Cisco Locks Down the Network
First among these is AutoSecure, a new command-line software module within Cisco IOS routers that effectively locks down routers when conditions warrant. Using a single command, network managers can instantly change the security profile of routers. This functionality shields data centers by disabling non-essential OS processes, reducing the likelihood DoS (denial of service) attacks and denying hackers knowledge of dropped packets.
AutoSecure enhances the router lockdown state by providing secure forwarding. This mechanism guards against IP spoofing, SYN (TCP synch packet) floods and man-in-the-middle attacks.
IP Solution Center 3.0 Security Technology Module caters to corporate networks with heavy security requirements. Designed to manage large-scale VPNs and firewalls, the software's control panel gives IT personnel the ability to deploy consistent network security policies and manage them across an enterprise.
Next is Cisco Security Device Manager (SDM) 1.0. This security management utility is embedded in the Cisco 830 to 3700 series of access routers. Featuring a graphical user interface and configuration wizards, the hardware allows operators to set up firewalls and initiate VPN services.
The software also helps reduce configuration mishaps and second-guessing by performing a security audit. SDM then provides router configurations based on ICSA Labs recommendations and information gathered.
On the reporting and forensic analysis front, the company introduced version 3.1 of CiscoWorks Security Information Management Solution. Based on netForensics technology, it provides event monitoring for heterogeneous network security resources.
Lastly, CiscoWorks VPN/Security Management Solution 2.2 (VMS) integrates technology from the recent acquisition of Okena, an intrusion prevention and firewall software provider. As a component of the CiscoWorks dashboard, it consolidates firewall management, network- and host- based intrusion detection management, and VPN monitoring for organizations with networks in multiple physical locations.