Security Basics mailing list archives
RE: Managing Network bandwidth
From: Dan Lynch <DLynch () placer ca gov>
Date: Wed, 11 Jan 2012 11:59:17 -0800
Peter Odigie said:
In my organization, we have had to upgrade our internet bandwidth two times last year 2011.
As a gas will expand to fill the available space, so will your internet traffic expand to consume the available bandwidth. Start with a cheap / free / open-source monitoring solution to double-check your ISP's reports (1). If there are no complaints of slowness, latency, dropped connections, etc, do nothing. But if there are, the cause is oftentimes misuse. Large file downloads, streaming internet radio, video snacking, etc, all conspire to overwhelm whatever bandwidth you allocate, reducing what's available for legitimate business use (2). These are largely social problems, with primarily social solutions. First set policy that restricts users from misbehaving. If they refuse to behave / they are management, then enforce that policy with technology if needed. Oracle dba needs a 7GB patch file? Please schedule it for off-peak hours. Or use a download manager to throttle the bandwidth, and/or schedule it for later (3). Block what torrent and peer-to-peer file sharing protocols you can at the firewall if you find them to be a problem. You'll need some amount of application-layer awareness, or "deep packet inspection" (tm). Some firewalls will do this natively, others need help (4). Users can't keep themselves away from youtube / hulu / xm radio / pandora / netflix? Transparently proxy their traffic and block the domain(s). Last I checked, Squid was the de facto open source solution (5). It's been a while, but I understand Squid can be a challenge to seamlessly integrate with back-end auth systems. (I've used it, but I'm far from an expert on Squid.) I don't know if there are Squid extensions that will perform QOS-style bandwidth management tasks. I've had excellent results from Blue Coat products in our relatively homogeneous Windows / AD environment. You might also try Microsoft Forefront TMG (nee, ISA Server). Lots of other solutions - both commercial and open source - exist in this space. What fits for you will depend heavily on your environment, your budget, and how much time you're willing to commit to shaping the solution to your needs. Good luck! - Dan (1) Cheap monitoring: http://oss.oetiker.ch/mrtg/ http://cacti.net/ http://humdi.net/vnstat/ http://www.paessler.com/prtg (2) See "The War Between Mice and Elephants": http://web.cs.wpi.edu/~rek/DCS/D04/MiceElephants04.pdf (3) Automating downloads: http://www.freedownloadmanager.org/ http://sourceforge.net/projects/dfast/ http://download.oracle.com/docs/cd/B19306_01/rac.102/b28759/softpatch.htm http://www.gnu.org/software/wget/ (4) Blocking bittorrent: http://www.lowth.com/rope/BlockingBittorrent (5) Proxy internet traffic: http://www.squid-cache.org/ Dan Lynch, CISSP Information Technology Analyst County of Placer Auburn, CA ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Managing Network bandwidth Peter Odigie (Jan 11)
- Re: Managing Network bandwidth haZard0us (Jan 11)
- Re: Managing Network bandwidth Todd Hughes (Jan 11)
- Re: Managing Network bandwidth Kurt Buff (Jan 11)
- Re: Managing Network bandwidth Andre Silaghi (Jan 11)
- Re: Managing Network bandwidth Mel Chandler (Jan 11)
- RE: Managing Network bandwidth Dan Lynch (Jan 11)
- Re: Managing Network bandwidth Rodney McKee (Jan 11)
- Message not available
- RE: Managing Network bandwidth Khaled Al-Ghamdi (Jan 11)
- Re: Managing Network bandwidth Todd Haverkos (Jan 12)
- RE: Managing Network bandwidth Andrew Moore (Jan 12)
- RE: Managing Network bandwidth Gouife Atseng,Landry,DOUALA,IS/IT (Jan 16)
- RE: Managing Network bandwidth Bretten, Andrew P (Jan 16)
- RE: Managing Network bandwidth Khaled Al-Ghamdi (Jan 11)
- RE: Managing Network bandwidth kesava (Jan 17)
- <Possible follow-ups>
- Re: Managing Network bandwidth dan . tesch (Jan 11)
- Re: Managing Network bandwidth flanny16 (Jan 11)