Cisco Systems Inc. last week released new software and hardware aimed at shoring up security on the user end of a remote access VPN connection.
Cisco’s VPN Client software and VPN 3002 Hardware Client could be used to add personal firewall capabilities to remote office users’ or teleworkers’ PCs, making it harder for hackers to gain access to a network by breaking into an insecure remote client. The software also makes it possible to access a VPN from inside a firewall-protected network.
Version 3.5 of Cisco’s VPN software includes personal firewall technology from Zone Labs. The client software can be configured with Cisco VPN equipment at a central site so that only clients with the firewall software activated can access the network. Firewall policies and other VPN settings can be configured at a network headquarters, and sent to a client machine when the PC logs on.
The client now supports VPN logon access with smart cards – credit card-sized appliances that generate one-time-use passwords. The client also supports Windows NT password expiration – a commonly used NT server security function, which requires users to enter a new password after a set number of days so old passwords can’t be misused.
Another feature adds support for IP Security/TCP, which makes it possible to establish a VPN tunnel to a corporate network while behind a firewall or router using network address translation (NAT). NAT hides the IP address of the machines trying to establish tunnels and can derail the IPSec VPN authentication process. The new feature lets a laptop connect to a VPN through a corporate firewall by wrapping up VPN traffic inside TCP packets that can be easily unwrapped to reveal the true source of IP addresses, avoiding the NAT problem.
Version 3.5 of Cisco’s 3002 Hardware Client now supports individual user sign-on for VPN access. This could be used in a remote office, where a 3002 Hardware Client is used to give VPN access to multiple PCs. The new software would require all clients to authenticate to the local hardware client, which then proxies authentication to a centrally located VPN gateway.
The new Cisco products will compete with offerings from Avaya, Enterasys Networks, Nortel and others.
Cisco’s new VPN hardware and software clients are available now as a free upgrade for existing customers.
Cisco can be reached at http://www.cisco.com.