Cisco adds switch security
- By Brian Robinson
- Jun 24, 2002
Cisco Systems Inc. this month introduced enhanced security options for its Catalyst 3550 and 2950 Series Intelligent Ethernet switches, aiming to give midsize organizations the ability to provide security usually associated with enterprise-class networks.
The security features are based on Cisco's Safe enterprise security strategy, which the company created to help customers decide which security measures they need to protect their networks.
For example, the Cisco Cluster Management Suite, which is included in each of the switches, includes security wizards that enable administrators to restrict user access to specific servers or segments of the network. Access control lists enable them to control access based on a mix of policy-based criteria.
The enhancements, observers say, represent a new approach for the company. Although Cisco has taken such steps as embedding firewalls in its routers and switches, it has not had extensive security offerings, especially in the low- and midrange network market.
"If you look at it from the point of view of hardware and software vendors, Cisco has historically not been a software company," said Martha Young, research director for Enterprise Management Associates. "But Cisco is definitely trying to morph itself to offer more of these software security products."
The new midlevel security offerings are an expansion of what Cisco has been trying to do for its larger customers, according to Joel Conover, senior analyst for information technology infrastructure at Current Analysis.
"Cisco has developed the Safe program over just the last year and has really been looking at how it can provide its enterprise customers with a more complete kind of security," he said. The recent announcement "is one extension of that."
Networks that include "intelligent" Ethernet switches are seen as one of the more promising market segments for Cisco and other equipment vendors given the growing need for higher performance networks to handle the demands of future multimedia traffic.
Ethernet, though relatively simple to manage, is a shared-bandwidth technology, so each desktop user on a network ends up with considerably less bandwidth than the maximum available.
Intelligent Ethernet switches provide a dedicated connection to each desktop, so that each client on a 100 megabits/sec Fast Ethernet network, for example, theoretically would be able to tap into the full bandwidth.
However, using intelligent switches also increases the complexity of network management, something that resource-challenged midsize organizations, which Cisco defines as fewer than 1,000 users, are loathe to take on.
That is where Cisco hopes its modular, easy-to-use, but comprehensive approach to security will give it an advantage.
"These midsize customers, in particular, look to us to provide a complete security package, because they don't have the budget or resources to use a separate administration product," said Ishmael Limkakeng, product line manager for Cisco's desktop switching unit. "We've have a lot of security features in our products, but so far we haven't articulated our strategy very well."
And that is much more important in the current market, according to Current Analysis' Conover, because "features like security are becoming a prerequisite to a sale. It's become a check box item that vendors need to even make the shortlist" on procurements.
Cisco believes its products will find a ready acceptance within government as its customers increasingly deploy comprehensive packaged security solutions such as those Cisco offers. But "the key is bringing these technologies together to form an enterprise solution that is seamless to the user, and functional from the standpoint of manageability, and is survivable and responsive," said Ken Albanese, senior systems engineering manager for Cisco Federal.
Robinson is a freelance journalist based in Portland, Ore. He can be reached at [email protected]
Securing the link
Select security features available for Cisco System Inc.'s Catalyst 3550 and 2950 Series Intelligent Ethernet switches:
* Access control lists enable network administrators to restrict network access based on multiple criteria and improve user-segmentation capabilities.
* Cisco Cluster Management Suite software allows users to simultaneously configure and troubleshoot multiple Catalyst desktop switches using a standard Web browser. The suite includes a security wizard that enables administrators to restrict user access to specific servers or segments of the network in a few simple steps.
Brian Robinson is a freelance writer based in Portland, Ore.