Security Drives Cisco's Self-Defending Bottom Line

by Michael Hall

Network News Break: The razor business is about razorblades, and the router business, apparently, is now about services: Cisco's unveiled a new price structure for the previously no-cost Firewall Services Module. Also: A popular piece of wireless gear from Linksys is sporting a moderately severe security hole, Google's updating its search appliance, and Nortel says VoIP and 3G are driving sales higher than expected.

Main     Elsewhere     The Week in CrossNodes     The Week in Network News

Anyone who's been around computing for a while probably remembers scoffing at the latest and greatest in speed and memory advances over the years as insane advances in tech nobody would ever need. We like to jeer at Bill Gates' infamous (and likely never spoken) "640k should be enough for anyone" quote, but probably had a few "They're calling it the ... get this ... 486 ... and it's supposed to be, like, 66Mhz or some crazy number. What am I gonna do with that?" ourselves.

Decades down the road of widespread computing and networking, "faster" and "more efficient" are pretty much taken for granted. No one thinks to jeer because the chances are good that we're thinking of where that extra power can go, whether it's on a workstation in the form of extra speed and memory, or on our nets in the form of more bandwidth and faster routing. No one pays much attention because the packets and bits are moving plenty fast and we've got other things to worry about. Maybe, once VoIP takes hold, we'll start hoping for more from our network hardware. In the mean time, other considerations are more worrisome.

If you need proof of that, consider today's announcements from Cisco regarding the Firewall Services Module in its Catalyst 6500 switches. When first unveiled a year-and-a-half ago, the FSM was a free add-on that saw periodic updates. As of today, pricing for a 20-firewall license will set you back $12,500 while a 100-firewall license runs at a discount: $45,000.

The new pricing scheme moves the revenue stream from the hardware itself, well loved and considered essential among enterprise networkers, to the services riding on top of it.

This isn't a new trend. Sun's own Jonathan Schwartz has spent the last week echoing this sentiment on the server side, as Sun moves from pushing high-end server hardware to trying to compete in the much more tricky commodity whitebox market with tightly integrated apps and services. More to the point, Cisco is zeroing in on the biggest concern going, which is network security. Cisco clearly perceives this concern as overriding any love of free beer among its customers. Having softened us up with ads about adorable little girls unleashing a hellstorm of viral mayhem in daddy's network, it's time to make the sale. Like Sun, the question becomes how well Cisco can compete in a well-established software market.

Here's all the pricing data from that announcement:

20 Virtual Firewalls License     $12,500
50 Virtual Firewalls License     $25,000
100 Virtual Firewalls License     $45,000
Cisco Guard XT 5650    $90,000
Cisco Traffic Anomaly Detector XT 5600    $45,000

The last two items, the Guard XT 5650 and the Traffic Anomaly Detector XT, are network security appliances picked up in Cisco's recent acquisition of Riverhead Networks. They're aimed at protecting nets from DDoS attacks.


» It seems there's a security bypass flaw in Linksys' WRT54G Wireless-G Broadband Router:

Independent technology consultant Alan W. Rateliff discovered the flaw during a client installation of a Linksys WRT54G Wireless-G Broadband Router. After reporting the vulnerability to Linksys, Rateliff posted a warning on a public mailing list that even if the remote administration function is turned off, the router provides the administration Web page to ports 80 and 443 on the WAN.

The implications are obvious: out of the box the unit gives full access to its administration from the WAN using the default or, if the user even bothered to change it, an easily guessed password," he said.

Secunia says it's a "moderately critical" hole. Here's the original warning from Mr. Rateliff.

» Google is boosting its search appliance to handle, according to the company, up to 300 queries per minute, and index 1.5 million documents.

» Nortel, recovering from an accounting scandal, reports that converged network equipment, including VoIP and 3G gear, are buoying sales this year.

The Week in Network News

» Monday: Network News Break: No WLAN On Your Nets? Wi-Fi Security's Still a Concern

Even if you don't even have a WLAN operating on your nets, the combination of cheap, consumer-friendly Wi-Fi gear and lousy security interfaces can cause problems. Also: AT&T says it can see DDoS attacks from a mile off, Intel releases Centrino drivers for Linux, and anti-virus vendors report there are still viruses in the world.

The Week in CrossNodes

» Three LDAP Browsers for the Asking

Getting your information in a directory is just half the battle: The other half is finding it. Here are three LDAP browsers, free of charge and up to the task of digging through your data.

» FaceTime Makes IM as Safe as Talking Face-to-Face

With IM use at critical mass and growing, security and privacy challenges abound. FaceTime's enterprise-grade server suite monitors, archives, and analyzes IM traffic for thousands of users without requiring thousands of admin hours.

» Scripting Clinic: Dissecting a Live Python... Script

By examining a working script line by line, this edition of the Scripting Clinic shows you how to put your own scripts together and exposes a few Python quirks along the way.
» Pack-Rats by Law: A Message Archiving Primer
With the Sarbanes-Oxley Act, messaging archives have gone from a voluntary tic among pack-rat users to a regulatory necessity. Here's how to crate up the correspondence without overloading your LAN.
Network News Break is CrossNodes' daily summary of networking news and opinion, served up fresh daily. Please send your comments and suggestions to the editor.
This article was originally published on Wednesday Jun 2nd 2004