software is updated.

We are providing the three anti-virus vendors with Cisco Trusted Agent and they can integrate it into their solutions. These products will interface with Cisco IOS networks. The anti-virus agents will communicate with Cisco IOS to report the status level (availability of new signatures and so on). And IOS network will determine whether they have permission to enter the network (network admission control.)

Network Admission Control (NAC) means controlling PCs (or servers) that attempt to become a part of the network.

How does an organization make its existing network a self-defending one?

NAC will be available on the new release of IOS software. The end-point security like CSA involves installing a piece of software on desktops and servers, and for integrated security the trend is to put more firewalls and IDS functionality on servers and routers. For existing Cisco customers it means installing or upgrading software, maybe putting in an additional card into the router—and they will have all these features.

Brian Pereira can be reached at brianp@networkmagazineindia.com