• United States

Alcatel switches gain security support

Aug 16, 20044 mins

Alcatel this week is expected to enter the fray of switch vendors looking to help users block viruses and network attacks.

Alcatel this week is expected to enter the fray of switch vendors looking to help users block viruses and network attacks.

On tap is a new Host Integrity Check software bundle from Alcatel and Sygate that can be used to check the security of PCs and can quarantine virus-infected clients into a secure network segment.

Alcatel also is releasing Automated Quarantine Engine, which works with intrusion-detection system (IDS) products to identify network threats and to shut off or contain a network attack through switch hardware.

Alcatel’s stackable OmniStack 6600 switches and its modular 7700- and 8800-series products will use a combination of 802.1X authentication technology and APIs from Sygate to block a virus-infected PC from accessing a corporate LAN. This product package requires Sygate’s Host Integrity Server, and anti-virus and client management software from Network Associates, Symantec or Trend Micro on the client side.

When an end user logs on, information about the PC is sent to a Sygate server, which checks anti-virus data profiles produced by client software on the PC. If end users are not up to date, they can be sent to a quarantine virtual LAN (VLAN) segment, which must be pre-configured on the Alcatel switches.

This technology is installed at Abilene Christian University in Texas, where it will be put to the test next week when students return for the fall semester.

“The Blaster virus really rocked our world in the first few days last fall when kids returned to school,” says Bob Neville, network director at the university. He says he and his staff spent days running around campus, physically tracking down students with infected machines and disconnecting them from the network.

Judging from tests he’s conducted on campus, the Alcatel products “will give us some time to deal with network [viruses] and intrusions before they proliferate and minimize the damage,” he says.

Under the system Neville has set up, users with infected machines would be notified of their infected status via a Web page message. The users then would be sent to a quarantine VLAN segment where they are kept from spreading the virus. This network segment also will host a virus and software patch server where users can get updated anti-virus definitions and have their machines scrubbed before getting back on the network.

Alcatel’s Automated Quarantine Engine adds the ability to enforce polices on network switches based on information gathered by third-party IDS equipment. The server-based software can communicate with IDS products from Fortinet, and open source SNORT_IDS servers and appliances, to identify network attacks and shut down the source of the attacks. When an IDS node senses an attack, Automated Quarantine Engine is notified and tells Alcatel switches to react, based on pre-configured policies. Access control lists can be turned on to block the traffic, or to isolate traffic into separate VLANs. Automated Quarantine Engine also can tell switches to shut down network access based on IP address or media access control address information on the attacking machine, Alcatel says.

The Alcatel products come after recent announcements of similar capabilities from Enterasys Networks and Cisco. Enterasys’ Trusted End System technology also uses Sygate products to identify untrusted endpoints via 802.1X messaging. It also includes server software for creating policies to deal with unsecure clients by shutting down access on Matrix LAN switches, or shunting traffic to secure VLANs.

Cisco’s Network Admission Control program uses software from leading anti-virus vendors to inspect client PCs. This lets a Cisco router with a special IOS load deny network access to unsecure clients. Cisco plans to announce the ability to quarantine untrusted clients via 802.1X and secure VLANs on its Catalyst switches in 2005.

The Host Integrity Check supports Windows 2000 and XP clients, and will support Apple Macintosh and Linux clients next year. No additional hardware or software from Alcatel is needed, but Sygate’s Host Integrity server, which costs $35 to $85 per seat, is required.

Pricing for Automated Quarantine Engine starts at $8,000 for midsize companies of around 500 to 1,000 users. The FortiGate products Alcatel will offer will range from $700 for small offices to $30,000 for an enterprise-class FortiGate 3600 system.