Enterasys floats its LAN security plan

Enterasys Networks this week will unveil its strategy for locking down enterprise LANs, which involves new and existing products and partnerships with enterprise security vendors.

The Dynamic Intrusion Response System (DIRS) is Enterasys' blueprint for integrating intrusion detection with LAN switching. DIRS creates an infrastructure that can identify malicious traffic and quarantine, or shut down, suspicious user network connections, the company says.

With its DIRS push, Enterasys also is taking aim at Cisco, which announced its Network Admission Control (NAC) program last fall. NAC works with third-party security products to automate shutdown or quarantining of suspicious network traffic on Cisco switches and routers.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Enterasys Networks this week will unveil its strategy for locking down enterprise LANs, which involves new and existing products and partnerships with enterprise security vendors.

The Dynamic Intrusion Response System (DIRS) is Enterasys' blueprint for integrating intrusion detection with LAN switching. DIRS creates an infrastructure that can identify malicious traffic and quarantine, or shut down, suspicious user network connections, the company says.

With its DIRS push, Enterasys also is taking aim at Cisco, which announced its Network Admission Control (NAC) program last fall. NAC works with third-party security products to automate shutdown or quarantining of suspicious network traffic on Cisco switches and routers.

On the new-product front, Enterasys is launching the NetSight Atlas Automated Security Manager, a software module for its NetSight Atlas network and policy management platform, that will incorporate intrusion detection with mechanisms in network gear that can enforce network polices. This will let suspicious traffic be redetected, slowed or blocked under user-defined circumstances, according to Enterasys. The Automated Security Manager will draw intrusion-detection information from Enterasys' Dragon brand of intrusion-detection system (IDS) server software and appliances.

Meanwhile, Lucent Professional Services, the consulting arm of Lucent, will sell and install the company's DIRS-based products. This group, which has 11,000 employees and about 2,350 carrier and enterprise customers, generated $1.8 billion in revenue for Lucent in 2003. Enterasys and Lucent also will work on co-developed security products, Enterasys says.

Using switches as a stopgap during security outbreaks became a practice last fall at the College of William and Mary in Williamsburg, Va.

"When Nachia and Welchia [viruses] first hit us, the ability to enforce polices" at the [LAN] edge was crucial, says Scott Fenstermacher, network manager at the college, which has Enterasys N Series switches at the LAN edge and NetSight Atlas Policy Manager installed.

These viruses, which used the Trivial File Transfer Protocol (TFTP) to replicate, easily were shut down, Fenstermacher says. A network policy on TFTP traffic patterns was downloaded to the Enterasys switches, which shut down TFTP traffic that has a pattern matching the behavior of the viruses. Network connections of infected users were cut off at the port, and administrators were notified of the events.

Enterasys' DIRS architecture includes NetSight Atlas Policy Manager, Dragon IDS and LAN switches. Together these devices and applications can identify bad traffic types, and rate limit or shut down flows based on 802.1x technology at the port level. Policies also can be configured in the system to route suspicious traffic to secured segments of the network - which Enterasys users sometimes call penalty boxes.

This type of security capability built into basic infrastructure boxes, such as switches, provides more filters on an enterprise network than stand-alone security products, says Enterasys President Mark Aslett.