Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cisco Working to Block Viruses at the Router

Posted by michael on from the license-to-surf dept.

macmouse writes "The San Francisco Chronicle has an article about Cisco and Anti-Virus companies working together to block viruses at the ISP (Router) level. It sounds like they will be using traffic shaping to block malicious traffic. Looking at it in an negative light however, it might mean that your required to have anti-virus software installed in order to use the internet. This can be a *big* problem for *nix/mac users which normally don't need or use AV software. Not to mention, being forced to purchase software from 'company x,y or z' in order to get online, regardless of platform. Hopefully, this is not going to happen."

7 of 369 comments (clear)

  1. Perhaps no software needed... by DavidpFitz · · Score: 5, Insightful

    The article doesn't say that client software is required at all... it says that after some checks the user may be prompted to download some software (presumably from an internal source) before it can connec to the internet.

    However, if this original check is just done by some network secutiry checking (ie. looking to see if there is a vulnerable version of SSH or a misconfigured IIS etc) then all that would needed to be done would be to fix the potential exploit rather than install a piece of client software.

    Potentially, this would just be like running nmap and other similar tools against the machine in question to test it out fot net-worthiness.

    It could also check for open mail relays, which could help in the Fight Against Spam (tm).

    D.

  2. I work for an ISP... by Cytlid · · Score: 5, Insightful

    ... and got my CCNA in June. We have a saying... "Let routers route and servers serve." Anti-virus is clearly a IT problem, but it's also a server responsibility. Not a router responsibility. I can't imagine supporting this. Every once in a while, we get someone (customer, whomever) who says "Oh! This new virus works on port 7654! Please block port 7654!" ... then I say "What happens if I run my website on port 7654? You can't get to it?". Limiting the function of a routing device because it might carry malicious code on an application level is a bad idea. This isn't a solution to the problem, this is another band-aid.

    --
    FLR
  3. Re:LAN Systems by arth1 · · Score: 5, Insightful

    Also, how will the router check the security of devices where desktop security doesn't apply, like routers, printers, proxy servers, PDAs, or heck, even a promiscuous traffic logger?

    "Access to 'HP LaserJet 8000' on 10.16.2.88 denied. The Cisco DRM system has determined that this host listens to ports (80/tcp, 135/tcp, 515/tcp), but does not run approved virus protection software." Yes, I can imagine explaining that to a vice president at 7am...

    Regards,
    --
    *Art

  4. Re:question by hazem · · Score: 5, Insightful

    Boy, and how long until a virus can make the response "yup, I'm secure"...

    I wonder if this is the next step in the "Trusted Secure Computing" world? Routers won't accept traffic from non-trusted computers?

  5. RTFA: This isn't about blocking traffic... by romcabrera · · Score: 5, Insightful
    RTFA: This is about blocking "network access to any computer or device that doesn't have its own security measures in place".

    That is way veeery different. Stations will be ENFORCED to have installed this software in networks with this scheme. WTF???

  6. It might even work. by BuilderBob · · Score: 5, Insightful

    It's entirely possible this article and the security program is directed at Windows users only. Neither Cisco or the Anti-virus vendors are malicious enough (IMHO) to block Unix/Mac boxes because they don't need the anti-virus software the companies sell. The wild internet frontier of email-address-confirming porn and Gatorware is probably here to stay.

    It's also possible they might figure out a way to block certain version of programs, say WuFTPd, from having an unsecured link to the outside world. This could help prevent a university network being used as a DDOS tool because a student didn't upgrade his ftp server. Or a mail server which doesn't smart-relay through an authenticating server to stop student PC's spamming.

    It's not always a virus that brings a network down. But when a university is forced to print 10,000 CDs with anti-virus and windows worm-removing tools to give to new students (who aren't allowed access to the university network if their box looks active on port 137) this might look like an alternative.

    The evil that it does bring is in the form of anti-Free networking, where Linux boxes are used to form cheap routers and gateways, without a Cisco(R)-Symantec(R) licensed monitoring system, your access to the larger internet may be limited by your upstream provider, ala Verisign certs.

    This system is probably for the intranet users to stop an OE/ IE virus bringing down their system before the poor tech guy patches the boxes.

  7. Re:The reason... by nolife · · Score: 5, Insightful

    In conclusion, don't be so smug with your Linux machine during the next round of Welchia or Klez, because if Linux had the desktop market share of Windows, then YOU'D be feeling the pain.

    Bullshit. Could you describe how this would be possible? Is Pine or Balsa or [your email application here] integrated into the OS and have full access and scripting ability on your machine? Does it automatically run code and have the ability to add services to your computer that run automatically on startup? If this is possible I'd like to know how.

    --
    Bad boys rape our young girls but Violet gives willingly.