- What does Cisco have against Quebec?
- Attrition.org nails another nitwit
- Diary of a deliberately spammed housewife
- Seven cloud-computing security risks
- 20 great Windows open source projects
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
In July, Foundry Networks is expected to make available an upgrade to its LAN switch/WAN router network management software that adds the widely used open source Snort intrusion-detection and -prevention system to the product.
The integration of Snort into Foundry's IronView Network Manager (INM) 2.0 could help customers with Foundry-based LANs, wireless LANs or WANs detect intrusive network traffic and block access on a port level.
INM is Foundry's network-management and device-configuration tool, which runs on Windows-based servers. The software can be used to make widespread upgrades to any Foundry device on a network, as well as to monitor and troubleshoot Foundry gear. The software also acts as an sFlow collection node. Foundry's sFlow technology - which has been released as an IETF standard - runs on all Foundry network products. The technology is embedded in Foundry hardware and lets users capture massive amounts of packet header information by sampling headers from traffic flows and forwarding the information to an sFlow collector - an INM server.
By sampling packet headers, instead of just mirroring or forwarding all packets to an inspection device, sFlow lets the switches report on network traffic flows without taxing the devices or adding overhead to network bandwidth. The data collected from sFlow-enabled switches can show Layer 2-7 data, such as a packet's origin and destination, application traffic type, and other information, and give users a detailed view of what is going on in various traffic flows on the network.
In INM 2.0, Snort scans through packet headers and network traffic payloads to identify as many as several thousand known attack signatures and warning signs of a network intrusion - from basic SYN/ACK attack methods to the latest phishing intrusions. Running Snort on the INM server lets the IDS/IPS software analyze traffic on virtually every Ethernet and WAN port on the network, Foundry says, because Snort is inspecting sFlow data, which is a statistical representation of all traffic flows.
If Snort finds a match to an attack signature in any of the sFlow data, the INM server is programmed to take several actions. An alert can be sent to administrators via INM's e-mail alerting tool. Snort-enabled INM servers can be configured to isolate suspicious traffic flows onto a secure network segment, using virtual LAN technology.
Rss FeedRss Feed
3com 5500g is really very fast! - Anonymous
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Comment