NetEqualizer is Net Neutral, Packet Shaping is Not


The NetEqualizer has long been considered a net neutral appliance. Given the new net neutrality FCC regulations, upheld yesterday, I thought it would be good time to reiterate how the NetEqualizer shaping techniques  are  compliant with the FCC ruling.

Here is the basic FCC rule that applies to bandwidth shaping and preferential treatment:

The FCC created a separate rule that prohibits broadband providers from slowing down specific applications or services, a practice known as throttling. More to the point, the FCC said providers can’t single out Internet traffic based on who sends it, where it’s going, what the content happens to be or whether that content competes with the provider’s business.

I’ll break this down as it relates to the NetEqualizer.

1. The rule “prohibits broadband providers from slowing down specific applications or services”.

The NetEqualizer makes shaping decisions solely based on instantaneous usage and only when a link is congested. It does not single out a particular application or service for throttling. The NetEqualizer does not classify traffic, instead looking at how the traffic behaves in order to make a shaping decision.  The key to remember here is that the NetEqualizer only shapes when a link is congested, and without it in place, the link would drop packets which would cause a serious outage.

2.  The FCC said “providers can’t single out Internet traffic based on who sends it, where it’s going”.

The NetEqualizer is completely agnostic as to who is sending the traffic and as to where it is going. In fact, any rate limiting that we provide is independent of the traffic on network, and is used solely to partition a shared resource amongst a set of internal users, whether they be buildings, groups, or access points.

I hope we have finally seen an end to application-based shaping (Packet Shaping) on the Internet.  I see this ruling being upheld as the dawning of a new era.

Will Fixed Wireless Ever Stand up To Cable Internet?


;

Screen Shot 2016-04-05 at 10.07.59 AM

By Art Reisman
CTO http://www.netequalizer.com

Screen Shot 2016-04-21 at 1.46.41 PM

Last night I had a dream. A dream where  I was free from relying on my Cable operator for my Internet Service.  After all, the latest wireless technology can be used to beam an Internet signal into your house  at  speeds approaching 600 Megabits right?

My sources tell me some wireless operators  are planning to compete head  to head with entrenched cable operators. This new  tactic is a  bold experiment  considering  most legacy WISP operators normally offer service on the outskirts of town; areas  where traditional Cable and DSL  service is spotty or non-existent.  Going at the throat of the entrenched  cable operators in the urban corridor , beaming Internet into homes with service that compete on price and speed  is a bold undertaking.  Is it possible? Let’s look at some of the obstacles and some of the advantages.

In the wireless model, a provider lights up a fixed tower with Internet service and beams a signal from the tower into each home it services.

  • Unlike cable where there is a fixed  physical wire to each home , the wireless operator relies on a line of sight signal from tower to home. The tower can have as many as four transmitters each capable of 600 megabits The kicker is, to turn a profit,  you have to share the  600 megabits  from each transmitter among as many users as possible.  Each user only gets a fraction of the bandwidth.  For example,       to make the business case work you will need perhaps  100 users (homes ) on one transmitter, that breaks down to 6  megabits per customer.
  • Each tower will need a physical connection back to a tier one provider such as Level 3. This will be a cost duplicated at each tower. A cable operator has a more concentrated NOC and requires far fewer links connections to their Tier one connection.
  • Radio Interference is a problem so the tower may not be able to perform consistently at 600 megabits, when there is interference speeds are backed down
  • Cable operators can put 100 megabits or more down each wire direct to the customer home so if you get into a bandwidth speed war on the last mile connection, the wireless is still not competitive.
  • Towers in this speed range must be line of sight to the home, so the towers must be high enough to clear all trees and buildings , this creates logistical problems on putting in one tower for every 200 homes.

On the flip side I  would gladly welcome a solid 6 megabit feed from a local  wireless  provider.

Speed is not everything , as long as it is adequate for basic services, facebook, e-mail etc. Where a wireless operator can excel and win over customers are in the following areas.

  • good clean honest service
  • no back door price hikes
  • local support, and not that impersonal off shore call center service
  • customers tend to appreciate locally owned companies

 

Why Is IT Security FUD So Prevalent


Screen Shot 2016-04-05 at 10.07.59 AM.png

By Art Reisman

CTO, APconnections
www.netequalizer.com
I just read an article by Rafal Los titled Abandon FUD, Scare Tactics and Marketing Hype.

In summary, he calls out all the vendor sales  presentations with slides citing all the statistics as to why you should be scared.  Here is the excerpt:

I want you to take out the last slide deck you either made, received, or reviewed on the topic of security.  Now open it up and tell me if it fits the following mold:

  • [Slides 1~4] – some slides telling you how horrible the state of information security is, how hackers are hacking everything, and probably at least 1-2 “clippings” of articles in recent media.
  • [Slides 4~7] – some slides telling you how you need to “act now,” “get compliant,” “protect your IP,” “protect your customer data,” or other catch phrases which fall into the category of “well, duh.”
  • [Slides 7~50+] – slides telling you how if you buy this product/service you will be protected from the threat du’jour and rainbows will appear as unicorns sing your praises.

Here’s the thing… did you find the slide deck you’re looking at more or less fits the above pattern? Experience tells me the odds of you nodding in agreement right now is fairly high.

And then he blasts all vendors in general with his disgust.

Ask yourself, if you write slide decks like this one I just described – who does that actually serve?  Are you expecting an executive, security leader, or practitioner to read your slides and suddenly have a “Eureka!” moment in which they realize hackers are out to get them and they should quickly act? 

I can certainly understand his frustration.  His rant reminded me of people complaining about crappy airline service and then continuing to fly that airline because it was cheapest.

Obviously FUD is around because there are still a good number of companies that make FUD driven purchases, just like there are good number of people that fly on airlines with crappy service.  Although it is not likely that you can effect a 180 degree industry turn you can certainly make a start by taking a stand.

If you get the chance try this the next time a Vendor offers you a salivating FUD-driven slide presentation.

Simply don’t talk to the sales team.  Sales teams are a thin veneer on top of a product’s warts. Request a meeting with the Engineering or Test team of a company. This may not be possible, if you are a small IT shop purchasing from Cisco, but remember you are the customer, you pay their salaries, and this should be a reasonable request.

I did this a couple of times when I was the lead architect for an AT&T product line. Yes, I had some clout due to the size of AT&T and the money involved in the decision. Vendors would always be trying to comp me hard with free tickets to sporting events, and yet my only request was this: “I want to visit your facility and talk directly to the engineering test team.”  After days of squirming and alternative venues offered, they granted me my  request. When the day finally came, it was not the impromptu sit down with the engineering team I was hoping for. It felt more like I was visiting North Korea. I had two VP’s escort me into their test facility, probably the first time they had ever set foot in there, and as I tried to ask questions directly with their test team, the VP’s almost peed their pants.  After a while the VP’s settled down, when they realized I was not looking to ruin them, I just wanted the truth about how their product performed.

FUD is much easier to sell than the product.

 

Seven Must Know Network Troubleshooting Tips


Screen Shot 2016-04-05 at 10.07.59 AM.png

By Art Reisman

CTO, APconnections
www.netequalizer.com

To get started you’ll need to get ahold of two key software tools: 1) Ping Tool and 2) a Network Scan Tool, both which I describe in more detail below.  And for advanced analysis (experts only), I will then show you how you can use a bandwidth shaper/sniffer if needed.

Ping Tool

Ping is a great tool to determine what your network responsiveness is (in milliseconds), identified by trying to get a response from a typical website. If you do not already know how to use Ping on your device there are hundreds of references to Ping and how to use it.  Simply google “how to use ping ” on  your favorite device or computer to learn how to use it.

For example, I found these instructions for my MAC; and there are similar instructions for Windows, iPhone, Linux, Android, etc.

  1. Open Network Utility (located inside Applications > Utilities).
  2. Click Ping.
  3. Fill out the “Enter the network that you want to ping” field. You can enter the IP address or a web URL. For example, enter http://www.bbc.co.uk/iplayer to test the ping with that website.
  4. Click Ping.

Network Scan Tool

There are a variety of network SCAN tools/apps available for just about any consumer device or computer.  The decent ones will cost a few dollars, but I have never regretted purchasing one.  I use mine often for very common home and business network issues as I will detail in the tips below. Be sure and use the term “network scan tool” when searching, so you do not get confusing results about unrelated document scanning tools.

Once you get your scan tool installed, test it out by selecting Network Scan. Here is the output from my MAC scan tool.  I will be referencing this output later in the article.

Network Scan Output
Screen Shot 2016-04-05 at 5.33.19 AM

 

Tip #1: Using Ping to see if you are really connected to your Network

I like to open a window on my laptop and keep Ping going all day, it looks like this:

yahoo.com Ping  Output

Screen Shot 2016-04-05 at 8.25.10 AM

Amazingly, seemingly on cue, I lost connectivity to my Internet while I was running the tool for the screen capture above, and no, it was not planned or contrived.  I kicked off my ping by contacting http://www.yahoo.com (type in “ping http://www.yahoo.com”), a public website. And you can see that my round-trip time was around 40 milliseconds before it went dead. Any ping results under 100 milliseconds are normal.

 

Tip #2: How to Deal with Slow Ping Times

In the case above, my Internet Connection just went dead; it came back a minute or so later, and was most likely not related to anything local on my network.

If you start to see missed pings or slow Ping Times above 100 milliseconds, it is most likely due to congestion on your network.  To improve your response times, try turning off other devices/applications and see if that helps.  Even your TV video can suck down a good chunk of bandwidth.

Note: Always test two public websites with a ping before jumping to any conclusions. It is not likely but occasionally a big site like Yahoo will have sporadic response times.

Note: If you have a satellite link, slow and missed pings are normal just a fact-of-life.

 

Tip #3: If you can’t ping a public site, try pinging your local Wireless Router

To ping your local router all you need to find is the IP address of your router. And on almost all networks you can guess it quite easily by looking up the IP address of your computer, and then replacing the last number with a 1.

For example, on my computer I click on my little apple icon, then System Preferences, and then Networking, and I get this screen.  You can see in the Status are it tells me that my IP address is 192.168.1.131.

Finding my IP address output

Screen Shot 2016-04-05 at 10.52.14 AM

The trick to finding your router’s IP address is to replace the last number of any IP address on your network with a 1.  So in my case, I start with my IP address of 192.168.1.131, and I swap the 131 with 1.  I then ping using 192.168.1.1 as my argument, by typing in “ping 192.168.1.1”. A  ping to my router looks like this:

Router Ping  Output

Screen Shot 2016-04-05 at 10.56.30 AM

In the case above I was able to ping my local router and get a response. So what does this tell me?  If I can ping my local wireless router but I can’t ping Yahoo or any other public site, most likely the problem is with my Internet Provider.  To rule out problems with your wireless router or cables, I recommend that you re-boot your wireless router and check the cables coming into it as a next step.

In one case of failure, I actually saw a tree limb on the cable coming from the utility pole to the house. When I called my Internet Provider, I was able to relay this information, which saved a good bit of time in resolving issue.

 

Tip  #4: Look for IP loops

Last week I was getting an error message when I powered up my laptop, saying that some other device had my IP address, and I determined that I was unable to attach to the wireless router. WHAT a strange message!  Fortunately, with my scan tool I can see all the other devices on my network. And although I do not know exactly how I got into this situation, I was quickly able to find the device with the duplicate IP address and powercycle it. This resolved the problem in this case.

 

Tip #5: Look for Rogue Devices

If you never give out the security code to your wireless router, you should not have any unwanted visitors on your network.  To be certain, I again turn to the scan tool.  From my scan output, in the image above (titled “Network Scan Output” near the top of this post), you can see that there are about 15 devices attached to my network. I can account for all of them so for now I have no intruders.

 

Tip #6: Maybe it is just Mischief

There was a time when I left my wireless router wide open as I live in a fairly rural neighborhood and was just being complacent. I was surprised to see that one of my neighbors was on my access point, but which one?

I did some profiling.  Neighbor to my west is a judge with his own network, probably not him.  Across the street, a retired librarian, so probably not her.  That left the Neighbor to my Southwest, kitty corner, a house with all kinds of extended family coming and going, and no network router of their own, at least that I could detect. I had my suspect. And I could also assume they never suspected I was aware of them.

The proper thing to do would have been to block them and lock my wireless router. But since I wanted to have a little fun, I plugged in my bandwidth controller and set their bandwidth down to a fraction of a Megabit.  This had the effect of making their connection painfully dreadfully slow, almost unusable but with a ray of hope.  After a week, he went away and then I completely blocked him (just in case he decided to come back!).

 

Tip #7: Advanced Analysis with a Bandwidth Shaper/Sniffer

If the Ping tool and the Scan tool don’t shed any light on an issue, the next step is to use a more advanced Packet Sniffer. Usually this requires a separate piece of equipment that you insert into your network between your router and network users. I use my NetEqualizer because I have several of them laying around the house.

Often times the problem with your network is some rogue application consuming all of the resources. This can be in the form of consuming total bandwidth, or it could also be seen as overwhelming your wireless router with packets (there are many viruses designed to do just this).

The image below is from a live snapshot depicting bandwidth utilization on a business network. Screen Shot 2016-01-27 at 12.26.49 PM

That top number, circled in red, is a YouTube video, and it is consuming about 3 megabits of bandwidth. Directly underneath that are a couple of cloud service applications from Amazon, and they are consuming 1/10 of what the YouTube video demolishes. On some lower cost Internet links one YouTube can make the service unusable to other applications.

With my sniffer I can also see total packets consumed by a device, which can be a problem on many networks if somebody opens an email with a virus. Without a sniffer it is very hard to track down the culprit.

I hope these tips help you to troubleshoot your network.  Please let us know if you have any questions or tips that you would like to contribute.

Network Redundancy Anxiety Needs a Re-direct


When vandals sliced a fiber-optic cable in the Arizona desert last month, they did more than time-warp thousands of people back to an era before computers, credit cards or even phones. They exposed a glaring vulnerability in the U.S. Internet infrastructure: no backup systems in many places.

A few years ago I wrote an article about the top five causes of disruption of internet service.  Our number two cause on our list at the time was

2) Failed Link to Provider

And our number one cause was congestion.

1) Congestion

A few things have changed since 2010,  first off Congestion is on the decline, and although still a concern it is less of a problem now that bandwidth prices have fallen and most businesses have larger circuits.

In our opinion, based on our experience, failed links from your provider are now  the number one threat as pointed out in this Huffington Post Article .  (The first paragraph of this  post is an excerpt from that article)   Not only are provider outages common, they can also take days to remedy in some cases.

As a network equipment OEM, the biggest concern with respect to failure that we hear of our customers are the components in their Network.  Routers, Firewalls, Switches , Bandwidth shapers, customers want redundancy built into these devices. That’s not to say these devices are flawless , but in general if they are up and running in your utility closet, they rarely spontaneously fail.

On the other hand…

The link into your building and everything upstream relies on   several, to perhaps thousands of miles of buried cable , usually buried along a road right of ways. These cables can be violated by  any idiot with a back ho, or a lightning strike on a nearby power pole.

My Business class internet is up most of the time but it does go out for a few hours at least twice a year. I have alternatives so it is a minor hassle to switch over.

Moral of the story: The next time you ask  about reliability on an equipment component in your network.  I suggest you also  ask the same question of your upstream provider.

Encryption is Not Rocket Science


The recent Apple iPhone versus the FBI case being tried in the court of public opinion is an interesting example of the fact that encryption, and the use of encryption, can be created by any individual or any business to protect their data.    All those spy movies where computers easily crack password codes are just plain fantasy.  A well-engineered encrypted password cannot be broken. Unless, of course, the person that created the encryption is forced to put in a back door for the FBI.

The point is, if I really wanted to encrypt something from all entities, I would not rely on a commercial encryption version provided by Apple or my browser, because, as we have seen, the FBI will use whatever muscle they have to make sure that they can get in.

When you are done with the the encryption exercise  below, you can go ahead and tattoo your bank password on your face without a worry that anybody would ever figure it out.

Let’s start with a typical password that you  might use for a bank account “alfred!1”

First we’ll take the alphanumeric value of each letter such that a=01, l=12, f=06, r=18, e=05 d=04. And for the 1 we can use first letter of the alphabet so that 1=A, 2=B etc. So you could just make your password 011206180504!A, which is the numeric representation of alfred!1 (note I just left the “!” alone)

Now lets put some meaningless garbage on the front of the password. Two meaningless letters, such as CD.

Now lets add 2 to the original numbers in the password, so now we get

CD031408200706!A

Now take the day of the month you were born in and add it to the first number. 03+21 = 24, I was born June 21

So now we have CF241408200706!A

Each time you apply a step to the password encryption the more difficult cracking it becomes.  I did not take this one far enough to make it impregnable to a sophisticated hacker,  but hopefully you see the point. Just keep applying  rules to your password changing it at each step. The more steps you apply, the more mathematically safe your password encryption becomes.

The advantage of creating your own encryption scheme is that all you need to do is remember how to unwind these steps to recover your password, you do not need to remember your actual password, so any time the bank forces you to change your password go ahead and change it, and write it down on your hand, or face, or all over your refrigerator. As long as you remember your encoding method, you can keep your passwords in plain site.

Believe it or not I actually write my encrypted pin codes on my ATM cards!

Hacker Sting Operation


I was just reading an article about a cyber security company that advocates hacker containment. The basic premise of the article is that hackers are going to get into your system and you can’t block them.  At some point they give specific advice that once a hacker is beyond your firewall,  you should lead them around a bit and limit the damage.  But, to be completely honest, I did not read the article far enough to learn exactly what they were proposing as a solution.  Perhaps they are right, or perhaps they have a few screws loose? The point is, their article sparked a novel idea. Why not sting the hackers?  I suspect US counter intelligence is doing this already, but there is no reason why it can’t be done at a corporate level.

Let’s assume they are correct and you can’t block hackers from getting in.  Instead of playing defense, why not play a little offense? Give the hackers a money pack with an exploding ink bomb.

What would this ink stained cash look like in cyber space?

How about a data base of fake financial records, that you carefully protect, but leave a few security holes. Then when you see anybody accessing these accounts, you go after them and prosecute the perpetrators when they try to use the accounts. Suck them into a face-to-face meeting to pick up gold bullion and arrest them, just like with any police sting. This might not stop the hacker, but it would have the effect of making their wares useless on the open market. Think about the drug dealer who rips off his customers, eventually somebody rats them out? Or kills them?

The idea would be instead of spending billions of dollars on security, spend a billion or two on laying traps for hackers that will help expose them and their customers.  If you hide enough ink bombs in your records, it might turn the tables a bit!

%d bloggers like this: