Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cisco Working to Block Viruses at the Router

Posted by michael on from the license-to-surf dept.

macmouse writes "The San Francisco Chronicle has an article about Cisco and Anti-Virus companies working together to block viruses at the ISP (Router) level. It sounds like they will be using traffic shaping to block malicious traffic. Looking at it in an negative light however, it might mean that your required to have anti-virus software installed in order to use the internet. This can be a *big* problem for *nix/mac users which normally don't need or use AV software. Not to mention, being forced to purchase software from 'company x,y or z' in order to get online, regardless of platform. Hopefully, this is not going to happen."

10 of 369 comments (clear)

  1. nmap on a router? by x-router · · Score: 5, Interesting
    I think what they are 'trying' to say is the the router itself will scan your machine in a nmap way to see if it can find problems.

    If it finds issues then it will drop you from the network or block that port / problem.

    Rather than check if you have the latest version of norton installed..but perhaps I read it wrong?

  2. Implications? by spektr · · Score: 5, Interesting

    Does this mean that I can't talk about viruses using code-samples over the internet? I can't download and study exploits anymore? If there is any possibility to encode the virus-code to circumvent the filter, then the virus can possibly do the same...

  3. We kinda do this at Rutgers by pyite · · Score: 5, Interesting

    We sort of do this at Rutgers University This summer was absolutely crazy for the network, due to all the worms and such. A new policy was instituted which requires users to visit a website which checks their operating system. If they're running Windows, they are *required* to download a scanner that checks for the relevant worms and installs Anti-Virus software. Users running alternative operating systems are completely exempt. It just says "There are currently no additional requirements for running Linux on the residential network." We've just begun shutting people off who fail to comply with the policy. I, for one, like it. However, the routers start to get overloaded if they have too many access control lists because they have trouble running them on the ASICs. So, they have to run in software mode, which starts to slow things down.

    --

    "Nature doesn't care how smart you are. You can still be wrong." - Richard Feynman

  4. Perhaps no software needed... by DavidpFitz · · Score: 5, Insightful

    The article doesn't say that client software is required at all... it says that after some checks the user may be prompted to download some software (presumably from an internal source) before it can connec to the internet.

    However, if this original check is just done by some network secutiry checking (ie. looking to see if there is a vulnerable version of SSH or a misconfigured IIS etc) then all that would needed to be done would be to fix the potential exploit rather than install a piece of client software.

    Potentially, this would just be like running nmap and other similar tools against the machine in question to test it out fot net-worthiness.

    It could also check for open mail relays, which could help in the Fight Against Spam (tm).

    D.

  5. I work for an ISP... by Cytlid · · Score: 5, Insightful

    ... and got my CCNA in June. We have a saying... "Let routers route and servers serve." Anti-virus is clearly a IT problem, but it's also a server responsibility. Not a router responsibility. I can't imagine supporting this. Every once in a while, we get someone (customer, whomever) who says "Oh! This new virus works on port 7654! Please block port 7654!" ... then I say "What happens if I run my website on port 7654? You can't get to it?". Limiting the function of a routing device because it might carry malicious code on an application level is a bad idea. This isn't a solution to the problem, this is another band-aid.

    --
    FLR
  6. Re:LAN Systems by arth1 · · Score: 5, Insightful

    Also, how will the router check the security of devices where desktop security doesn't apply, like routers, printers, proxy servers, PDAs, or heck, even a promiscuous traffic logger?

    "Access to 'HP LaserJet 8000' on 10.16.2.88 denied. The Cisco DRM system has determined that this host listens to ports (80/tcp, 135/tcp, 515/tcp), but does not run approved virus protection software." Yes, I can imagine explaining that to a vice president at 7am...

    Regards,
    --
    *Art

  7. Re:question by hazem · · Score: 5, Insightful

    Boy, and how long until a virus can make the response "yup, I'm secure"...

    I wonder if this is the next step in the "Trusted Secure Computing" world? Routers won't accept traffic from non-trusted computers?

  8. RTFA: This isn't about blocking traffic... by romcabrera · · Score: 5, Insightful
    RTFA: This is about blocking "network access to any computer or device that doesn't have its own security measures in place".

    That is way veeery different. Stations will be ENFORCED to have installed this software in networks with this scheme. WTF???

  9. It might even work. by BuilderBob · · Score: 5, Insightful

    It's entirely possible this article and the security program is directed at Windows users only. Neither Cisco or the Anti-virus vendors are malicious enough (IMHO) to block Unix/Mac boxes because they don't need the anti-virus software the companies sell. The wild internet frontier of email-address-confirming porn and Gatorware is probably here to stay.

    It's also possible they might figure out a way to block certain version of programs, say WuFTPd, from having an unsecured link to the outside world. This could help prevent a university network being used as a DDOS tool because a student didn't upgrade his ftp server. Or a mail server which doesn't smart-relay through an authenticating server to stop student PC's spamming.

    It's not always a virus that brings a network down. But when a university is forced to print 10,000 CDs with anti-virus and windows worm-removing tools to give to new students (who aren't allowed access to the university network if their box looks active on port 137) this might look like an alternative.

    The evil that it does bring is in the form of anti-Free networking, where Linux boxes are used to form cheap routers and gateways, without a Cisco(R)-Symantec(R) licensed monitoring system, your access to the larger internet may be limited by your upstream provider, ala Verisign certs.

    This system is probably for the intranet users to stop an OE/ IE virus bringing down their system before the poor tech guy patches the boxes.

  10. Re:The reason... by nolife · · Score: 5, Insightful

    In conclusion, don't be so smug with your Linux machine during the next round of Welchia or Klez, because if Linux had the desktop market share of Windows, then YOU'D be feeling the pain.

    Bullshit. Could you describe how this would be possible? Is Pine or Balsa or [your email application here] integrated into the OS and have full access and scripting ability on your machine? Does it automatically run code and have the ability to add services to your computer that run automatically on startup? If this is possible I'd like to know how.

    --
    Bad boys rape our young girls but Violet gives willingly.