April 7, 2004

DeepNines Technologies Offers the only Security Solution to Provide Immediate Protection for Cisco's Product Vulnerabilities

DALLAS, TEXAS- DeepNines, the only software company to offer a leading-edge, integrated security platform, which prevents network intrusion before it strikes down a network, has announced that their in-front-of-the-router security platform thwarts exploits to vulnerabilities on Cisco's popular Catalyst switches and its Internetwork Operating System (IOS) for routers. DeepNines' Security Platform offers integrated firewall functionality, intrusion prevention, best-in-class gateway anti-virus scanning functionality, forensic capture and reporting.

Cisco Global Exploiter, a new hacker tool that is readily available on the Internet, gives users a menu listing of choices, allowing them to select a vulnerability to exploit depending on the device they want to attack. The tool, Perl script, automatically generates nine attacks that exploit known vulnerabilities in Cisco products, including devices running the Internetwork Operating System (IOS), routers, PIX firewalls and Catalyst switches. Comments in the script identify which sections are used to exploit denial of service vulnerabilities and authorization problems and to execute arbitrary code. The script even offers user feedback such as, "Vulnerability successful (sic) exploited. Target server is down."

The Sleuth9® Security System, which runs on the DeepNines' Security Platform, sits invisibly at the perimeter of the network, exposing no MAC or IP address so it cannot be scanned or hacked, protecting the router and other critical network devices from attack. Patent-pending Adaptive Rate Control provides total network protection from flooding attacks, keeping the network up and running and allowing good traffic to pass while throttling back traffic floods. Complete access-control functionality at the network perimeter blocks authentication exploits before they can begin.

Dan Jackson, COO and President stated, "Even if a company downloads the patches from Cisco and fixes their system, the routers and switches are not designed to protect themselves from attacks. This is the strategic reason security solutions must be invisible, in-line, and in front of the router." Mr. Jackson continued, "We urge our customers to implement and routinely manage a security policy to help prevent future attacks on their company network."

"A layered approach at the perimeter is essential. It is necessary to have the additional layer of security in front of the router to augment existing network infrastructure," said Sam Collier, Principal, Union Square Technology Group LLC and CEO of Aspire.net Managed Systems Inc.

Listings of the vulnerabilities include:

1. Cisco 677/678 Telnet Buffer Overflow Vulnerability
2. Cisco IOS Router Denial of Service Vulnerability
3. Cisco IOS HTTP Auth Vulnerability
4. Cisco IOS HTTP Configuration Arbitrary Administrative Access Vulnerability
Cisco Catalyst SSH Protocol Mismatch Denial of Service Vulnerability
5. Cisco 675 Web Administration Denial of Service Vulnerability
6. Cisco Catalyst 3500 XL Remote Arbitrary Command Vulnerability
7. Cisco IOS Software HTTP Request Denial of Service Vulnerability
8. Cisco 514 UDP Flood Denial of Service Vulnerability

About Deep Nines Inc. DeepNines offers a scalable security platform for Global 2000 companies with a vertical market focus in education, government, telecommunications, energy and financial services. The DeepNines Security Edge PlatformT integrates intelligent firewall, intrusion prevention, best-of-breed secure content management, forensics and reporting. It operates outside the network infrastructure, improving organizations' security "deep into the nines." DeepNines' Security Edge Platform, the company's patent-pending security system, is a fully automated signature and behavior-based, intrusion prevention and traffic management system preventing known and unknown attacks from entering an organization's network. The Security Edge Platform runs on Solaris and Linux platforms from Sun Microsystems. To learn more about Deep Nines visit www.deepnines.com.