Secure Computing's Sidewinder Customers Already Protected from TCP Vulnerability.Business Editors/High-Tech Writers
SAN JOSE San Jose, city, United States
San Jose (sănəzā`, săn hōzā`), city (1990 pop. 782,248), seat of Santa Clara co., W central Calif.; founded 1777, inc. 1850. , Calif.--(BUSINESS WIRE)--April 23, 2004
Secure Computing For the general concept, see .
Secure Computing Corporation, or SCC, is a public company (NASDAQ: SCUR) that develops and sells computer security products, such as:
in full National Association of Securities Dealers Automated Quotations
U.S. market for over-the-counter securities. Established in 1971 by the National Association of Securities Dealers (NASD), NASDAQ is an automated quotation system that reports on :SCUR), the experts in securing connections between people, applications, and networks(TM), today announced that while competing firewall vendors were quickly issuing yet more emergency patches, Secure Computing's enterprise firewall and security appliance Security appliances protect computer networks from unwanted data traffic, intruders, email spam, enforce policies, and may also be used to create and manage VPNs. There are a number of types of security appliances. customers had protection already in place from a critical vulnerability in the Transmission Control Protocol (TCP (1) (Transmission Control Protocol) The reliable transport protocol within the TCP/IP protocol suite. TCP ensures that all data arrive accurately and 100% intact at the other end. ). TCP is used by computers worldwide to connect to the Internet, and in theory the vulnerability could be used by hackers to shut down portions of the Internet.
According to advisories posted by the U.S. Computer Emergency Readiness Team (US-CERT (United States-Computer Emergency Readiness Team) The group charged with protecting the U.S. Internet infrastructure by coordinating defense against and response to cyberattacks. ) and the United Kingdom's National Infrastructure Security Co-ordination Centre The National Infrastructure Security Co-ordination Centre (NISCC) was an inter-departmental centre of the UK government.
Set up in 1999. The role of NISCC (pronounced "nicey") was to minimise the risk to the Critical National Infrastructure (CNI) from electronic attack. (NISCC NISCC National Infrastructure Security Co-Ordination Centre (UK) ), TCP currently contains "a vulnerability which allows remote attackers to terminate network sessions. Sustained exploitation of this vulnerability could lead to a denial of service A condition in which a system can no longer respond to normal requests. See denial of service attack. condition ... and portions of the Internet community may be affected."
All TCP based Internet sessions are vulnerable to varying degrees, but Sidewinder sidewinder, common name for a rattlesnake, Crotalus cerastes, found in the deserts of the SW United States. This 2-ft (60-cm), pale yellow and pink snake is named for its curious method of locomotion. G2(TM) provides industry leading protection against this attack. Sidewinder properly verifies the sequence number as well as the IP addresses and ports presented in a session RST request, but goes further and offers processing that uniquely isolate TCP sessions on each network, thereby minimizing the attack potential.
Because Sidewinder terminates TCP sessions, connections are established to the firewall, not through the firewall as is done by many competing firewalls relying on stateful inspection. Sidewinder minimizes the vulnerability to the attack by creating relatively small TCP windows and using highly random Initial Sequence Numbers (ISN's) during session negotiation. Every session flowing through the firewall is negotiated with Sidewinder, therefore customer devices are never subjected to the attack regardless of their device configuration or operating system limitations. This minimizes the risk of a session being improperly attacked and closed. This is very important for network architectures that are unable to quickly re-establish lost network connections.
"Our customers operate some of the most important networks in the world, networks that if shut down even for minutes by an attack utilizing the TCP vulnerability, the impact could be devastating dev·as·tate
tr.v. dev·as·tat·ed, dev·as·tat·ing, dev·as·tates
1. To lay waste; destroy.
2. To overwhelm; confound; stun: was devastated by the rude remark. to their business/network," said Mike Gallagher, senior vice president of product development for Secure Computing. "These customers understand the benefit of using the world's most secure firewall, which has never been compromised nor had a published vulnerability."
About Secure Computing
Secure Computing (NASDAQ:SCUR) has been securing the connections between people and information for over 20 years. Specializing in delivering solutions that secure these connections, Secure Computing is uniquely qualified to be the global security solutions provider to organizations of all sizes. Our more than 11,000 global customers, supported by a worldwide network of partners, include the majority of the Dow Jones Global 50 Titans and the most prominent organizations in banking, financial services, healthcare, telecommunications, manufacturing, public utilities, and federal and local governments. The company is headquartered in San Jose, Calif., and has sales offices worldwide. For more information, see www.securecomputing.com.
This press release contains forward-looking statements relating to Sidewinder G2 ability to protect against TCP vulnerabilities, and the expected benefits of such feature. Such statements involve a number of risks and uncertainties. Among the important factors that could cause actual results to differ materially from those indicated by such forward-looking statements are delays in product development, undetected software errors or bugs, competitive pressures, technical difficulties, changes in customer requirements, general economic conditions and the risk factors detailed from time to time in Secure Computing's periodic reports and registration statements filed with the Securities and Exchange Commission.
All trademarks, trade names or service marks used or mentioned herein belong to their respective owners.