Cisco's new security target: consumers

(continued from previous page)

Linksys has already dipped its toe into the water. At one time, it had a parental control feature on some of its routers that required a subscription to stay up to date. It didn't quite work out as the company hoped, but Linksys learned from the experience, Dhillon said.

Cisco won't be the first to deliver enhanced security built into a router. Check Point Software Technologies recently started selling a $150 Zone Alarm brand router that has a beefed-up firewall and antivirus and intrusion detection capabilities built-in. Check Point also borrowed from its enterprise security technologies.

"We agree that this is an important part of the security infrastructure that a home user needs to think about," said Laura Yecies, general manager for Zone Alarm at Check Point. "It is an opportunity to improve the security for home users; they really need the kind of capability that enterprises have."

"We agree that this is an important part of the security infrastructure."

--Laura Yecies, Zone Alarm general manager, Check Point

But security in routers is complimentary to what's installed on the PC, Yecies said. Check Point offers a bundle of its router with the Zone Alarm Internet Security Suite. "I don't think Cisco is going to take away from desktop security," she said.

Symantec and McAfee take similar stances: They don't see Cisco's plans as a threat, but as being only one piece in the security chain.

"Today's security requires defense in depth. You need security at all points in the network," said Rowan Trollope, a vice president in Symantec's consumer group. That means on the PC, on the router and on the networks run by services providers, he said.

Marc Solomon, director of product management for consumer products at McAfee, struck a similar chord.

"Cisco's vision of building security into home routers can add another layer of protection," Solomon commented. "However, it does not address all of the security issues for consumers, especially for those who use portable devices such as laptops, PDAs and mobile phones."

Thinking inside the box
But Cisco's plans do include Scientific Atlanta, the set-top box maker it bought in late 2005. Cable companies that put the boxes inside consumer homes are aiming for them to become the hub of a connected home, Cisco said. Already, Scientific Atlanta has sold more than 1 million set-top boxes with cable modems incorporated in them. The addition of built-in routing and networking capabilities is not far off, the company believes.

"There is a tremendous opportunity there for security solutions and secure storage solutions," said Dave Clark, director of home entertainment products for Scientific Atlanta.

Cisco won't give the security features away for free, and it hopes that beefing up the consumer networking gear and set-top boxes will bring it additional revenue. However, its executives won't say how big they think the market opportunity is, compared with the about $2 billion-a-year enterprise security business it has now.

"Instead of thinking of it as a multibillion-dollar security business in the consumer space, we're thinking of it in the context of the networked home," Palmer said. "The networked home opportunity is much bigger than $2 billion."

The extra revenue would come from pricier hardware and added services, Cisco representatives said. A Linksys or Scientific Atlanta device with security features will cost more than one without them. Also, Cisco may charge a subscription fee for services such as Web filtering, which require regular updates, they said.

In addition to products sold directly to consumers, Cisco has plans to build products aimed at Internet service providers that will let those ISPs offer security services to their customers, Palmer said.

If it sounds like Cisco hasn't really hammered out its plans, that's because the company is looking at trying out a range of product and service packages.

"The way you find out in the consumer space what works is by doing a bunch of experiments, and seeing what flies off the shelves and what doesn't," Palmer said. "You're constantly in an experimental mode because nobody is smart enough to figure this out a priori."

[Dachi]

A good idea

Using NAT is a pretty safe way to suppress unsolicited inbound traffic to your PC's as it is.

The problem is that people are still downloading crap on their PC's that sends out a far amount of Internet clogging junk.

Being behind a NAT router does not prevent your PC from being used in a DDoS attack or as a bot to send spam for instance.

There will always be people who manage to have just about anything lurking on their PC's. I believe companies like Linksys actually reach enough homes that a product like this could improve the health of the internet as a whole.

I am sure there will be early bugs to correct, but if the idea is shown to work I think some ISP's should adopt a policy that if they have had to suspend your service more than 2 times because your PC is infected and packeting other Internet users that you should be required to install something like this between your PC and the Internet before they are willing to restore your service.

I wish Cisco/Linksys luck with this.

[Macsaresafer]

Puulease!

Malicious sites can only be malicious because there are so many
Windows vulnerabilities. Any attempt to protect Windows, be it
hardware or software, will add unnecessary layers to an already
overburdened internet. Spam, for example accounts for over 90%
of all email, and it's practically all sent from zombie Windows
computers.

If you really want to end the problem, don't connect a Windows
based computer to the internet. With no internet connection,
there's no way it can become a zombie. Leave the internet to
computers whose operating systems aren't security swiss
cheese: Linux and Mac.

[extinctone]

I agree

There is no reason not to use a hardware firewall. It's just basic common sense.

[Seaspray0]

It is, but won't stop an outgoing bot

"Being behind a NAT router does not prevent your PC from being used in a DDoS attack or as a bot to send spam for instance."

Not so. If your computer is part of a botnet, it will work behind a router. Programs, such as the free ZoneAlarm, will alert you to an unauthorized attempt to access the internet. Even the windows firewall in XP will alert you to unauthorized attempts. Aside from providing access to the internet for multiple computers, the NAT feature used in home routers provides an excellent defense against hackers attempting to access your computer through open ports. This defense helps keep your compute from becoming part of a botnet in the first place, but is not the only way your PC can be compromised. Running executables attached to email is a common method; which is why you should not always run as an administrator like most home users do (installing programs requires administrator rights in almost all cases).

[ciscostu]

Linksys + IPS + VPN + WPA Enterprise

The open source community has already started porting security features to Linksys routers-

<a class="jive-link-external" href="http://packetprotector.org" target="_newWindow">http://packetprotector.org</a>