Our intent with our tips is to exemplify some of the impracticalities involved with “brute force” shaping of encrypted traffic, and to offer some alternatives.
1) Insert Pre-Encryption software at each end node on your network.
This technique requires a special a custom APP that would need to be installed on Iphones, Ipads, and the laptops of end users. The app is designed to relay all data to a centralized shaping device in an un-encrypted format.
- assumes that the a centralized IT department has the authority to require special software on all devices using the network. It would not be feasible for environments where end users freely use their own equipment.
2) Use a sniffer traffic shaper that can decrypt the traffic on the fly.
- The older 40 bit encryption codes could be hacked by a computer in about a one week, the newer 128 bit encryption codes would require the computer to run longer than the age of the Universe.
3) Just drop encrypted traffic, don’t allow it, forcing users to turn off SSL on their browsers. Note: A traffic shaper, can spot encrypted traffic, it just can’t tell you specifically what it is by content.
- Seems rather draconian to block secure private transmissions, however the need to encrypt traffic over the Internet is vastly overblown. It is actually extremely unlikely for a personal information or credit card to get stolen in transit , but that is another subject
- Really not practical where you have autonomous or public users, it will cause confusion at best, a revolt at worst.
4) Perhaps re-think what you are trying to accomplish. There are more heuristic approaches to managing traffic which are immune to encryption. Please feel free to contact us for more details on a heuristic approach to shaping encrypted traffic.
5) Charge a premium for encrypted traffic. This would be more practical than blocking encrypted traffic, and would perhaps offset some of the costs for associate with the overuse of p2p encrypted traffic.
NetEqualizer a Great ROI Purchase for Reducing T1, E1, DS3 CostsOctober 23, 2008 — netequalizer
If you are looking to cut costs with the recent downturn in the economy, now would be a good time re-visit the issue of bandwidth optimization. How can it be cost justified ?
First, ask yourself if you’re maxing out your Internet connection. If the answer is yes, then you should look at optimizing tools before purchasing more bandwidth. However, some are quite expensive and hard to swallow, making it difficult to justify the expense. But, NetEqualizer offers a very competitive fixed price solution with no recurring costs.
There are two basic cost-savings factors with the NetEqualizer:
1) Greatly reduced IT labor — For most business, the largest single line item cost is human labor. And one of the hardest labor costs to quantify is your IT. Your IT staff may seem to somehow make themselves essential to every issue, no matter how hard you try to automate things.
On the issue of complaints that “the Network is slow,” if you were to sit back and conservatively look at tech time spent fiddling with routers or your expensive layer-7 based packet shaper, you’d probably notice that quite a bit of time is spent making adjustments and tweaking equipment on a weekly or daily business, only to repeat the fire drill the next time the network grinds to a halt.
Why is this?
Nine times out of ten, the core problem is too much congestion, and to compound matters, the acute source of the congestion changes. It is the transient nature of the cause that tends to drive up your labor costs. Yes you can find and head off problems with your router or deep packet inspection device, but you have to re-visit this issue each time the congestion source changes. Great for keeping techs busy, but bad for costs.
The big advantage with the NetEqualizer over the layer-7 shapers, or using a reporting tool and manually chasing issues on your router, is that the NetEqualizer proactively finds and eliminates network congestion before it blows up in your face, becoming an IT fire drill. Over and over again we hear from customers that they have deployed the NetEqualizer with our default setup, plugged it in, and left it alone.
So, if you’re looking to save money in this downturn, have your IT support do something that helps generate revenue, like forward-facing customer support, and let the NetEqualizer put out the fires before they spread.
2) Stretching your existing bandwidth to accommodate more users — Essentially, this allows you to indefinitely stave off signing a new bandwidth contract.
NetEqualizer can stretch the life of your current Internet trunk. Internet congestion is similar to the problem power companies face. They must have enough capacity on their grid to meet peak demands even though they may rarely need it. The same holds true for your Ineternet contract. You must purchase a contract with ample bandwidth to meet your peak loads. But, as you may realize, much of your peaks are transient and they are also related to quite a bit of non-business traffic. The NetEqualizer is effective because it can spread your non-essential traffic out over time, smoothing out your peaks.
For more information on the NetEqualizer, including a live demo and price list, visit www.netequalizer.com.