NetEqualizer News: October 2013


October 2013

Greetings!

Enjoy another issue of NetEqualizer News! This month, we preview our new RTR features (now available in Beta), reveal the location of our next Technical Seminar, discuss enhancements to our caching option, and remind you to get your web applications secured. As always, feel free to pass this along to others who might be interested in NetEqualizer News.

A message from Art…
Art Reisman, CTO – APconnections

art_smallFall is officially here in Boulder, Colorado. In fact, we had our first hard frost (the overnight low was 29 degrees Fahrenheit) on October 4th, pretty much right on schedule, as our fifty year average is October 6th. As we told you in our last newsletter, we have been planning for a late October harvest for our next release. We are right on track to release Software Update 7.5 in late October and have a Beta version of the new features available NOW. If you would like to get a sneak peek at the new features, learn more below about how to get involved in our 7.4 RTR Beta Test.

We love it when we hear back from you – so if you have a story you would like to share with us of how we have helped you, let us know. Email me directly at art@apconnections.net. I would love to hear from you!

2013 Fall Technical Seminar
neteq seminar logo with border

We are happy to announce the date and time of our 2013 Fall Technical Seminar! Please join our CTO, Art Reisman, at our host site, Western Michigan University, on Tuesday, November 12th, 2013 for a half-day seminar in Kalamazoo, Michigan.

To learn more or register for this FREE technical seminar, sign up here.logo-270x231

Last month we asked for folks to let us know if they would be interested in hosting our next Technical Seminar. We had several people step forward (thank you all!), and from that group, have decided to hold our 2013 Fall Technical Seminar in Michigan.

We think Michigan will be a great place to visit in the fall, are are excited to see the NetEqualizer in action at Western Michigan, a longtime customer who has been using NetEqualizers since early 2008.

If you have any questions regarding the Technical Seminar, contact us at:

sales@apconnections.net

We hope to see you there!


NetEqualizer Caching Investment

We have recently partnered with some of the Squid core development team to harden and make our caching the best it can be!

Recent testing with enhancements are showing even better hit ratios for YouTube and other media, resulting in a better caching system for our customers.

The NetEqualizer Caching Option (NCO) is available as an add-on to NetEqualizer systems at additional cost. Caching helps supplement the power of Equalizing by storing high-bandwidth streams locally for internal users.For more information on NCO, click here.If you are interested in adding caching to your system, contact us at:

sales@apconnections.net


Planning for 2014: Do You Need to Secure Your Web Applications?

As we near the end of 2013, many of you may be putting together your 2014 plans.netgladiator_logo If web application security is on your “must have” list for 2014, you might want to take a look at our sister product, the NetGladiator.

We used NetEqualizer’s guiding principles when we developed the NetGladiator: keep it affordable (starting at $3,500 USD), make sure it is easy to set up and maintain, and implement security rules that provide value and make sense without the overkill of most products.

If you would like to learn more, visit our website, take a look at our white paper, or contact us at:

ips@apconnections.net

Not sure if you should be thinking about web application security? Take our hacking challenge to see if your web apps are at risk!


RTR Release and Beta Testing!

We are very excited to announce the release of our new Real-Time Reporting (RTR) tool features!

Here are all the cool new reports/features that you will see in Software Update 7.4 (as well as our Beta version):

The first major enhancement you will see is the ability to look at graphs of all traffic going through the NetEqualizer.

This graph will show you your equalizing ratio and when traffic peaked above that threshold as well as minimum and maximum outputs in the given time frame. This will really help you see how often and when traffic is being Equalized from an historical perspective.

totaltraffic

The other new features revolve around being able to run reports on each IP in your Active Connections table.

Instead of a static table, you will now see links associated with each IP address.
ip

Click the desired IP address to bring up the reporting interface.

report

From here, you can do a number of tasks:

1) Look at historical graphs of traffic to and from the given IP address.

ipgraph

2) Look up the country associated with the IP address.
3) Do an NS Lookup of the IP address to see what name server it is associated with.
4) Show all rules for an IP – this interface shows you what rules currently affect the given IP (hard limits, pools, connection limits, etc.).

allrules

We are currently in Beta on new RTR Features (7.4 Release with RTR Beta), and would like several more customer participants. If you are interested, please email us at:

sales@apconnections.net

so we can see if you are a good fit for the Beta version. We plan to release the new RTR functionality to all customers as Software Update 7.5 in late October.

If you are interested in participating, you need to be current on NSS, and either be on the 7.4 release currently or be willing to upgrade to it. Once on 7.4, we will give you a hot fix to install the new RTR capabilities.

For more information on Software Update 7.4 and our Beta release, click here.


Best Of The Blog

Using OpenDNS on Your Wireless Network to Prevent DMCA Infringements

By Sam Beskur – CTO – Global Gossip

Editor’s Note: APconnections and Global Gossip have partnered to offer a joint hotel service solution, HMSIO. Read our HMSIO service offering datasheet to learn more.

Traffic Filtering with OpenDNS

Abstract
AUP (Acceptable Use Policy) violations which include DMCA infringements on illegal downloads (P2P, Usenet or otherwise) have been hugely troublesome in many locations where we provide public access WiFi. Nearly all major carriers here in the US now have some form of notification system to alert customers when violation occur and the once that don’t send notifications are silently tracking this behavior…

Photo Of The Month

artdoingymca
“It’s fun to stay at the Y.M.C.A.” (what’s this?)
At APconnections, we like to maintain a good work-life balance – and that includes having fun at the office. While our CTO, Art Reisman, was off running at the gym, we played this little Halloween “trick” on him.

NetEqualizer News: June 2013


June 2013

Greetings!

Enjoy another issue of NetEqualizer News! This month, we preview our new Dynamic Real-Time Reporting Tool, announce our quarterly FlyAway Contest winner, celebrate our 10th Anniversary, and discuss our upcoming Technical Seminar! As always, feel free to pass this along to others who might be interested in NetEqualizer News.

A message from Art…
Art Reisman, CTO – APconnections

Ten years ago this summer I was feverishly developing the original DPI version of the NetEqualizer, and gettingNetEQ_story_icon ready to release it to customers. It is both humbling and gratifying to be a part of growing my big idea into the company that we are today. If you want to see into the mind of an entrepreneur during start up, you can read all about my journey and how the technology was developed in “The Story of NetEqualizer”, available as a PDF or eBook.

We love it when we hear back from you – so if you have a story you would like to share with us of how we have helped you, let us know. Email me directly at art@apconnections.net. I would love to hear from you!

Software Update 7.1: Dynamic Real-Time Reporting is Here!

We are excited to announce that our built-in version of the Dynamic Real-Time Reporting (RTR) tool is ready for release to all customers on Software Update 7.0+!

One of the things that differentiates the NetEqualizer from other monitoring and shaping tools is that we have the actual data for every user accurately updated by the second.

The reporting tools on most other devices tend to slog along and show you aggregate usage of 5 minute averages. Even the charge back mechanisms that ISPs use to figure out if you are over your allotted bandwidth do 95th percentile sampling – meaning they estimate your usage from sporadic sampling.

One thing we have not been good at, until now, is making this wealth of real data available to the end user in a nice organized usable presentation.

As of this week that is going to change.

In our 7.1 Software Update we have upgraded to a more robust Apache Web server shipping with every system. This has allowed us to take some of real time data and offer the administrator some nicer tools. For example, you can:

– View active connections running through your NetEqualizer and search or sort them however you like.
– Figure out the country associated with a specific IP address.
– View the top 10 flows running through your network – those that are using the most bandwidth.

top10

– View the state of all currently penalized flows. See which flows are newly penalized, which have had their penalties increased, and which have had their penalties decreased.

flows

– View, search and sort all running processes to easily spot problems with your device.

Stay tuned to NetEqualizer News for updates on new features!

The RTR tool is free to customers with valid NetEqualizer Software and Support who are running version 7.0+. If you are not current with NSS, contact us today!

sales@apconnections.net

-or-

toll-free U.S. (888-287-2492),

worldwide (303) 997-1300 x. 103


Fall Technical Seminar

We are starting to plan for our next Technical Seminar!

This popular seminar brings our CTO, Art Reisman, directly to you. In this half day event, Art explores the NetEqualizer technology in detail, and answers your technical questions. We will also be discussing and answering questions about our NetGladiator security appliance! Lunch will be provided to all attendees.

In this Technical Seminar, you will experience the following:neteq seminar logo with border
  • Deep dive on NetEqualizer bandwidth shaping
  • Learn how NetEqualizer Caching Option works
  • See the new Software Update (7.1)
  • Walk through a NetEqualizer Live Demo
  • Get your technical questions answered
  • Participate in a brainstorming session on future direction of bandwidth control
  • Learn more about the NetGladiator web application security appliance

Please note that this is NOT a marketing presentation – it is run by & created for techies!

Whether you are an existing customer or just starting to think about bandwidth shaping, come learn more about the NetEqualizer technology and share your experiences with other customers.

We are also currently looking for a location to host the seminar sometime around October of this year. If you or your organization is interested, please contact us at:

sales@apconnections.net


And the FlyAway Contest Winner Is…

Every few months, we have a drawing to give  away two round-trip domestic airline tickets from Frontier Airlines to one lucky person who’s recently tried out our online NetEqualizer demo.

The time has come to announce this round’s winner.

And the winner is…40

Terrence Shipclark of Humber College.

Congratulations, Terrence!

Please contact us within 30 days (by July 17, 2013) at:

admin@apconnections.net
-or-
303-997-1300

to claim your prize!


10 Year Anniversary Celebration – All Summer Long!

We are celebrating 10 years in business this summer, thanks to you, our loyal customers! Our first NetEqualizer sale was a CD version, way back on July 13th, 2003. We have come a long way since then. We have rolled out NetEqualizer appliances to offer a consistent, standard, supportable framework to make it easy for you to own and operate your NetEqualizer.APconnections 10 Year Celebration

We have built out our core technology, equalizing behavior-based shaping, and added tons of features along the way – such as our Professional Quota API, CALEA, the NetEqualizer Caching Option (NCO), NetEqualizer Directory Integration (NDI), and a new GUI – just to name a few.

And we have leaped into the web application security world, introducing our NetGladiator IPS appliances last year.

Thousands of installations later, NetEqualizers are deployed across six (6) continents in small and large businesses, universities, schools, libraries, and internet providers.

So, as part of our 10 Year Celebration, we will be donating $25 to one of four charities of the buyer’s choice for each unit sold from now until August 31, 2013. The charities are:

1) United States Fund for UNICEF

(http://www.unicefusa.org)

2) Habitat for Humanity

(http://www.habitat.org)

3) Doctors Without Borders

(http://www.doctorswithoutborders.org)

4) Global Hunger Project

(http://www.thp.org)

Contact us today at:

sales@apconnections.net

-or-

toll-free U.S. (800-918-2763),

worldwide (303) 997-1300 x. 103


Best Of The Blog

CALEA: A Look Back and Forward

By Art Reisman – CTO – APconnections

It has been 4 years since the most recent round of CALEA laws took effect. At the time, our phones rang off the hook for several days with calls from various small ISPs worrying that they were going to be shut down if they did not invest in a large expensive CALEA compliant device.

Implementation of the law was open to interpretation.

Confusion over what CALEA was, stemmed from the fact that the CALEA laws themselves do not contain a technical specification. In essence, they are just laws. Suppose the Harvard Law school became the front end design team for all projects in Harvard’s engineering school. Lawyers write laws,  not engineering specifications. And so it was with CALEA, congress wrote a well intended law, but the implementation and enforcement part had to be interpreted. The FBI took the lead and wrote an extremely detailed specification as to what they wanted. The specification covered every scenario possible and thus the scope was costly to implement. Vendors willingly took the complex FBI specification to heart as part of the actual law, and built out high dollar CALEA certified devices. As vendors will do, their sales teams ran with it as gospel and spread fear in order to sell expensive equipment with large margins. Fortunately calmness prevailed at some point, and the FBI consultants worked with us and some of the smaller ISPs on a reasonable scaled down version of their CALEA requirements.

Ironically, even the current law has now become problematic for the FBI and they are requesting additional requirements.

The complexity of implementing the new CALEA laws are a reflection of the way we communicate with the Internet.

Prior to the Internet, the wire tap precedent for old phone systems was much simpler to implement. And, I suspect this simplicity played a role in the surprise confusion implementing an updated law. Historically a wire tap was just a matter of arriving at the central office with a search warrant and a tapping device, a wire splice, then listening in on a customer phone call. The transition of the law to implementation was fairly obvious…

Photo Of The Month

photo(12)
World Series of Poker – Las Vegas, Nevada
Each summer, thousands of poker players from all over the world descend on the desert oasis of Las Vegas, Nevada for the World Series of Poker. The WSOP consists of over 50 bracelet events and culminates in a Main Event that annually turns out to be the biggest tournament of the year. This picture was taken recently by a staff member who is staying in Vegas for
the summer and participating in some of the events.

APconnections 10 Year Anniversary Celebration – All Summer Long!


We are celebrating 10 years in business this summer, thanks to you, our loyal  customers!  Our first NetEqualizer sale was a CD version, way back on July 13th, 2003.  As part of APconnections’ 10 Year Celebration, we will be donating $25 to one of four charities of the buyer’s choice for each NetEqualizer or NetGladiator sold from now until August 31, 2013.

We selected charities that are all rated B+ or above by CharityWatcAPconnections 10 Year Celebrationh.  The charities are operate on a global basis (like us!) and focus on one of the following: International Relief & Development, Homelessness & Housing, or Hunger. While we may not have picked your favorite charity, we hope that you agree that these are all worthy causes!

When you place a purchase order between now and August 31st, 2013, you will be asked to pick the charity of your choice for each unit purchased.

The charities, along with descriptions of their mission/vision from their websites are as follows.  You can visit their websites by clicking on their logos or the displayed link:

1) United States Fund for UNICEF   http://www.unicefusa.org
UNICEFThe United Nations Children’s Fund (UNICEF) works in more than 190 countries and territories to save and improve children’s lives, providing health care and immunizations, clean water and sanitation, nutrition, education, emergency relief and more. The U.S. Fund for UNICEF supports UNICEF’s work through fundraising, advocacy and education in the United States. Together, we are working toward the day when ZERO children die from preventable causes and every child has a safe and healthy childhood.

2) Habitat for Humanity    http://www.habitat.orgHabitat for Humanity
Habitat for Humanity believes that every man, woman and child should have a decent, safe and affordable place to live. We build and repair houses all over the world using volunteer labor and donations. Our partner families purchase these houses through no-profit, no-interest mortgage loans or innovative financing methods.

Doctors without Borders3) Doctors Without Borders   http://www.doctorswithoutborders.org
Doctors Without Borders/Médecins Sans Frontières (MSF) works in nearly 70 countries providing medical aid to those most in need regardless of their race, religion, or political affiliation.

The Hunger Project4) Global Hunger Project    http://www.thp.org
The Hunger Project (THP) is a global, non-profit, strategic organization committed to the sustainable end of world hunger. In Africa, South Asia and Latin America, THP seeks to end hunger and poverty by empowering people to lead lives of self-reliance, meet their own basic needs and build better futures for their children.

Thank you for all your support over our first 10 years, we truly appreciate your business! 

We look forward to working with all of you for many more years. 

NetEqualizer News: December 2012


December 2012

Greetings!

Enjoy another issue of NetEqualizer News! This month, we preview feature additions to NetEqualizer coming in 2013, offer a special deal on web application security testing for the Holidays, and remind NetEqualizer customers to upgrade to Software Update 6.0. As always, feel free to pass this along to others who might be interested in NetEqualizer News.

A message from Art…
Art Reisman, CTO – APconnections

artdaughterThis month’s picture is from Parent’s Night for my daughter’s volleyball team. In December, as I get ready for the Holidays, I often think about what is important to me – like family, friends, my health, and how I help to run this business. While pondering these thoughts, I came up with some quotes that have meaning to me, which I am sharing here. I hope you enjoy them, or that they at least get you thinking about what is important to you!

“Technology is not what has already been done.”
“Following too closely ruins the journey.”
“Innovation is not a democratic endeavor.”
“Time is not linear, it just appears that way most of the time.”

What are your favorite quotes? We love it when we hear back from you – so if you have a quote or a story you would like to share with us of how we have helped you, let us know. Email me directly at art@apconnections.net. I would love to hear from you!

NetEqualizer: Coming in 2013

We are always looking to improve our NetEqualizer product line such that our customers are getting maximum value from their purchase. Part of this process is brainstorming changes and additional features to adapt and help meet that need.

Here are a couple of ideas for changes to NetEqualizer that will arrive in 2013. Stay tuned to NetEqualizer News and our blog for updates on these features!

1) NetEqualizer in Mesh Networks and Cloud Computing

As the use of NAT distributed across mesh networks becomes more widespread, and the bundling of services across cloud computing becomes more prevalent, our stream-based behavior shaping will need to evolve.

This is due to the fact that we base our decision of whether or not to shape on a pair of IP addresses talking to each other without considering port numbers. Sometimes, in cloud or mesh networks, services are trunked across a tunnel using the same IP address. As they cross the trunk, the streams are broken out appropriately based on port number.

So, for example, say you have a video server as part of a cloud computing environment. Without any NAT, on a wide-open network, we would be able to give that video server priority simply by knowing its IP address. However, in a meshed network, the IP connection might be the same as other streams, and we’d have no way to differentiate it. It turns out, though, that services within a tunnel may share IP addresses, but the differentiating factor will be the port number.

Thus, in 2013 we will no longer shape just on IP to IP, but will evolve to offer shaping on IP(Port) to IP(Port). The result will be quality of service improvements even in heavily NAT’d environments.

2) 10 Gbps Line Speeds without Degradation

Some of our advantages over the years have been our price point, the techniques we use on standard hardware, and the line speeds we can maintain.

Right now, our NE3000 and above products all have true multi-core processors, and we want to take advantage of that to enhance our packet analysis. While our analysis is very quick and efficient today (sustained speeds of 1 Gbps up and down), in very high-speed networks, multi-core processing will amp up our throughput even more. In order to get to 10 Gbps on our Intel-based architecture, we must do some parallel analysis on IP packets in the Linux kernel.

The good news is that we’ve already developed this technology in our NetGladiator product (check out this blog article here).

Coming in 2013, we’ll port this technology to NetEqualizer. The result will be low-cost bandwidth shapers that can handle extremely high line speeds without degradation. This is important because in a world where bandwidth keeps getting cheaper, the only reason to invest in an optimizer is if it makes good business sense.

We have prided ourselves on smart, efficient, optimization techniques for years – and we will continue to do that for our customers!


Secure Your Web Applications for the Holidays!

We want YOU to be proactive about security. If your business has external-facing web applications, don’t wait for an attack to happen – protect yourself now! It only takes a few hours of our in-house security experts’ time to determine if your site might have issues, so, for the Holidays, we are offering a $500 upfront security assessment for customers with web applications that need testing!

If it is determined that our NetGladiator product can help shore up your issues, that $500 will be applied toward your first year of NetGladiator Software & Support (GSS). We also offer further consulting based on that assessment on an as-needed basis.

To learn more about NetGladiator, check out our video here.

Or, contact us at:

ips@apconnections.net

-or-

303-997-1300 x123


Don’t Forget to Upgrade to 6.0!: With a brief tutorial on User Quotas

If you have not already upgraded your NetEqualizer to Software Update 6.0, now is the perfect time!

We have discussed the new upgrade in depth in previous newsletters and blog posts, so this month we thought we’d show you how to take advantage of one of the new features – User Quotas.

User quotas are great if you need to track bandwidth usage over time per IP address or subnet. You can also send alerts to notify you if a quota has been surpassed.

To begin, you’ll want to navigate to the Manage User Quotas menu on the left. You’ll then want to start the Quota System using the third interface from the top, Start/Stop Quota System.

Now that the Quota System is turned on, we’ll add a new quota. Click on Configure User Quotas and take a look at the first window:

quota1

Here are the settings associated with setting up a new quota rule:

Host IP: Enter in the Host IP or Subnet that you want to give a quota rule to.

Quota Amount: Enter in the number of total bytes for this quota to allow.

Duration: Enter in the number of minutes you want the quota to be tracked for before it is reset (1 day, 1 week, etc.).

Hard Limit Restriction: Enter in the number of bytes/sec to allow the user once the quota is surpassed.  

Contact: Enter in a contact email for the person to notify when the quota is passed.

After you populate the form, click Add Rule. Congratulations! You’ve just set up your first quota rule!

From here, you can view reports on your quota users and more.

Remember, the new GUI and all the new features of Software Update 6.0 are available for free to customers with valid NetEqualizer Software & Support (NSS).

If you don’t have the new GUI or are not current with NSS, contact us today!

sales@apconnections.net

-or-

toll-free U.S. (888-287-2492),

worldwide (303) 997-1300 x. 103


Best Of The Blog

Internet User’s Bill of Rights

By Art Reisman – CTO – APconnections

This is the second article in our series. Our first was a Bill of Rights dictating the etiquette of software updates. We continue with a proposed Bill of Rights for consumers with respect to their Internet service.

1) Providers must divulge the contention ratio of their service. 

At the core of all Internet service is a balancing act between the number of people that are sharing a resource and how much of that resource is available.

For example, a typical provider starts out with a big pipe of Internet access that is shared via exchange points with other large providers. They then subdivide this access out to their customers in ever smaller chunks – perhaps starting with a gigabit exchange point and then narrowing down to a 10 megabit local pipe that is shared with customers across a subdivision or area of town.

The speed you, the customer, can attain is limited to how many people might be sharing that 10 megabit local pipe at any one time. If you are promised one megabit service, it is likely that your provider would have you share your trunk with more than 10 subscribers and take advantage of the natural usage behavior, which assumes that not all users are active at one time.

The exact contention ratio will vary widely from area to area, but from experience, your provider will want to maximize the number of subscribers who can share the pipe, while minimizing service complaints due to a slow network. In some cases, I have seen as many as 1,000 subscribers sharing 10 megabits. This is a bit extreme, but even with a ratio as high as this, subscribers will average much faster speeds when compared to dial up…

Photo Of The Month

sandybike

Kansas Clouds

The wide-open ranch lands in middle America provide a nice retreat from the bustle of city life. When he can find time, one of our staff members visits his property in Kansas with his family. The Internet connection out there is shaky, but it is a welcome change from routine.

Getting the Keys to the Kingdom: SQL Injection


By Zack Sanders

Director of Security – www.netgladiator.net

SQL injection is one of the most well-known vulnerabilities in web application security. Because so many web sites today are database driven, an SQL injection vulnerability puts the entire application and its users at risk. The purpose of this article is to explain what SQL injection is, show how easily it can be exploited, and discuss what steps you can take to make sure your site is secure from this devastating attack vector.

What is SQL injection?

SQL injection is performed by including portions of SQL statements in a web form entry field in an attempt to get the web site to pass a newly formed malicious SQL command to the database. The vulnerability happens when user input is either incorrectly filtered or user input is not strongly typed and unexpectedly executed. SQL commands are thus injected from the web form into the database of an application (like queries) to change the database content or dump the database information like credit card or passwords to the attacker. Average websites can experience 100’s of SQL injection attempts per hour from automated bots scouring the Internet.

How do attackers discover it?

When searching for SQL injection, an attacker is looking for an application that behaves differently based on varying inputs to a form. For example, a vulnerable web form might accept expected content just fine, but if SQL characters are inputted, a system-level SQL error is generated saying something like, “There is an error in your MySQL syntax.” This tells the attacker that the SQL code is being interpreted, even though it is incorrect. This indicates that the application is vulnerable.

How is a site that is vulnerable exploited?

Once an application is deemed vulnerable, an attacker will try using an automated injection tool to glean information about the database. Structure data like the information schema, the version of SQL being run, and table names are all trivial to gather. Once the structure is defined and understood, custom SQL statements can be written to download data from interesting tables like, “users”, “customers”, “payments”, etc. Here is a screenshot from a recent client of mine whose site was vulnerable. These are just a few of the columns from the “users” table.

* Names, email addresses, partial passwords, usernames, and addresses are blocked out.

What happens next?

With this level of access, the sky is the limit. Here are a few things an attacker might do:

1) Take all of the hashed passwords and run them against a rainbow table for matches. This is why long passwords are so important. Even though hashing is a one-way algorithm for encryption, the hashes for short and common passwords are all known and can easily be looked up reversely. An attacker might then use the passwords, along with email addresses, to compromise other accounts owned by those users.

2) Change the super administrator flag for a user they know the password for, and log in to gain further access. A common goal is to get to a file upload interface so that a script can be uploaded to the server that would give an attacker remote control.

3) Drop the entire database purely to wreak havoc.

How do you protect your site from SQL injection?

ALL GET and POST requests involving the database need to be filtered and analyzed before being run. This includes actions like:

1) Stripping away SQL characters. In MySQL, this would be the mysql_real_escape_string() function.

2) Analyze for expected input. Should the entry only be a number 1-50? Check to make sure it is a positive number, non-zero, and no more than two characters.

3) Have strong database permissions. Different database users should be created with only needed permissions for their function. For example, don’t use the root MySQL user to connect your web application to your database.

4) Hire an expert to assess your web application. The cost of performing this type of health check is miniscule compared to the cost of being exploited.

5) Install an intrusion protection system like NetGladiator that looks for SQL characters in URL’s.

The keys to the kingdom

Hopefully you can now see the danger of SQL injection. The level of control and access coupled with the ease of discovery and exploitation make it extremely problematic. The good news is, putting basic protections in place is relatively easy.

Contact us today if you want help securing your web application!

NetEqualizer News: August 2012


August 2012

Greetings!

Enjoy another issue of NetEqualizer News! This month, we preview our new NetEqualizer GUI, introduce P2P Blocking on the NetGladiator, and ask for your help compiling NetEqualizer user experiences. As always, feel free to pass this along to others who might be interested in NetEqualizer News.

A message from Art…
Art Reisman, CTO – APconnections

With August comes the beginning of the fall harvest. Farmer’s markets are just beginning to fill up with summer squash, corn, and tomatoes in our area! Seeing nature’s bounty gets me thinking about how to enrich our products and offer our own bountiful harvest.

After nine years, we felt it was time to refresh the NetEqualizer GUI. I’m excited to announce that we are redesigning our interface to improve look & feel and make it easier to use! On the NetGladiator side, we are leveraging our DPI technology to add P2P Blocking to our security capabilities. Both projects will be ready for the fall harvest! Stay tuned to NetEqualizer News for updates on availability and release details.

We love it when we hear back from you – so if you have a story you would like to share with us of how we have helped you, let us know. Email me directly at art@apconnections.net. I would love to hear from you!

Coming this Fall: New NetEqualizer GUI
After 9 years we are finally revamping the GUI for the NetEqualizer!

The new GUI will provide the same functionality that the current GUI has, but it will be presented in a much more organized, intuitive, and modern way.

We will also be developing additional functionality that allows users to more easily and effectively administer their NetEqualizers.

One of the most exciting improvements is a new dashboard feature. The dashboard will be the default home page and will provide a heads up display of the most critical data and settings within NetEqualizer.

Beta testing for the new NetEqualizer GUI will begin sometime in September with a full release coming this fall. And, as always, the new GUI will be available at no charge to customers with valid NSS. Stay tuned to NetEqualizer News or our blog for announcements regarding the new GUI!


Share Your NetEqualizer Experiences!
We love it when we hear from our customers – especially messages of appreciation for the products we work so hard on.

As part of our Library Survey a few months ago, we received a message from Sara Holloway, of Handley Regional Library, asking if she could write an article about NetEqualizer for our blog. We thought this was a great idea, so Sara wrote this post. Thanks Sara!

Starting this fall, we want to open up our blog to our customers more often. Writing a post on our blog is beneficial to us, our readership, and you!

It is a great way to gain exposure for your business and to contribute to a widely-read blog.

If you are interested in being a guest contributor, email our Director of Marketing, Sandy McGregor, at sandy@apconnections.net!


Block P2P with NetGladiator
NetGladiator is already proving to be an effective hacking and botnet deterrent, but the usefulness of NetGladiator does not stop with web application security. Because of the customizable nature of the configuration, and the fact that NetGladiator is built on powerful DPI technology, the sky is the limit in what you can do with NetGladiator.

We wrote about some of the potential uses last month, and we are excited to announce an implementation of one of those ideas – P2P Blocking – available as an additional module to existing NetGladiators.

This implementation differs from our P2P feature on NetEqualizer. NetEqualizer focuses on managing the effects of P2P on a network through equalizing. With NetGladiator, we serve a security-driven need. P2P is one of the most common ways that malware gets through firewalls and enters internal machines. Thus, with NetGladiator, we actually block the protocols completely – greatly improving security.

We’ve already implemented the top 10 P2P protocols, but if your organization is facing a particular protocol outside of the top 10, NetGladiator can be configured to block it.

Take a look at this report from a NetGladiator equipped with P2P Blocking (click here for accompanying blog post). You’ll notice that NetGladiator can effectively determine traffic P2P signatures and display which protocol has been discovered, all without hampering other traffic or user experience.

For more information on this new feature or NetGladiator in general, visit our website or check out our blog. You can also send questions to ips@apconnections.net!


Best Of The Blog

How to Build Your Own Linux-Based Access Point in 5 Minutes

By Steve Wagor – COO – APconnections

A popular post from the archives!
The motivations to build your own access point using Linux are many, and I have listed a few compelling reasons below:

1) You can use the Linux-rich set of firewall rules to customize access to any segment of your wireless network.
2) You can use SNMP utilities to report on traffic going through your AP.
3) You can configure your AP to send e-mail alerts if there are problems with your AP.
4) You can custom coordinate communications with other access points – for example, build your own Mesh network…

Photo Of The Month

Bulls in a Kansas Farm Field

These bulls may be angry, but at APconnections we are happy and excited for the near future – you could even say we are “bullish.” Our exciting new NetEqualizer GUI and NetGladiator feature enhancements are all great reasons to celebrate the upcoming fall season, and we are very optimistic in the value these improvements will provide to our customers!

P2P Protocol Blocking Now Offered with NetGladiator Intrusion Prevention


A few months ago we introduced our NetGladiator Intrusion Prevention (IPS) Device. To date, it has thwarted tens of thousands of robotic cyber attacks and counting. Success breeds success and our users wanted more.

When our savvy customers realized the power, speed, and low price point of our underlying layer 7 engine, we started getting requests seeking additional features such as: “Can you also block Peer To Peer and other protocols that cannot be stopped by our standard Web Filters and Firewalls?”  It was natural that we extended our IPS device to address this space; hence, today we are announcing the next-generation NetGladiator. We now offer a module that will allow you to block and monitor the world’s top 10 p2p protocols (which account for 99 percent of all P2P traffic). We also back our technology with our unique promise to implement a custom protocol blocking rule with the purchase of any system at no extra charge. For example, if you have a specific protocol you need to monitor and just can’t uncover it with your WebSense or Firewall filter, we will custom deliver a NetGladiator system that can track and/or block your unique protocol, in addition to our standard p2p blocking options.

Below is a sample Excel live report integrated with the NetGladiator in monitor mode. On the screen snapshot below, you will notice that we have uncovered a batch of Utorrent and Frost Wire p2p traffic.

Please feel free to call 303-997-1300 or email our NetGladiator sales engineering team with any additional questions at ips@@apconnections.net.

Related Articles

NetGladiator A layer 7 shaper in sheep’s clothing

%d bloggers like this: