Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Cisco going to NSS Labs to sort out alleged firewall issues

Ellen Messmer, Network World | April 20, 2011
Cisco today is expected to confront more directly last week's allegations from NSS Labs that Cisco firewalls are vulnerable to a hacker exploit known as the 'TCP Split Handshake,' an attack that would fool the firewall into thinking the IP connection is a trusted one inside the network.

Phatak says NSS Labs did its best to supply Cisco with configuration information and vulnerability scripts. Cisco representatives are expected to be at NSS Labs today to participate in the vulnerability-assessment on site and sort out any issues directly. A Cisco spokesperson indicated that Cisco expects to write an updated blog post about all of this later today. NSS Labs also expects to publish updated findings related to what firewalls it tested have completed remediation to protect against the TCP Split Handshake attack.

Palo Alto Networks, whose application-aware firewall was also listed in the NSS Labs report last week as not preventing the TCP Split Handshake attack, yesterday said it has completed remediation, which is contained in the latest software upgrade for its operating system, PAN-OS. Rene Bonvanie, Palo Alto Networks vice president of marketing, expressed gratitude to NSS Labs for discovering the problem.

“We love working with analysts and test labs,” said Bonvanie. “When they tell us things are not working in the product, our job is to fix it.” The feedback from NSS Labs helped Palo Alto do that, he concluded.


Previous Page  1  2 

Sign up for Computerworld eNewsletters.