Handley Library Case Study: A post from the trenches….

July 31, 2012 — libraryjedi

Editor’s Note:  We would like to thank our guest contributor, Sara Holloway of Handley Regional Library, for contributing this post about her experience with the NetEqualizer.  Thanks Sara!

Handley Regional Library Logo

Greetings!  I am a librarian from a medium-sized library system in the Shenandoah Valley of Virginia who has stumbled into the world of NetEqualizer.  During my 19 year tenure here at Handley Regional Library, our computer landscape has changed radically.  When I came on board in 1993,  the library boasted XT computers that booted to our Novell network via a 5.25″ floppy disk.  Our monitors were 13″ amber screens that glowed with the pre-GUI interface of DataTrek, our integrated library system (ILS).  The only “real” computer was in the director’s office – a Compaq AT box with a VGA monitor, running Windows 3.0.  We had no computers for the public to use, but did provide a typewriter for those who needed to create a document.

Since then, we have made many changes in our IT infrastructure and in the computing services we provide.  We are not a cutting-edge technology library, like many I read about in the library literature, but we do a good job with what resources we have.  Handley Regional Library now has three branches, serving two counties (Frederick and Clarke) and the city of Winchester.  We have 120 computers serving staff and the public.  I am proud to be one of the “farmers” that helped this garden grow.

In 2010, our telecommunications began to show the strain of over 100 computers on the WAN and trying to use the Internet simultaneously.  We changed telecomm providers and were able to eke out a little more bandwidth within the tight budget constraints we faced.  Still, staff and patrons alike complained about the computers being slow.  Everything came to a head in late July 2011, when our telecomm circuits were suddenly maxed out and our ILS system (Library.Solution provided by TLC) ran at a snail’s pace.  Of course, I was on vacation at the time!

The day I returned from vacation, I received a call from a colleague.  “We have a real problem!  When will you be back?”  I immediately discovered, upon my return to work, she was correct.  There was a real problem; I just didn’t know how to fix it….at first.

Fortunately for us, the Library of Virginia (with money from the Gates Foundation) had contracted a consultant to assist several libraries in the state suffering from inadequate bandwidth problems.  The consultant had visited our library system in July 2011, just before my vacation.  In his report, he strongly suggested if we could not afford to increase our bandwidth, that instead we implement a bandwidth equalizing tool, specifically recommending NetEqualizer by name.  After careful consideration, I decided to spend my entire IT budget to  purchase a NetEqualizer.

Of all the purchases I have made for IT in my 19 years here at Handley Regional, the NetEqualizer was perhaps my best decision ever.Sara Holloway, Librarian
Handley Regional Library

We installed the NetEqualizer in late August 2011 at our branch which hosts our data, web and email servers.   It was very easy to configure and install.  Almost immediately, staff at all three branches noticed an increase of speed in our Circulation and Cataloging programs.  I tweaked the NetEqualizer configuration to prevent bandwidth hogs and to allow some breathing room in the network so our ILS processes could access our servers more easily.  I am still learning how to interpret all the data provided by ntop, but what I do understand has helped me to stop some unwanted network traffic, which has further increased the available bandwidth.

Of all the purchases I have made for IT in my 19 years here at Handley Regional, the NetEqualizer was perhaps my best decision ever.  I am thankful to the consultant who did some research to find this product and recommend it.  While it doesn’t solve our fundamental problem of inadequate bandwidth, it has been a lifesaver in keeping essential ILS functions operating.  Thanks, NetEqualizer!

Posted in Testimonials. Tags: , , . 1 Comment »

How to Block Frostwire, utorrent and Other P2P Protocols

July 18, 2012 — netequalizer

By Art Reisman, CTO, http://www.netequalizer.com

Art Reisman CTO www.netequalizer.com

Disclaimer: It is considered controversial and by some definitions illegal for a US-based ISP to use deep packet inspection on the public Internet.

At APconnections, we subscribe to the philosophy that there is more to be gained by explaining your technology secrets than by obfuscating them with marketing babble. Read on to learn how I hunt down aggressive P2P traffic.

In order to create a successful tool for blocking a P2P application, you must first figure out how to identify P2P traffic. I do this by looking at the output data dump from a P2P session.

To see what is inside the data packets I use a custom sniffer that we developed. Then to create a traffic load, I use a basic Windows computer loaded up with the latest utorrent client.

Editors Note: The last time I used a P2P engine on a Windows computer, I ended up reloading my Windows OS once a week. Downloading random P2P files is sure to bring in the latest viruses, and unimaginable filth will populate your computer.

The custom sniffer is built into our NetGladiator device, and it does several things:

1) It detects and dumps the data inside packets as they cross the wire to a file that I can look at later.

2) It maps non printable ASCII characters to printable ASCII characters. In this way, when I dump the contents of an IP packet to a file, I don’t get all kinds of special characters embedded in the file. Since P2P data is encoded random music files and video, you can’t view data without this filter. If you try, you’ll get all kinds of garbled scrolling on the screen when you look at the raw data with a text editor.

So what does the raw data output dump of a P2P client look like ?

Here is a snippet of some of the utorrent raw data I was looking at just this morning. The sniffer has converted the non printable characters to “x”.
You can clearly see some repeating data patterns forming below. That is the key to identifying anything with layer 7. Sometimes it is obvious, while sometimes you really have work to find a pattern.

Packet 1 exx_0ixx`12fb*!s[`|#l0fwxkf)d1:ad2:id20:c;&h45h”2x#5wg;|l{j{e1:q4:ping1:t4:ka 31:v4:utk21:y1:qe
Packet 2 exx_0jxx`1kmb*!su,fsl0’_xk<)d1:ad2:id20:c;&h45h”2x#5wg;|l{j{e1:q4:ping1:t4:xv4^1:v4:utk21:y1:qe
Packet 3 exx_0kxx`1exb*!sz{)8l0|!xkvid1:ad2:id20:c;&h45h”2x#5wg;|l{j{e1:q4:ping1:t4:09hd1:v4:utk21:y1:qe
Packet 4 exx_0lxx`19-b*!sq%^:l0tpxk-ld1:ad2:id20:c;&h45h”2x#5wg;|l{j{e1:q4:ping1:t4:=x{j1:v4:utk21:y1:qe

The next step is to develop a layer 7 regular expression to identify the patterns in the data. In the output you’ll notice the string “exx” appears in line, and that is what you look for. A repeating pattern is a good place to start.

The regular expression I decided to use looks something like:

exx.0.xx.*qe

This translates to: match any string starting with “exx” followed, by any character “.” followed by “0”, followed by “xx”, followed by any sequence of characters ending with “qe”.

Note: When I tested this regular expression it turns out to only catch a fraction of the Utorrent, but it is a start. What you don’t want to do is make your regular expression so simple that you get false positives. A layer 7 product that creates a high degree of false positives is pretty useless.

The next thing I do with my new regular expression is a test for accuracy of target detection and false positives.

Accuracy of detection is done by clearing your test network of everything except the p2p target you are trying to catch, and then running your layer 7 device with your new regular expression and see how well it does.

Below is an example from my NetGladiator in a new sniffer mode. In this mode I have the layer 7 detection on, and I can analyze the detection accuracy. In the output below, the sniffer puts a tag on every connection that matches my utorrent regular expression. In this case, my tag is indicated by the word “dad” at the end of the row. Notice how every connection is tagged. This means I am getting 100 percent hit rate for utorrent. Obviously I doctored the output for this post :)

ndex SRCP DSTP Wavg Avg IP1 IP2 Ptcl Port Pool TOS
0 0 0 17 53 255.255.255.255 95.85.150.34 — 2 99 dad
1 0 0 16 48 255.255.255.255 95.82.250.60 — 2 99 dad
2 0 0 16 48 255.255.255.255 95.147.1.179 — 2 99 dad
3 0 0 18 52 255.255.255.255 95.252.60.94 — 2 99 dad
4 0 0 12 24 255.255.255.255 201.250.236.194 — 2 99 dad
5 0 0 18 52 255.255.255.255 2.3.200.165 — 2 99 dad
6 0 0 10 0 255.255.255.255 99.251.180.164 — 2 99 dad
7 0 0 88 732 255.255.255.255 95.146.136.13 — 2 99 dad
8 0 0 12 0 255.255.255.255 189.202.6.133 — 2 99 dad
9 0 0 12 24 255.255.255.255 79.180.76.172 — 2 99 dad
10 0 0 16 48 255.255.255.255 95.96.179.38 — 2 99 dad
11 0 0 11 16 255.255.255.255 189.111.5.238 — 2 99 dad
12 0 0 17 52 255.255.255.255 201.160.220.251 — 2 99 dad
13 0 0 27 54 255.255.255.255 95.73.104.105 — 2 99 dad
14 0 0 10 0 255.255.255.255 95.83.176.3 — 2 99 dad
15 0 0 14 28 255.255.255.255 123.193.132.219 — 2 99 dad
16 0 0 14 32 255.255.255.255 188.191.192.157 — 2 99 dad
17 0 0 10 0 255.255.255.255 95.83.132.169 — 2 99 dad
18 0 0 24 33 255.255.255.255 99.244.128.223 — 2 99 dad
19 0 0 17 53 255.255.255.255 97.90.124.181 — 2 99 dad

A bit more on reading this sniffer output…

Notice columns 4 and 5, which indicate data transfer rates in bytes per second. These columns contain numbers that are less than 100 bytes per second – Very small data transfers. This is mostly because as soon as that connection is identified as utorrent, the NetGladiator drops all future packets on the connection and it never really gets going. One thing I did notice is that the modern utorrent protocol hops around very quickly from connection to connection. It attempts not to show it’s cards. Why do I mention this? Because in layer 7 shaping of P2P, speed of detection is everything. If you wait a few milliseconds too long to analyze and detect a torrent, it is already too late because the torrent has transferred enough data to keep it going. It’s just a conjecture, but I suspect this is one of the main reasons why this utorrent is so popular. By hopping from source to source, it is very hard for an ISP to block this one without the latest equipment. I recently wrote a companion article regarding the speed of the technology behind a good layer 7 device.

The last part of testing a regular expression involves looking for false positives. For this we use a commercial grade simulator. Our simulator uses a series of pre-programmed web crawlers that visit tens of thousands of web pages an hour at our test facility. We then take our layer 7 device with our new regular expression and make sure that none of the web crawlers accidentally get blocked while reading thousands of web pages. If this test passes we are good to go with our new regular expression.

Editors Note: Our primary bandwidth shaping product manages P2P without using deep packet inspection.
The following layer 7 techniques can be run on our NetGladiator Intrusion Prevention System. We also advise that public ISPs check their country regulations before deploying a deep packet inspection device on a public network.

Posted in Bandwidth Management, Educational Articles, Net Neutrality, Research, Security, White Papers. Tags: , , , , . Leave a Comment »

NetEqualizer News: July 2012

July 10, 2012 — netequalizer

July 2012

Greetings!

Enjoy another issue of NetEqualizer News! This month, we preview a feature that allows for smarter P2P blocking, announce the winners of two contests, and discuss how the DPI engine in NetGladiator can be creatively utilized. As always, feel free to pass this along to others who might be interested in NetEqualizer News.
A message from Zack…
Zack Sanders, Director of Security

We’ve reached the midpoint of the year, and that is always a time I think about preventative maintenance for systems I manage. Take this time to update software versions and patch your operating systems. For an attacker, these are some of the easiest security holes to spot, but they are also some of the easiest to fix! Take a few minutes and think about which systems could use some love in July.

And, if you have any questions about securing your environment, contact me directly at zack@apconnections.net!

Smarter P2P Blocking with NetEqualizer
We’ve recently been working on and testing a new feature that improves P2P blocking by allowing for dynamic, smart connection limits in the NetEqualizer. This feature allows for more efficient networks and better user experiences for subscribers.

Here is what one of our customers who is using the feature said about the enhancement:

Overall, this is working very well for us and has saved us 10Mb per link. The overall experience for the non-abuser is significantly improved, as there is 2.5% more bandwidth for him to burst into. Also, the fact that I can remove the connection limit is extremely useful. The amount of support calls we were taking when someone who was torrenting would have his browser crash were in the hundreds per month – now that user just gets tar-pitted.

To read more about smart connection limits, check out this article on our blog: A Smarter Way to Limit P2P Traffic

This feature will be available soon for all customers with valid NSS. Keep an eye out for further details on our website, our blog, or right here in NetEqualizer News!

Contest Winners!
Every few months, we have a drawing to givefrontier away two round-trip domestic airline tickets from Frontier Airlines to one lucky person who’s recently tried out our online NetEqualizer demo. And the winner is…

Carol Avent of Mountain Zone TV Systems!

$100 Amazon Gift Card!

In the June 2012 issue of NetEqualizer News, we asked for your feedback in a survey. An entry was randomly drawn, and the winner is…

Ben Whitaker of Jetset Networks!

Congratulations Carol and Ben!

Both winners, please contact us within 30 days (by August 10, 2012) at:

admin@apconnections.net
-or-
303-997-1300

to claim your prize!

NetGladiator and DPI Engine Utilization
NetGladiator was built as a capable, customizable intrusion prevention system, but because of the level of control and access we provide to our customers, NetGladiator can be much more!

NetGladiator is built on the same technology that makes NetEqualizer fast and efficient. The only major difference is the Deep Packet Inspection (DPI) engine that is installed to monitor traffic. The DPI engine has been outfitted to pass and analyze data packets separately, which results in no increased latency. Most DPI engines slow traffic down, but no speed or throughput is lost in this implementation.

By default, the configuration for NetGladiator is meant to handle web application attacks, but because this configuration is fully adjustable and looks at all incoming data, it really can detect any pattern you want!

Possible uses include:

– Spam filtering
– Unwanted protocols in your business
– Content blocking
– Keyword spotting

To read more about different ways to utilize NetGladiator, check out this article on our blog: NetGladiator: A Layer 7 Shaper in Sheep’s Clothing

You can also contact us at ips@apconnections.net for more information!

Best Of The Blog

Wired Bandwidth Prices, and What to Expect in the Future

By Art Reisman – CTO – APconnections

Bandwidth prices traditionally have a very regional component, and your experience may vary, but in the US there is a really good chance you can get quite a bit more bandwidth for a much lower price than what it would have cost you a few years ago. To site one example, we have a customer that contracts Internet services to supply several large residential housing units. Currently, commercial class business Internet service for 50 megabits runs $120 per month, which is the same price they were paying for 10 megabits 3 years ago. Essentially, they are getting five times as much bandwidth for the same price they signed up for 3 years ago. And they are not an anomaly. I am hearing the same story in almost every market in the US. We can conclude from our empirical data that bandwidth prices have dropped 500 percent in 3 years!

To answer the question on the future of bandwidth prices, we need to get a handle on what is driving them lower today…
Photo Of The Month

Saddle Mountain

The Oregon coastline is a beautiful part of the country, as is evident in this view from Saddle Mountain. The climb to the summit provides access to mature forests as well as gorgeous wildflower landscapes – definitely something to check out if you ever have the opportunity.
Posted in Newsletters. 1 Comment »

NetEqualizer News: June 2012

June 29, 2012 — netequalizer

June 2012

Greetings!

Enjoy another issue of NetEqualizer News! This month, we announce the release of our NetGladiator Demo Video, highlight our NetEqualizer YouTube Channel, and discuss our new NetEqualizer Lite product. As always, feel free to pass this along to others who might be interested in NetEqualizer News.
A message from Sandy…
Sandy McGregor, Director of Marketing

Just attended a June wedding! There is nothing like June (warm weather, beautiful flowers, sunshine) to celebrate a marriage! It is lovely to witness two people starting their lives together. This made me think about how we are starting to “marry” our different product lines. You will see more of NetGladiator tied into our NetEqualizer website, our blog, etc. Although the products serve very different purposes, both are capable of providing immense value to your organization.

We will continue to look for opportunities to leverage our technology to create products that help our customers run efficient, secure networks.

We want to know what challenges you face on a recurring basis! If you have a moment, please fill out our short, four-question survey. Submissions will be entered into a drawing for a $100 Amazon Gift Card!

NetGladiator Demo Video
Throughout 2012, we’ve been discussing best-practice security quite a bit. Our new intrusion prevention system, NetGladiator, is the result of expert security research, rock-solid pattern inspection, and common sense.

NetGladiator cuts through the hype that other products rely on, and provides a real, effective security solution that will fit naturally into your existing security layers to protect your web applications.

We recently released a demonstration video that showcases the NetGladiator interface,  demonstrates its configuration, and discusses its attack blocking abilities.

Take a look at the video here via our YouTube channel!

 

If you have additional questions about NetGladiator, visit our website or contact us at:

ips@apconnections.net

NetEqualizer on YouTube
If you haven’t already, take a look at our NetEqualizer YouTube Channel!

Here you can find all of our Tech Seminars, demonstrations, and other videos. Start by watching our featured video, Equalizing Explained.

NetEqualizer Lite

Do you need bandwidth control without the price or large throughput? Our new NetEqualizer Lite product is just for you.

Starting at just $999, the new NetEqualizer Lite offers compelling value at a low price. We have upgraded our base technology for the NetEqualizer Lite, our entry-level bandwidth-shaping appliance.

Our new Lite still retains a small form-factor, which sets it apart, and makes it ideal for implementation in the field, but now has enhanced CPU and memory. This enables us to include robust graphical reporting like in our other product lines, and also to support additional bandwidth license levels.

NetEqualizer Lite is perfect for small SSIPs, hotels, offices, libraries, coffee shops, and more!

For more information on NetEqualizer Lite, visit our website, check out our blog, or contact us at:

-or-
toll-free U.S. (888-287-2492),

Best Of The Blog

Case Study: A Simple Solution to Relieve Congestion on Your MPLS Network

By Art Reisman – CTO – APconnections

Summary: In the last few months, we have set up several NetEqualizer systems on spoke and hub MPLS networks. Our solution is very cost effective because it differs from many TOS/Compression-based WAN optimization products that require multiple pieces of hardware. Normally, for WAN optimization, a device is placed at the HUB and a partner device is placed at each remote location. With the NetEqualizer technology, we have been able to simply and elegantly solve contention issues with a single device at the central hub.

The problem:

A customer has a spoke and hub MPLS network where remote sites get their public Internet and corporate data by coming in on a spoke to a central site. Although the network at the host site has plenty of bandwidth, the spokes have a fixed allocation over the MPLS and are experiencing contention issues (e.g. slow response times to corporate sales data, etc.)…
Photo Of The Month

Photo by James Dougherty

Colorado Summer Storms

Every local knows the adage, “If you don’t like the weather in Colorado, wait five minutes.” Each season brings its own meteorological challenges to the region, and in summer, those are tornadoes and hail. Recently, a portent storm hit the Denver Metro area, causing funneled clouds and abrupt hailstones. After the chaos subsided, however, the sky was painted with gorgeous colors and textures.
Posted in Newsletters. Tags: , , , . 1 Comment »

NetGladiator: A Layer 7 Shaper in Sheep’s Clothing

June 28, 2012 — netequalizer

When explaining our NetGladiator technology the other day, a customer was very intrigued with our Layer 7 engine. He likened it to a caged tiger under the hood, gobbling up and spitting out data packets with the speed and cunning of the world’s most powerful feline.

He was surprised to see this level of capability in equipment offered at our prices.  He was impressed with the speed attained for the price point of our solution (more on this later in the article)…

In order to create a rock-solid IPS (Intrusion Prevention System), capable of handling network speeds of up to 1 gigabit with standard Intel hardware, we had to devise a technology breakthrough in Layer 7 processing. Existing technologies were just too slow to keep up with network speed expectations.

In order to support higher speeds, most vendors use semi-custom chip sets and a technology called “ASIC“. This works well but is very expensive to manufacture.

How do typical Layer 7 engines work?

Our IPS story starts with our old Layer 7 engine. It was sitting idle on our NetEqualizer product. We had shelved it when we got away from from Layer 7 shaping in favor of Equalizing technology, which is a superior solution for traffic shaping.  However, when we decided to move ahead with our new IPS this year, we realized we needed a fast-class analysis engine, one that could look at all data packets in real time. Our existing Layer 7 shaper only analyzed headers because that was adequate for its previous mission (detecting P2P streams).  For our new IPS system, we needed a solution that could do a deep dive into the data packets.  The IPS mission requires that you look at all the data – every packet crossing into a customer network.

The first step was to revamp the older engine and configure it to look at every packet. The results were disappointing.  With the load of analyzing every packet, we could not get throughput any higher than about 20 megabits, far short of our goal of 1 gigabit.

What do we do differently with our updated Layer 7 engine?

Necessity is the mother of invention, and so we invented a better Layer 7 engine.

The key was to take advantage of multiple processors for analysis of data without delaying data packets. The way the old technology worked was that it would intercept a data packet on a data link, hold it, analyze it for P2P patterns, and then send it on.  With this method, as packets come faster and faster you end up not having enough CPU time to do the analysis and still send the packet on without adding latency.  Many customers find this out the hard way when they update their data speeds from older slower T1 technology.  Typical analysis engines on affordable routers and firewalls often just can’t keep up with line speeds.

What we did was take advantage of a utility in the Linux Kernel called “clone skb”.  This allows you to make a temporary copy of the data packet without the overhead of copying.  More importantly, it allows us to send the packet on without delay and do the analysis within a millisecond (not quite line speed, but fast enough to stop an intruder).

We then combined the cloning with a new technology in the Linux kernel called Kernel Threading.  This is different than the technology that large multi-threaded HTTP servers use because it happens at the kernel level, and we do not have to copy the packet up to some higher-level server for analysis. Copying a packet for analysis is a huge bottleneck and very time-consuming.

What were our Results?

With kernel threading, cloning, and a high-end Intel SMP processor, we can make use of 16 CPU’s doing packet analysis at the same time and we now have attained speeds close to our 1 gigabit target.

When we developed our bandwidth shaping technology in 2003/2004, we leveraged technology innovation to create a superior bandwidth control appliance (read our NetEqualizer Story).  With the NetGladiator IPS, we have once again leveraged technology innovation to enable us to provide an intrusion prevention system at a very compelling price (register to get our price list), hence our customer’s remark about great speed for the price.

What other benefits does our low cost, high-speed layer 7 engine allow for? Is it just for IPS?

The sky is the limit here.  Any type of pattern you want to look at in real-time can now be done at one tenth (1/10th) the cost of the ASIC class of shapers.  Although we are not a fan of unauthorized intrusion into private data of the public Internet (we support Net Neutrality), there are hundreds of other uses which can be configured with our engine.

Some that we might consider in the future include:

– Spam filtering
– Unwanted protocols in your business
– Content blocking
– Keyword spotting

If you are interested in testing and experimenting in any of these areas with our raw technology, feel free to contact us ips@netgladiator.net.

Posted in Bandwidth Monitoring, Security, Topics. Tags: , , , , . 8 Comments »

Wired Bandwidth Prices, and What to Expect in the Future

June 27, 2012 — netequalizer

By Art Reisman

CTO – http://www.netequalizer.com

Art Reisman CTO www.netequalizer.com

Editor’s note: Art Reisman is the CTO of APconnections. APconnections designs and manufactures the popular NetEqualizer bandwidth shaper.

Bandwidth prices traditionally have a very regional component, and your experience may vary, but in the US there is a really good chance you can get quite a bit more bandwidth for a much lower price than what it would have cost you a few years ago. To site one example, we have a customer that contracts Internet services to supply several large residential housing units. Currently, commercial class business Internet service for 50 megabits runs $120 per month, which is the same price they were paying for 10 megabits 3 years ago. Essentially, they are getting five times as much bandwidth for the same price they signed up for 3 years ago. And they are not an anomaly. I am hearing the same story in almost every market in the US. We can conclude from our empirical data that bandwidth prices have dropped 80 percent in 3 years!

To answer the question on the future of bandwidth prices, we need to get a handle on what is driving them lower today.

Here are some of the factors:

1) The rise of Wave Division Multiplexing.

This has  most likely been the biggest factor in the recent reduction of prices. Although the technology has been around for a while, many businesses were locked into 3 and 4 year contracts. Now in 2012 , most carriers have  upgraded their networks to use WDM. The ability to greatly increase bandwidth  capacity without the cost of laying new cables, is now being passed onto the wholesale market.

2) The recession.

There is very little expansion of the customer base for demand of wired bandwidth. Yes, there is a huge space for wireless phones and such, and I’ll deal with those separately, but for the wired home or business there just are no new customers and there has not been for the past 8 years or so.

3) Broadband Initiative.

In some areas there have been subsidies to bring in higher speed lines where private business would have otherwise not made the investment.

4) Less infrastructure spending by traditional wired providers.

This seems a bit counter intuitive, but in the past few years, established providers have slowed laying out fiber to the home, and now they are free to charge a bit lower prices on their existing infrastructure because it is paid for. An analogy would be a rental car company that was able to go 3 or 4 years without investing in new cars, their expenses would drop and thus could lower their prices.

5) Competition.

This is somewhat related to the recession. Multiple providers in a market fighting for a flat or shrinking supply of new customers. Many of the contracts we see dropping to retain existing customers. Most of the sunk cost occurs in acquiring a new customer. Once you have a line in place with equipment at the customer premise, the last thing you want to have happen is to get outbid by an upstart, and you have room to move down in price so you discount heavily to retain the customer.

This may surprise you, but we believe the future (2013) holds higher prices.

Here are the reasons:

1) End of subsidies.

The government subsidies have worked but they have also been a huge embarrassment of waste and fraud, hence we won’t see any more of that for a little while.

2) Consolidation.

There will be consolidation in markets where there is competition, and the discounts will end. People love their wireless 4g, but those prices will never be competitive with wired to the business or home bandwidth. So once a region is down to a single wired supplier, they will be able to raise prices or at least stop discounting.

3) Expansion.

At some point, the real estate and business economy will begin to expand, at which time backbone and switching resources will become tighter from demand (this may happen just from video demand already). In other words, once providers have to start investing in more infrastructure, they will also need to raise prices to subsidize their new investments.

Related Articles and links

Business Phone News has a nice guide to purchasing bandwidth that explains the value of bandwidth management. This excerpt is take from their recent article on usage based billing.

Many business owners think, “I don’t need to worry about that as my IT director, IT department or IT contractor has got that covered.” Maybe yes, but maybe no! To double-check just how well your business bandwidth is being managed, download and take the “Business Bandwidth Management Self-Analysis Survey” in our Bandwidth Management Buyers Guide.

Posted in Business Advice, Commentary and Editorials. Tags: , , . 4 Comments »

A Smarter Way to Limit P2P Traffic

June 20, 2012 — netequalizer

By Art Reisman

Art Reisman CTO www.netequalizer.com

Editor’s note: Art Reisman is the CTO of APconnections. APconnections designs and manufactures the popular NetEqualizer bandwidth shaper.

If you are an IT professional interested in the ethical treatment of P2P (which we define as keeping it in check without invading the privacy of your customers by looking at their private data), you’ll appreciate our next generation approach to containing P2P usage. Thanks to some key input by a leading-edge ISP in South Africa, we have developed a next-generation P2P control that balances the resources of an ISP, and yet allows their end customers to use Bittorent without bringing down the network.

First a quick review of how P2P affects a network

A signature of a typical P2P user is that they can open hundreds of small connections while downloading files. A P2P client, such as Kazaa, is designed to find as many sources to a file as possible. For efficiency and speed, P2P clients operate as multi-threaded download engines, where each download stream captures a different segment of the requested file. When all the segments are complete they are re-assembled into a complete usable media file on your hard drive. The multiple downloads cause a strain on network bandwidth resources. They also create extreme overhead on wireless routers. Extreme P2P usage by just a subset of users can crowd out web pages, VoIP, YouTube and many other less aggressive applications.

Current P2P Limiting Solution: Connection Limits

Our current generation of P2P control involves intelligently looking at the number of connections generated from a user on your network. Based on the persistence and number of connections, we can reliably tell if a user is currently using P2P. The current P2P remedy, deployed on our NetEqualizer equipment, involves limiting the number of connections of suspected P2P users; this works well to limit p2p usage.  Thus, it keeps the P2P users from overwhelming a shared network.

Next-Generation P2P Limiting: Smart Connection Limits

While we have retained the connection-limiting aspects of our current P2P limiting technology, our new technology goes a step further. With Smart Connection Limits, limiting is done by also slowly starving the P2P connections for bandwidth. The bandwidth reduction is based on a formula which takes into a account two main factors:

1) the number of connections a user has open.
2) the load on the network.

I like to think of this technology as more of a “reward system”, resulting in a higher quality of service for non-P2P users.  In this case, the reward is that non-P2P users’ connections are not experiencing this reduction in bandwidth (although they may get equalized on any connection that is hogging bandwidth).  P2P users will slowly see less bandwidth allocated to their P2P traffic, which should discourage them from using P2P on your network.  Basically, this helps to train them to use better behavior – sharing the network resource more fairly with others.

This philosophyof fairness is aligned with the primary goal of the NetEqualizer – to ensure fairness for all network users. It follows that if a user has 20 concurrent streams and another user only has 5, to ensure equal  use of bandwidth under network load, the user with 20 streams should have his streams operate at 1/4 the speed of the user that has 5. While you may configure Smart Connection Limits at various levels, you could enforce the example indicated above.

The reason this technology is important is that, on a network pressed for bandwidth, the P2P users are often taking an unfair share. Even with basic rate caps per user in place, you often must augment that restriction by limiting the total number of connections per user. And now with our latest technology, we also temporarily restrict the bandwidth per connection (only applied to the P2P users).

If you are interested in learning more about Smart Connection Limits, to see if they are a fit for your network, contact us.

Some common questions and answers:

Is it possible to completely block P2P?

It is never safe to try to completely block p2p for a couple of reasons.

1) Although it is always possible to identify P2P, it is often expensive and not foolproof. To block it based on hearsay will cause problems. Our solution, although targeted on limiting P2P, focuses on the resource footprint of the P2P user, and does not attempt to outright block types of traffic. In other words, whether or not the traffic is actually P2P is not the issue. The issue is, is this user abusing resources? If yes, they get punished.

2) Devices that attempt to identify P2P traffic often use a technique called deep packet inspection (DPI), which is frowned upon as an invasion of privacy.  Additionally, we are finding that the latest P2P tools (such as utorrent) encrypt P2P streams as their default behavior, which defeats deep packet inspection.  Not so with our solutions; both Connection Limits and Smart Connection Limits will throttle encrypted P2P traffic.

Who do we recommend move from Connection Limits to Smart Connection Limits ?

If you are in a business where you charge for bandwidth usage (ISP, WISP, satellite provider), you should consider implementing Smart Connection Limits.  We also recommend looking at Smart Connection Limits if you have repeat offenders – basically, the same users are consistently running P2P traffic on your network and you want to change their behavior.

Can I continue using the Connection Limits or do I need to move to Smart Connection Limits?

Both solutions to Limit P2P traffic are being supported. If you do not have a lot of P2P traffic on your network, you may opt to stay with Connection Limits, as a quick-and-easy implementation. Smart Connection Limits take a little more thought to implement and have additional complexity, which you may not wish to take on at this point.

Posted in Bandwidth Management. Tags: , , . 4 Comments »

Case Study: A Simple Solution to Relieve Congestion on Your MPLS Network

June 11, 2012 — netequalizer

Summary: In the last few months, we have set up several NetEqualizer systems on hub and spoke MPLS networks. Our solution is very cost effective because it differs from many TOS/Compression-based WAN optimization products that require multiple pieces of hardware.  Normally, for WAN optimization, a device is placed at the HUB and a partner device is placed at each remote location. With the NetEqualizer technology, we have been able to simply and elegantly solve contention issues with a single device at the central hub.

The problem:

A customer has a hub and spoke MPLS network where remote sites get their public Internet and corporate data by coming in on a spoke to a central site.  Although the network at the host site has plenty of bandwidth, the spokes have a fixed allocation over the MPLS and are experiencing contention issues (e.g. slow response times to corporate sales data, etc.).

The solution:

By placing a NetEqualizer at a central location, so that all the remote spokes come in through the NetEqualizer, we are able to sense when a remote spoke has reached its contention level. We then perform prioritization on all the competing applications and user streams coming in over the congested link.

Why it works:

QoS and priority is really quite simple: it is always the case where some large selfish application is dominating a shared link. The NetEqualizer is able to spot these selfish applications and scale them back using a technique called Equalizing. QoS and priority are just a matter of taking away bandwidth from somebody else. See our related article: QOS is a matter of sacrifice.

Okay, but how does it really work?

How does NetEqualizer solve the congested MPLS link issue?

The NetEqualizer solution, which is completely compatible with MPLS, works by taking advantage of the natural inclination of applications to back off when artificially restrained. We’ll get back to this key point in a moment.

NetEqualizer will adjust selfish application streams by adding latency, forcing them to back off and allow potentially starved data applications to establish communications – thus eliminating any disruption.

Once you have determined the peak capacity of an MPLS spoke (if you don’t know for sure it can be determined empirically through busy hour observation), you then tell the centralized NetEqualizer the throughput of the spoke through its defined subnet range or VLAN identification tag. This tells the NetEqualizer to kick into gear when that upper limit on the spoke is reached.

Once configured, the NetEqualizer constantly (every second) measures the total aggregate bandwidth throughput traversing every spoke on your network. If it senses the upper limit is being reached, NetEqualizer will then isolate the dominating flows and encourage them to back off.

Each connection between a user on your network and the Internet constitutes a traffic flow. Flows vary widely from short dynamic bursts, which occur, for example, when searching a small Web site, to large persistent flows, as when performing peer-to-peer file sharing or downloading a large file.

By keeping track of every flow going through each MPLS spoke, the NetEqualizer can make a determination of which ones are getting an unequal share of bandwidth and thus crowding out flows from weaker applications.

NetEqualizer determines detrimental flows from normal ones by taking the following questions into consideration:

  1. How persistent is the flow?
  2. How many active flows are there?
  3. How long has the flow been active?
  4. How much total congestion is currently on the link?
  5. How much bandwidth is the flow using relative to the link size?

Once the answers to these questions are known, NetEqualizer will adjust offending flows by adding latency, forcing them to back off and allow potentially starved applications to establish communications – thus eliminating any disruption. Selfish Applications with more aggressive bandwidth needs will be throttled back during peak contention. This is done automatically by the NetEqualizer, without requiring any additional programming by administrators.

The key to making this happen over an MPLS link relies on the fact that if you slow a down a selfish application it will back off. This can be done via the NetEqualizer without any changes to the topology of your MPLS network, since the throttling is done independent of the network.

Questions and Answers

How do you know congestion is caused by a heavy stream?

We have years of experience optimizing networks with this technology. It is safe to say that on any congested network, roughly five percent of users are responsible for 80 percent of Internet traffic. This seems to be a law of Internet usage.2

Can certain applications be given priority?

NetEqualizer can give priority by IP address, for video streams, and in its default mode it naturally gives priority to VoIP, thus addressing a common need for commercial operators.

———————————————————————————————————————————————–

2Randy Barrett, “Putting the Squeeze on Internet Hogs: How Operators Deal with Their Greediest Users.” Multichannel News. 7 Mar. 2007. Retrieved 1 Aug. 2007 http://www.multichannel.com/article/CA6439454.html

Posted in Bandwidth Management, Network Capacity, Topics. Tags: , , , . 4 Comments »

Four Reasons Why Companies Remain Vulnerable to Cyber Attacks

May 30, 2012 — netequalizer

Over the past year, since the release of our IPS product, we have spent many hours talking to resellers and businesses regarding Internet security. Below are our observations about security investment, and more importantly, non-investment.

1) By far the number one reason why companies are vulnerable is procrastination.

Seeing is believing, and many companies have never been hacked or compromised.

Some clarification here, most attacks do not end in something being destroyed or any obvious trail of data being lifted. This does not mean they do not happen; it’s just that there was no immediate ramification in many cases hence, business as usual.

Companies are run by people, and most people are reactive, and furthermore somewhat single threaded, thus they can only address a few problems at a time. Without a compelling obvious problem, security gets pushed down the list. The exception to the procrastination rule would be verticals such as financial institutions, where security audits are mandatory (more on audits in a bit). Most companies, although aware of  risk factors, are reluctant to spend on a problem that has never happened. In their defense, a company that reacts to all the security FUD, might find itself hamstrung and out of business. Sometimes, to be profitable, you have to live with a little risk.

2) Existing security tools are ignored.

Many security suites are just too broad to be relevant. Information overload can lead to a false sense of coverage.

The best analogy I can give is the Tornado warning system used by the National Weather Service. Their warning system, although well-intended, has been so diffuse in specificity that after a while people ignore the warnings. The same holds true with security tools. In order to impress and out-do one another, security tools have become bloated with quantity, not quality. This overload of data can lead to an overwhelming glut of frivolous information. It would be like a stock analyst predicting every possible outcome and expecting you to invest on that advice. Without a specific, targeted piece of information, your security solution can be a distraction.

3) Security audits are mandated formalities.

In some instances, a security audit is treated as a bureaucratic mandate. When security audits are mandated as a standard, the process of the audit can become the objective. The soldiers carrying out the process will view the completed checklist as the desired result and thus may not actually counter existing threats. It’s not that the audit does not have value, but the audit itself becomes a minimum objective. And most likely the audit is a broad cookie-cutter approach which mostly serves to protect the company or individuals from blame.

4) It may just not be worth the investment.

The cost of getting hacked may be less than the ongoing fees and consumption of time required to maintain a security solution. On a mini-scale, I followed this advice on my home laptop running Windows. It was easier to re-load my system every 6 months when I got a virus rather than mess with all the security virus protection being thrown at me, slowing my system down. The same holds true on a corporate scale. Although nobody would ever come out and admit this publicly, or make it deliberately easy, but it might be more cost-effective to recover from a security breach than to proactively invest in preventing it. What if your customer records get stolen, so what? Consumers are hearing about the largest banks and government security agencies getting hacked every day. If you are a mid-sized business it might be more cost-effective to invest in some damage control after the fact rather than jeopardize cash flow today.

So what is the future for security products? Well, they are not going to go away. They just need to be smarter, more cost-effective, and turn-key, and then perhaps companies will find the benefit-to-risk more acceptable.

<Article Reference:  Security Data overload article >

Posted in Commentary and Editorials, Security. Tags: , , , , , , , . Leave a Comment »

Web Security Breaches and Accountability

May 18, 2012 — netequalizer

By Zack Sanders – Security Expert – APconnections

If this recent story about a breach of medical information in Utah is any indication of how organizations will now handle security breaches, technology managers everywhere should be shaking in their boots. After a breach that exposed personal information of 780,000 people, the Utah state technology director was relieved of his position by the governor, and several others are under investigation.

Details of the actual attack are scarce, but it appears as though a medicaid server (possibly hosted in the cloud) was vulnerable to a security misconfiguration at the password authentication level. This could mean a few different things – including SQL injection issues, exposed configuration files, or that content was accessible without actually logging in. Regardless of how it really occurred, it certainly could have been prevented with proper proactive assessments.

The larger issue at hand that the article touches on is accountability in data security. Personally, I think you are going to have a hard time finding organizations that will guarantee their solutions are totally secure. It’s just not realistic. You can never be 100% protected against an attack, and because software solutions often rely on other technologies and people, the amount of ways in are many and proving exactly how someone got in and who is to blame will be difficult considering that vulnerabilities are often leveraged against each other. For example, say you have a server that has a third party web application, a back-end database, and blog software installed. The web application itself is secure, but the blog software is not. It is breached by an attacker, and the database for the web application is stolen. User data in the database was not encrypted, and wide-spread fraud occurs. Who is to blame? The blog maker? The web application developer? The system administrator?

In truth, the answer is everyone – to varying degrees. The system administrator should not have these two software packages running on the same system. The blog developers should have built a better solution. The web application programmer should have encrypted data at rest. Blame can even shift further up the chain. The IT director should have budgeted more money for security. The board members should have demanded proactive actions be taken.

So, it is likely the firings in the Utah Medicaid breach were mostly political in that someone has to fall on the sword, but in truth, the blame should fall on many individuals and companies.

One thing is clear, if you are a technology director or manager, you don’t want this to happen to you – but there are actions you can take. The most important thing is to BE PROACTIVE about security. How many breaches do you have to read about every day before you take charge in your own environment. If you’ve never been hacked, ask someone who has. It is a very painful process and costs reputation, money, and time. Start taking steps today to better your chances against attack. Some options to consider:

– Have quarterly security assessments conducted.

– If major changes to the application or server are made, have those changes reviewed for security.

– Discuss your security controls with an expert.

– Audit your existing infrastructure and start making changes now. Even though this will take time and resources, it does not compare to the time and resources required if a breach occurs.

Posted in Security. Leave a Comment »

Ten Things You Can Do With Our $999 Bandwidth Controller

May 15, 2012 — netequalizer

Why are we doing this?

In the last few years, bulk bandwidth prices have plummeted. The fundamentals for managing bandwidth have also changed. Many of our smaller customers, businesses with 50 to 300 employees, are upgrading their old 10 megabit circuits with 50 Megabit  links at no extra cost. There seems to be some sort of bandwidth fire sale going on…

Is there a catch?

The only restriction on the Lite unit (when compared to the NE2000) is the number of users it can handle at one time. It is designed for smaller networks. It has all the features and support of the higher-end NE2000. For those familiar with our full-featured product, you do not lose anything.

Here are ten things you can still do with our $999 Bandwidth Controller

1) Provide priority for VOIP and Skype on an MPLS link.

2) Full use of Bandwidth Pools. This is our bandwidth restriction by subnet feature and can be used to ease congestion on remote Access Points.

3) Implement bandwidth restrictions by quota.

4) Have full graphical reporting via NTOP reporting integration.

5) Automated priority via equalizing for low-bandwidth activities such as web browsing, using Citrix terminal emulation, and web applications (database queries).

6) Priority for selected video stations.

7) Basic Rate limits by IP, or MAC address.

8) Limit P2P traffic.

9) Automatically email customers on bandwidth overages.

10) Sleep well at night knowing your network will run smoothly during peak usage.

Are Bandwidth Controllers still relevant?

Dirt cheap bandwidth upgrades are good for consumers, but not for expensive bandwidth controllers on the market. For some products in excess of  $50,000, this might be the beginning of the end. We are fortunate to have built a lean company with low overhead. We rely mostly on a manufacturer-direct market channel, and this is greatly reduces our cost of sale. From experience, we know that even with higher bandwidth amounts, letting your customers run wide-open is still going to lead to trouble in the form of congested links and brownouts. 

As bandwidth costs drop, the Bandwidth Controller component of your network is not going to go away, but it must also make sense in terms of cost and ease of use. The next generation bandwidth controller must be full-featured while also competing with lower bandwidth prices. With our new low-end models, we will continue to make the purchase of our equipment a “no brainer” in value offered for your dollar spent.

There is nothing like our Lite Unit on the market delivered with support and this feature set at this price point. Read more about the features and specifications of our NetEqualizer Lite in our  NetEqualizer Lite Data Sheet.

Posted in Bandwidth Management. Tags: , , , , , , , . Leave a Comment »

APconnections Celebrates New NetEqualizer Lite with Introductory Pricing

May 15, 2012 — netequalizer

Editor’s Note:  This is a copy of a press release that went out on May 15th, 2012.  Enjoy!

Lafayette, Colorado – May 15, 2012 – APconnections, an innovation-driven technology company that delivers best-in-class network traffic management solutions, is celebrating the expansion of its NetEqualizer Lite product line by offering special pricing for a limited time.

NetEqualizer’s VP of Sales and Business Development, Joe D’Esopo is excited to announce “To make it easy for you to try the new NetEqualizer Lite, for a limited time we are offering the NetEqualizer Lite-10 at introductory pricing of just $999 for the unit, our Lite-20 at $1,100, and our Lite-50 at $1,400.  These are incredible deals for the value you will receive; we believe unmatched today in our industry.”

We have upgraded our base technology for the NetEqualizer Lite, our entry-level bandwidth-shaping appliance.  Our new Lite still retains a small form-factor, which sets it apart, and makes it ideal for implementation in the Field, but now has enhanced CPU and memory. This enables us to include robust graphical reporting like in our other product lines, and also to support additional bandwidth license levels.

The Lite is geared towards smaller networks with less than 350 users, is available in three license levels, and is field-upgradable across them: our Lite-10 runs on networks up to 10Mbps and up to 150 users ($999), our Lite-20 (20Mbps and 200 users for $1,100), and Lite-50 (50Mbps and 350 users for $1,400).  See our NetEqualizer Price List for complete details.  One year renewable NetEqualizer Software & Support (NSS) and NetEqualizer Hardware Warranties (NHW) are offered.

Like all of our bandwidth shapers, the NetEqualizer Lite is a plug-n-play, low maintenance solution that is quick and easy to set-up, typically taking one hour or less.  QoS is implemented via behavior-based bandwidth shaping, “equalizing”, giving priority to latency-sensitive applications, such as VoIP, web browsing, chat and e-mail over large file downloads and video that can clog your Internet pipe.

About APconnections:  APconnections is based in Lafayette, Colorado, USA.  We released our first commercial offering in July 2003, and since then thousands of customers all over the world have put our products into service.  Today, our flexible and scalable solutions can be found in over 4,000 installations in many types of public and private organizations of all sizes across the globe, including: Fortune 500 companies, major universities, K-12 schools, and Internet providers on six (6) continents.  To learn more, contact us at sales@apconnections.net.

Contact: Sandy McGregor
Director, Marketing
APconnections, Inc.
303.997.1300
sandy@apconnections.net

Posted in News, Press Releases. Tags: , , , , , , . Leave a Comment »

Apconnections Backs up Security Device Support with an unusual offer, “We’ll hack your network”

May 9, 2012 — netequalizer

What gets people excited about purchasing an intrusion detection system? Not much. Certainly, fear can be used to sell security devices. But most, mid sized companies are spread thin with their IT staff, they are focused on running their business operations. To spend money to prevent something that has never happened to them would be seen as somewhat foolish. There are a large number of potential threats to a business, security being just one of them.

One expert pointed out recently:

“Sophisticated fraudsters are becoming the norm with data breaches, carder forums, and do it yourself (DIY) crime kits being marketed via the Internet.” Excerpt from fraudwar blog spot.

Thus, getting data stolen happens so often that it can be considered a survivable event, it is the new normal. Your customers are not going to run for the hills, as they have been conditioned to roll with this threat. But there still is a steep cost for such an event. So our staff put our heads together and asked the question… there must be an easy, quantifiable, minimum investment way to objectively evaluate data risk without a giant cluster of data security devices in place, spewing gobs of meaningless drivel.

One of our internal, white knight, hackers pointed out, that in his storied past, he had been able to break into almost any business at will (good thing he is a white knight and does not steal or damage anything). While talking to some of our channel resellers we have also learned that most companies, although aware of outside intrusion, are reluctant to throw money and resources at a potential problem that they can’t easily quantify.

Thus arose an idea for our new offer. For a small refundable retainer fee, we will attempt to break into a customers data systems from the outside. If we can’t get in, then we’ll return the retainer fee. Obviously, if we get in, we can then propose a solution with indisputable evidence of the vulnerability, and if we don’t get in, then the customer can have some level of assurance that their existing infrastructure thwarted a determined break in.

Posted in New Features, Security, Topics. Tags: , , , . Leave a Comment »

APconnections CTO Quoted in Wall Street Journal Article

May 9, 2012 — netequalizer

Art Reisman, CTO of APconnections, was recently quoted and interviewed as the primary source in an article in the Wall Street Journal regarding Procter & Gamble’s employees’ Internet use. Art was asked to comment, due to his expertise in bandwidth shaping, on Procter & Gamble’s plan to restrict Internet access to sites such as Netflix and Pandora.

The article appeared in the April 4th, 2012 print edition of the Wall Street Journal. You can read the full article here in the online edition (you may need to be a subscriber to view): http://online.wsj.com/article/SB10001424052702304072004577324142847006340.html

Here is Art’s expert commentary from the article:

…A number of businesses are struggling with bandwidth problems as extensive downloading soaks up network capacity and risks slowing connections. For instance, if a company has 500 employees and three are watching Netflix movies, they could use most of a company’s bandwidth if it doesn’t have a lot.

“Indeed, 300 employees surfing the Web could use the same amount as the movie watchers”, said Art Reisman, chief technology officer of NetEqualizer, which is part of traffic-management firm APconnections Inc.

“Let’s say you merge onto the freeway and no one will let you on. If these things are running, nobody else can get on,” said Mr. Reisman, who is based in Lafayette, Colo.

Of course, if you have a bandwidth shaper in place, such as the NetEqualizer, you are reducing contention on your Internet pipe.  The NetEqualizer uses fairness-based shaping, which will allocate bandwidth to the 300 employees surfing the web, while giving less bandwidth to the movie watchers (bandwidth hogs).

 

Posted in Commentary and Editorials. Leave a Comment »

NetEqualizer News: May 2012

May 8, 2012 — netequalizer

May 2012

Greetings!

Enjoy another issue of NetEqualizer News! This month, we invite you to take our NetGladiator Hacking Challenge, preview features in our now live 5.8 Software Update for NetEqualizer, announce the FlyAway Contest winner, and ask our Library customers to take a short survey. As always, feel free to pass this along to others who might be interested in NetEqualizer News.
A message from Art…


In Colorado, where we are located, May is the start of graduation season. Graduation always makes me think of new beginnings and future plans, which leads me to ask, how do you know when you are ready for a new beginning with NetEqualizer? If you wonder if it is time for you to upgrade your hardware, email your serial # with the subject “Please check my hardware” to admin@apconnections.net and we will determine if it is time for you to consider a new NetEqualizer.

We love it when we hear back from you – so if you have a story you would like to share with us of how we have helped you, let us know. Email me directly here. I would love to hear from you!

Case Study: A Successful BotNet-Based Attack
Because we recently released our NetGladiator Intrusion Prevention System earlier this year, we’ve been blogging a lot about security-related topics lately, and the most recent post is one of the most interesting. Go behind the scenes of a real attack to see how a botnet-based hack occurs and how the effects are mitigated. Read this post, then think about how your web infrastructure stacks up.

Not sure where you stand? Think your sites are good to go? Either way, take our NetGladiator Hacking Challenge below!

—-

NetGladiator Hacking Challenge
We bet that we can find significant vulnerabilities in your website(s) that could lead to large-scale exploitation of data.

Give us $1,000 to try and ethically hack your website(s). If we find something, we’ll give you a detailed report of what we found and how to fix it. We can then discuss security controls and appliances that will help you immensely going forward. If we don’t find anything, we’ll credit the $1,000 back to your account.

It’s that simple.

Contact us today to schedule an assessment:

ips@apconnections.net
-or-
(303) 997-1300 x. 123.

—-

NetGladiator is currently looking for value-added resellers. If you are interested in becoming a reseller of our security appliance, contact us at:

ips@apconnections.net
-or-
(303) 997-1300 x. 123.

And the FlyAway Contest Winner Is…
Every few months, we have a drawing to give away two round-trip domestic airline tickets from Frontier Airlines to one lucky person who’s recently tried out our online NetEqualizer demo.

The time has come to announce this round’s winner.

And the winner is… Bill Vader of Fairmont Area Schools. Congratulations, Bill!

Please contact us within 30 days (by June 7, 2012) at:

admin@apconnections.net
-or-
303-997-1300

to claim your prize!

Library Customer Survey
Are you a Library customer or a consultant that supports Libraries? If so, we want to hear from you!

In 2012, we are targeting Libraries as part of our NetEqualizer Marketing programs, and we need your help to figure out where to best spend our time and money. We are asking for your feedback on the NetEqualizer, as well as your input on proposed marketing ideas, as we believe that this will help us to develop effective marketing programs to reach your Library peers.

If you have not already responded, please take 5-10 minutes to fill out our brief survey (we appreciate your response by Friday, May 18th, please). The questions are easy – you cannot get them wrong!

Take our NetEqualizer Library Survey

We really appreciate your time and feedback!

5.8 Software Update Now Available
Our 5.8 Software Update for the NetEqualizer has completed beta testing, and is now available for all customers. New features include:

Expanded Prioritization

Now you can dynamically allocate bandwidth, by giving priority or taking away bandwidth on the fly for domains like NetFlix, YouTube, or Hulu. This is done by entering in the name servers that you want prioritized or restricted.

This is a clean solution, as we are able to do this without violating Net Neutrality because we don’t use deep packet inspection (DPI).

We also have added in the ability to add priority hosts by entire subnet instead of just IP address. This feature is useful if you need to prioritize a section of your network, for example, a subnet where your video streaming servers are hosted.

VLAN Masking

VLAN Masking is an extension of our masking feature. Masks enable you to mark traffic to be ignored by the NetEqualizer, and are used primarily to exclude local traffic that you do not want equalized.

Advanced Quota API

The 5.8 Software Update is Quota API ready. The new Quota API tool allows you to more easily manage bandwidth caps for users by providing a much cleaner and efficient interface.

Better Caching

We are now shipping with 750 gigabyte SSD drives to enhance our caching in the NetEqualizer. This means we have the capability to hold more content and store larger videos. We also cache some smaller, more popular web pages to allow those sites to be loaded very quickly.

—-

As always, the 5.8 Software Update will be available at no charge to customers with valid NetEqualizer Software Subscriptions (NSS).

For more information on the NetEqualizer or the upcoming release, visit our blog or contact us at:

sales@apconnections.net
-or-
toll-free U.S.(888-287-2492),
worldwide (303) 997-1300 x. 103.

Best Of The Blog

Do We Really Need SSL?

By Art Reisman – CTO – APconnections

I know that perception is reality, and sometimes it is best to accept it, but when it comes to security, FUD, I get riled up.

For example, last year I wrote about the un-needed investment surrounding the IPV4 demise, and, as predicted, the IPv6 push turned out to be mostly vendor hype motivated by a desire to increase equipment sales. Today, I am here to dispel the misplaced fear around the concept of having your data stolen in transit over the Internet. I am referring to the wire between your residence and the merchant site at the other end. This does not encompass the security of data once it is stored on disk drive at its final location, just the transit portion.

To get warmed up, let me throw out some analogies.

Do you fear getting carjacked going 75 mph on the interstate?

Most likely not, but I bet you do lock your doors when stopped.

Do you worry about encrypting your cell phone conversations?

Not unless you are on security detail in the military.

As with my examples, somebody stealing your credit card while it is in transit, although possible, is highly impractical; there are just better ways to steal your data
Photo Of The Month

Hiking, Biking and Spiritual Vortexes

Immediately upon arrival, it’s not difficult to see why Sedona, AZ is such an enchanting place. Even though we are spoiled by the natural beauty of Colorado, the backdrop that Northern Arizona provides is a close rival. While Boulder, CO and the surrounding mountains boast some of the best road biking in the world, the trail system in this unique area is king when it comes to mountain biking. The picture above was taken by one of our staff members on a recent trek.
Posted in Newsletters. 1 Comment »
« Older posts
Newer posts »