RSA: HP finds place for virus throttling

By Paul Roberts , Network World , 02/21/2005

Share/Email
Tweet This
Comment
Print

New technology on servers and switches from HP could slow virus outbreaks on computer networks that use the HP products.

HP last week announced commercial implementations of technology it calls virus throttling that can slow the rate viruses and worms spread in a corporate network. HP is offering the virus-throttling software for ProLiant Servers and ProCurve Networking by HP 5300 series switches. HP also unveiled the Security Containment software suite, which locks down software applications that have been compromised, says Tony Redmond, head of HP's Security Office.

WatchGuard ROI Calculator: Download now

The software delivers on technology HP unveiled last year at the RSA Conference and is part of HP's program to develop technology that keeps computer networks operating in the event of fast-moving attacks. HP will demonstrate both technologies next week at the 2005 RSA Conference in San Francisco, Redmond says.

Virus throttling is a technology developed at HP Labs, the company's research facility, which can spot systems on a computer network that are attempting to make a large number of network connections, a common symptom of virus infection. After identifying an infected system, the software notifies administrators and automatically chokes off, or "throttles," outbound connections from it. This keeps the system online, but prevents the virus from spreading rapidly, Redmond says.

Related Content

Virus throttling won't prevent infected computers from communicating with other systems on a network, but it will keep them from bogging down other computers and applications, and let legitimate traffic circulate.

"If you have a mistake in your firewall or [intrusion-detection system] and a virus gets through, it can wreak havoc in your corporate environment," Redmond says. "Administrators can find it difficult to cope, trying to swim upstream against a mass of viruses that are trying to connect at hundreds or thousands of connections a minute."

The virus-throttling feature is available on ProLiant servers running Windows 2000 or 2003 Server, as part of the ProLiant Essentials Intelligent Networking Pack, which costs $149. The feature is also available as a free download for ProCurve Networking 5300 switch customers that have active maintenance and support agreements. HP says it hopes to add the virus throttling features to more of its switches in the future, Redmond says.

Making VoIP safe
VoIP promises high-quality phone calls and the possibility of blending voice and data to create richer conferencing, but is the technology as safe from attack as traditional voice?

Challenge	Strategy
Surges in data traffic can diminish voice quality on a converged LAN.	Install routers that support QoS and place voice and daa gear on separate virtual LANs or even separate LANs.
Compromised network gear can leak voice conversations to unfriendly parties.	Practice sound network security to protect the infrastructure, and consider encrypting voice calls so even if they are captured they cannot be understood.
VoIP traffic can have trouble getting through firewalls.	Evaluate current firewalls and upgrade to one that handles network address translation problems, or use separate session border controllers to deal with the problem.
Like other parts of a network infra-structure, VoIP gear is susceptible to being com-mandeered by unauthorized users.	Separate management traffic from voice traffic to minimize the number of devices that have access to VoIP control planes in call servers.

Click to see:

HP also announced the HP Security Containment suite, a software package for systems running the HP-UX 11iv2 operating system. It lets administrators create secure virtual environments that prevent damaged or hijacked applications from affecting applications or files elsewhere on the server, Redmond says.