News in Brief

RPC patch; don't buy security appliances; updated network intrusion monitor

RPC Patch for Windows 2000 and XP, But Not NT4

Microsoft patched a flaw in the Remote Procedure Call (RPC) Endpoint Mapper for Windows 2000 and XP—but not for Windows NT 4.0, which is also affected. The flaw could allow denial of service attacks, causing remote computers to fail.

Microsoft recommends that Windows NT 4 users block port 135 on their firewalls, as it says RCP was not meant to be used over TCP/IP. In its defense over not patching the OS, Microsoft says that fixed NT 4.0 would require “rearchitecting a very significant amount of the Windows NT 4.0 operating system” with the result that “there would be no assurance that applications designed to run on Windows NT 4.0 would continue to operate on the patched system.”

For more information:

Security Appliance Market is Dead

Boston-based Yankee Group issued a report declaring the security appliance market is dead, and that the security switch market has taken its place. The analyst firm advised its clients to select security switches from now on.

Yankee Group predicts that by the end of 2003, one-quarter of the Fortune 100 will have deployed security service (SS) switches. “SS switches are significantly superior to security appliances because they are designed to enhance security performance, whereas security appliances are optimized for network performance, specific to a particular host and application,” says Matthew Kovar, a Yankee Group analyst.

For the next three to five years, such switches will be the intrusion-prevention platforms of choice for enterprises. Kovar predicts that today’s reigning networking vendors, including Cisco, Alcatel, Nokia, Alcatel, Siemens, and Ericsson, will acquire today’s SS switch vendors by the end of 2004.

IDS Balancer Updated

Top Layer Networks Inc. (Westboro, Mass.) released IDS Balancer 4500, a gigabit-capable intrusion detection monitoring platform. IDS Balancer 4500 balances the monitoring of multi-gigabit networks, allowing intrusion detection systems to keep up with monitoring load.

The product does its job by collecting traffic from multiple-gigabit network segments and virtual LANs, then distributing the monitoring load over multiple intrusion detection systems and mirroring the traffic if necessary.

The company says product benefits include letting companies continue to use existing IDS's (even at the gigabit level), increased security (by assigning IDS into monitoring groups), and the ability fine-tune network-based IDS for specific applications and protocols (resulting in fewer false alarms and IDS log entries).

For more information:

About the Author

Mathew Schwartz is a Contributing Editor for Enterprise Systems and is its Security Strategies column, as well as being a long-time contributor to the company's print publications. Mr. Schwartz is also a security and technology freelance writer.