Foundry plays it secure after vulnerability scare

Foundry Networks Inc. has launched a range of Layer 4-7 switches as part of a new strategy to incorporate more security into its products. The vendor claims it has improved the resilience and performance of its products, with embedded firewall and content scanning features. The announcement comes just a week after it announced a TCP (Transmission Control Protocol) vulnerability that affects all its products and switches.

The switch manufacturer launched its ServerIron 450 and 850 products, a range of JetCore modules and its ServerIron GT range of stackable gateway switches. According to Chandra Kopparapu, vice president of Layer 4-7 marketing at Foundry Networks, these products are part of a wave of new products by his company that will provide increased resilience and reliability within its Layer 4-7 products. He said there are three reasons for this. "Firstly, there is the obvious customer demand. Second is the product development in that these products are deployed externally to the corporate firewall. If it goes down, then the server will be exposed," he said. "Thirdly, it's crucial to keep the server running. So, we intend to focus on all of these."

The ServerIron 450 and 850 have increased connection performance and improved denial of service (DoS) protection, according to Foundry, being able to handle up to 4,000,000 TCP SYN (Synchronization) packets per second -- the initial handshake requests to set up a connection. The products also incorporate a rules-based content analysis engine to improve application security. Kopparapu said users will see future switches evolving from content analysis to intrusion detection systems (IDSs) to tackle a growing range of blended-threat attacks. "IDS can go into Layer 4-7 switches," he explained. "The switch can protect other systems, but not yet."

The ServerIron GT Gigabit Ethernet switches have integrated support for SSL (Secure Socket Layer) and can run over copper and Ethernet. The GT range can terminate and accelerate SSL connections, according to Foundry, while also providing centralized SSL certificate management.

A further wrinkle to these products is Foundry's setting the switches to handle Financial Information eXchange (FIX) applications. FIX is used within the financial community as a standard for the automation of information exchange for securities trading. Foundry said the products were required to include improved connectivity, manageability and security as well as ensure a rapid disaster recovery option for all FIX applications.

The Middle Eastern prices for these products will be significantly higher than in the U.S., due to the different discount infrastructure used in the region, explained Yarob Saknini, regional technical manager for Foundry Networks ME. The 450 costs $37,000 (as opposed to U.S. price of $34,995) while the 850 is $42,000 (U.S. list price is $38,995); both are now shipping to the region. The GT range will be available by September, with 4-port Gigabit costing $17,000 (U.S. price $14,995), 4-port with SSL $24,000 (U.S. price $21,995) and the 12-port with SSL is $31,000 (U.S. list price $27,995).

Foundry reported on April 23 that a DoS attacker can successfully send a spoofed packet with the correct 4-tuple TCP/IP header information. The vulnerability allows the next sequence range to be successfully cracked within four attempts, causing the attack to succeed "within seconds," according to the advisory, which added that the vendor is working on a patch for the problem.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Foundry NetworksGateway

Show Comments