Cisco updates security systems

NAC upgrade and two new security appliances provide single sign on and validation of user identities.

Cisco last week announced major enhancements to its unified threat management (UTM) and access control technology.

Cisco’s Network Admission Control (NAC) software has been upgraded to version 4.0, and there are two new Adaptive Security Appliances (ASAs): the ASA 5550 aimed at large corporates and the ASA 5505, aimed at the small office/home office market. There is also a new version of Cisco’s core network OS, Internetwork Operating System (IOS), designed to secure web services and voice over IP (VoIP).

Cisco security consultant Kevin Regan said NAC 4.0 improves automatic remediation to identify corporate assets and apply particular policies to them. “One of the major advances in NAC version 4 is the ability in Windows environments to assess a user identity with single sign-on and validate this against the user identity as defined in Active Directory. We can also now automatically launch Windows Update functions,” Regan said.

Customers can buy NAC on a dedicated appliance or they can provide their own and deploy the software themselves.

Regan said that the other major improvement in version 4 is the ability to support remote offices with a non-inline configuration that could be controlled from central offices. This could help distributed enterprises control remote or home worker access to applications.

To go with the new ASA 5550 and 5505 hardware, the software running on all 5500 series appliances has been upgraded to version 7.2, which strengthens the application layer firewall and voice application security, said Cisco.

The ASA 5550 can support up

to 5,000 IPSec and SSL VPN clients per appliance and up to 10 ASA units could be clustered to support up to 50,000 concurrent users.

Cisco also announced a new version of its core network hardware operating system, IOS 12.4(9)T, which can now track and rate-limit point-to-point traffic such as BitTorrent, eDonkey and Kazaa.

Cisco has also introduced an upgraded version of its NetFlow IP services protocol, called flexible NetFlow. Regan said this would give firms better capabilities for capacity planning and security reporting.