Nortel Networks is working on security routers for businesses looking to move away from dedicated, stand-alone security hardware to software and hardware combinations incorporated in switches, routers and even desktops.
3Com and others have similar plans, making 2005 a key year in the migration toward switching and routing devices securing networks and content.
Nortel is expected next year to roll out two core routers for business networks that will incorporate security applications. Code-named Dolphin and Triton, the routers will include support for VPNs, firewalls and intrusion detection, sources say.
Nortel says it isn't ready to release details of the new gear, but it has a number of new branch and regional routing platforms in field evaluation. These are scheduled to be available in mid-2005, the company says.
These product additions come after Nortel announced intrusion-detection and -prevention gear that integrates with its switch/firewall offerings to block perceived threats, and an alliance with Symantec to provide threat signatures to Nortel switches that block malicious traffic.
"Every router and switch will eventually double as a kind of firewall or a filtering device at the very least," says Jon Oltsik, a senior analyst with Enterprise Strategy Group. "From a security perspective, that means network devices become enforcement points. Today's routers and switches already perform some (filtering) tasks, with (access control lists) and basic packet filtering." Earlier this year, networking vendors Alcatel, Cisco Systems and Enterasys Networks made similar announcements.
This means vendors will revamp their product lines to integrate security, says Zeus Kerravala, vice president of enterprise infrastructure for The Yankee Group. "There's not a lot new you can do with routing and switching alone anymore. Those who don't (incorporate security in routers and switches) face extinction."
Along these lines, 3Com last week acquired intrusion-prevention system vendor TippingPoint Technologies, with plans to integrate the company's wire-speed traffic filtering capabilities into blades for 3Com switches and routers over the next year.
Another ongoing effort comes at security from the desktop, making sure individual machines meet security standards before they can send traffic on the network. F5 Networks and Nortel last week announced they have joined Cisco, Extreme Networks, Juniper Networks and others working with Microsoft to support the software giant's Network Access Protection (NAP) architecture. NAP is designed to create a broad security infrastructure that embraces servers, switches, routers and desktops. As NAP is gathering a long list of partners, Microsoft is preparing its first release for next year.
F5 plans to integrate NAP technology into its FirePass Controller, an SSL VPN product, allowing the device to admit, deny or quarantine traffic from end-user laptops and PCs. In an integrated Microsoft/F5 network the Microsoft NAP architecture would test client machines to ensure operating system and anti-virus software are up to date. An authentication server then would tell an F5 FirePass Controller to allow the user access, block access or send the user to a secure LAN segment where the latest operating system and anti-virus software can be downloaded.