N+I Preview: Security's a Focus

by Jacqueline Emigh

Vendors will demo a lot of security products at this year's NetWorld+Interop, as this first of a two part look at what's up in Las Vegas shows.

With security a top concern for so many organizations, vendors will demo lots of new security products at next week's Networld + Interop (N+I) show in Las Vegas. Net administrators and other attendees will see offerings ranging from "proactive" intrusion detection to 802.11x wireless security software and probes for dealing with SNMP vulnerabilities.

A start-up called Vsecure Technologies Inc. will introduce NetProtect Enterprise, a "proactive security appliance" that uses fuzzy logic to guard against network intrusions.

"We've been in stealth mode. Now we're coming into the limelight," maintained Joe Krull, VP of technology for the Israeli-based company. According to Krull, NetProtect uses network traffic analysis technology developed in Israeli and US military organizations to pinpoint, isolate, and block suspicious connections.

Vsecure's paid customers in Israeli include the Israeli electric company; a large pharmaceutical chain; several other corporations; and the Web hosting company that hosted the Web portal for the "Israeli Olympics," the Maccabiah Games.

According to Krull, during the Israeli games, NetProtect blocked more than 20,000 incursion attempts from 1,500 different sources, while allowing more than 2.5 million legitimate users to access the portal. The Web hosting firm did not use a firewall, relying only on NetProtect for screening out intruders.

"The first generation of IDS (intrusion detection systems) were like burglar alarms. They'd send an alarm to your pager, or whatever, if it seemed like someone was trying to break into the network. A lot of companies bought these systems, but never used them," Krull contended.

"Current products in 'generation 1.5' are tied to routers and firewalls, which can be difficult to configure. They try to match what's happening on the network to signature databases. Network security managers try to set thresholds to acceptable levels. The trouble is that there are lots of false alarms," according to Krull.

NetProtect, on the other hand, looks at all network traffic going across the line, isolating and blocking any connections that seem suspicious. "A lot of times intruders will probe first by doing scans, for example. So we'll isolate that connection. We use a gradual (approach) to blocking. First we block a connection temporarily. Then, if the connection still appears suspicious, we keep blocking it. We block by connection, instead of by IP address. If several hundred people from a corporation are trying to connect to you, it's quite possible that only one individual has malicious intent. We can handle up to 300,000 stateful connections," he said.

NetDetect is able to examine layer 2 through layer 7 traffic. The "self-learning" system also produces reports about "types of attacks, as well as what kinds of software and other tools were used in the attack." The device can be set to generate reports only, without blocking traffic. The RISC-based box be set up anywhere on the network, either with or without a firewall.

In the US, three companies are now beta testing NetDetect: a Fortune 100 firm; a systems integrator; and an MSSP (managed security services provider), according to Krull. "We're going to N+I because we want as many people as possible to try this system," he said. The IDS appliance is priced at about $22,000.

Also at N+I, SimpleSoft will demo SimpleSleuth, a new SNMP probe meant to let net administrators test SNMP v1, v2c, and v3 implementations, including patches from software vendors, for vulnerability to denial-of-service (DoS) attacks.

SimpleSoft is a Mountain View, CA-based player in SNMP test and simulation tools. Released this week, SimpleSleuth comes in a response to a February CERT advisory that warned about SNMP security holes.

"These vulnerabilities may cause denial-of-service conditions, service interruptions, and in some cases may allow an attacker to gain access to the affected device. Specific impacts will vary from product to product," according to the CERT report.

Anti-virus software makers such as Trend Micro and Panda Software will also be on hand at N+I. Panda, for instance, will launch two new products: Panda Antivirus Enterprise Suite, for protecting proxy servers; e-mail servers; file servers; and firewalls; and Panda PerimeterScan, for gateways, firewalls, and other devices on the corporate perimeter.

Meanwhile, members of the WLAN (Wireless Local Area Network) Security Initiative will hold a technology demo. One participant, Meetinghouse Data Communications, Inc., will show its 8021.1x AEGIS Client, a PC client that supports emerging EAP-MD5 and EAP-TLS wireless security protocols.

Vendors will also roll out security solutions for OEMs and service providers that can ultimately benefit net administrators. Corrent, for example, will show SSL and IPSec boards, designed to boost efficiency by offloading security-related jobs from systems processors. Corrent's new Secturion products will be available as PCI cards as well as in a PMC form factor used in network appliances and other embedded equipment. Corrent expects to name OEM customers for the security boards during the third quarter, a company spokesperson said.

Quarry Technologies will show switching bundles for use by providers in delivering VPN and stateful firewall services. Quarry's partners include SafeNet, maker of Soft-PK VPN client access solutions; RSA Security, producer of SecurID remote user authentication services; and XACCT Technologies, a company specializing in service mediation for billing.

Other security vendors exhibiting at N+I will include Trend Micro; Network Associates; CheckPoint Software; NetScreen; Internet Security Systems (ISS); BlueSocket; VeriSign; CyberGuard; Cavium Networks; and WatchGuard, for example.

» See All Articles by Columnist Jacqueline Emigh

This article was originally published on Thursday May 2nd 2002