N+I Preview: Security’s a Focus


With security a top concern for so many organizations, vendors will
demo lots of new security products at next week’s Networld + Interop
(N+I) show in Las Vegas. Net administrators and other attendees will
see offerings ranging from “proactive” intrusion detection to 802.11x
wireless security software and probes for dealing with SNMP
vulnerabilities.


A start-up called Vsecure Technologies Inc. will introduce NetProtect
Enterprise, a “proactive security appliance” that uses fuzzy logic to
guard against network intrusions.


“We’ve been in stealth mode. Now we’re coming into the limelight,”
maintained Joe Krull, VP of technology for the Israeli-based
company. According to Krull, NetProtect uses network traffic analysis
technology developed in Israeli and US military organizations to
pinpoint, isolate, and block suspicious connections.


Vsecure’s paid customers in Israeli include the Israeli electric
company; a large pharmaceutical chain; several other corporations; and
the Web hosting company that hosted the Web portal for the “Israeli
Olympics,” the Maccabiah Games.


According to Krull, during the Israeli games, NetProtect blocked more
than 20,000 incursion attempts from 1,500 different sources, while
allowing more than 2.5 million legitimate users to access the
portal. The Web hosting firm did not use a firewall, relying only on
NetProtect for screening out intruders.


“The first generation of IDS (intrusion detection systems) were like
burglar alarms. They’d send an alarm to your pager, or whatever, if it
seemed like someone was trying to break into the network. A lot of
companies bought these systems, but never used them,” Krull contended.


“Current products in ‘generation 1.5’ are tied to routers and
firewalls, which can be difficult to configure. They try to match
what’s happening on the network to signature databases. Network
security managers try to set thresholds to acceptable levels. The
trouble is that there are lots of false alarms,” according to Krull.


NetProtect, on the other hand, looks at all network traffic going
across the line, isolating and blocking any connections that seem
suspicious. “A lot of times intruders will probe first by doing scans,
for example. So we’ll isolate that connection. We use a gradual
(approach) to blocking. First we block a connection temporarily. Then,
if the connection still appears suspicious, we keep blocking it. We
block by connection, instead of by IP address. If several hundred
people from a corporation are trying to connect to you, it’s quite
possible that only one individual has malicious intent. We can handle
up to 300,000 stateful connections,” he said.


NetDetect is able to examine layer 2 through layer 7 traffic. The
“self-learning” system also produces reports about “types of attacks,
as well as what kinds of software and other tools were used in the
attack.” The device can be set to generate reports only, without
blocking traffic. The RISC-based box be set up anywhere on the
network, either with or without a firewall.


In the US, three companies are now beta testing NetDetect: a Fortune
100 firm; a systems integrator; and an MSSP (managed security services
provider), according to Krull. “We’re going to N+I because we want as
many people as possible to try this system,” he said. The IDS
appliance is priced at about $22,000.


Also at N+I, SimpleSoft will demo SimpleSleuth, a new SNMP probe meant
to let net administrators test SNMP v1, v2c, and v3 implementations,
including patches from software vendors, for vulnerability to
denial-of-service (DoS) attacks.


SimpleSoft is a Mountain View, CA-based player in SNMP test and
simulation tools. Released this week, SimpleSleuth comes in a response
to a February CERT advisory that warned about SNMP security holes.


“These vulnerabilities may cause denial-of-service conditions, service
interruptions, and in some cases may allow an attacker to gain access
to the affected device. Specific impacts will vary from product to
product,” according to the CERT report.


Anti-virus software makers such as Trend Micro and Panda Software will
also be on hand at N+I. Panda, for instance, will launch two new
products: Panda Antivirus Enterprise Suite, for protecting proxy
servers; e-mail servers; file servers; and firewalls; and Panda
PerimeterScan, for gateways, firewalls, and other devices on the
corporate perimeter.


Meanwhile, members of the WLAN (Wireless Local Area Network) Security
Initiative will hold a technology demo. One participant, Meetinghouse
Data Communications, Inc., will show its 8021.1x AEGIS Client, a PC
client that supports emerging EAP-MD5 and EAP-TLS wireless security
protocols.


Vendors will also roll out security solutions for OEMs and service
providers that can ultimately benefit net administrators. Corrent, for
example, will show SSL and IPSec boards, designed to boost efficiency
by offloading security-related jobs from systems processors. Corrent’s
new Secturion products will be available as PCI cards as well as in a
PMC form factor used in network appliances and other embedded
equipment. Corrent expects to name OEM customers for the security
boards during the third quarter, a company spokesperson said.


Quarry Technologies will show switching bundles for use by providers
in delivering VPN and stateful firewall services. Quarry’s partners
include SafeNet, maker of Soft-PK VPN client access solutions; RSA
Security, producer of SecurID remote user authentication services; and
XACCT Technologies, a company specializing in service mediation for
billing.


Other security vendors exhibiting at N+I will include Trend Micro;
Network Associates; CheckPoint Software; NetScreen; Internet Security
Systems (ISS); BlueSocket; VeriSign; CyberGuard; Cavium Networks; and
WatchGuard, for example.


»


See All Articles by Columnist
Jacqueline Emigh

News Around the Web