RE: [Full-disclosure] Security benefits of spliting services between two ISP providers

From: Madison, Marc (mmadison_at_fnni.com)
Date: 05/18/05

  • Next message: Martin Schulze: "[Full-disclosure] [SECURITY] [DSA 724-1] New phpsysinfo packages fix cross site scripting"
    Date: Wed, 18 May 2005 08:34:01 -0500
    To: "Rossen S. Naydenov" <rnaydenov@postbank.bg>, full-disclosure@lists.grok.org.uk
    
    

    You would never have one ISP connection at 2M and the other at 1M, these
    data lines would be redundant so that means both lines need to meet your
    bandwidth requirements. So if your business bandwidth requirements are
    3M then you would need to purchase two 3M lines in order for your
    company to continue to do business in case of a disaster. The earlier
    an email described utilizing both of your data lines all the time, this
    is a good practice since you effectively get 6M throughput the majority
    of the time until a disaster than your back to your business minimum of
    3M. I hope this helps.

    Marc

    -----Original Message-----
    From: full-disclosure-bounces@lists.grok.org.uk
    [mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf Of Rossen
    S. Naydenov
    Sent: Wednesday, May 18, 2005 2:00 AM
    To: full-disclosure@lists.grok.org.uk
    Subject: RE: [Full-disclosure] Security benefits of spliting services
    between two ISP providers

    I see what you mean guys.

    But still I think there are some other things to consider.
    Having two online ISP connections doubles the possibility of having bad
    happening to you (attacks, floods, etc.), right?

    On the other hand when speaking about bandwidth utilization things are
    different. Let's see the two options:
    First option - One ISP online and one offline
            - Say we have 3Mbps online and that's it - both services will
    share that bandwidth.
    Second option - Two ISP online
            - Say 2Mbps for business purposes on first ISP and 1Mbps for
    other purposes on the second ISP.

    But when speaking for total bandwidth I see that in the second option
    total bandwidth is 2Mbps, while in first total is 3Mbps. What about
    that?

    In case of failure of one ISP (second option) we will have 2/3 or even
    1/3 of the bandwidth we need... Having two ISP online with 3Mbps
    available bandwidth is not good, because we will not be able to utilize
    it.

    Rossen

    -----Original Message-----
    From: Reece Mills [mailto:reece.mills@charter.net]
    Sent: Tuesday, May 17, 2005 8:38 PM
    To: Dave Hawkins; laszlof@tvog.net; Rossen S. Naydenov
    Cc: full-disclosure@lists.grok.org.uk
    Subject: Re: [Full-disclosure] Security benefits of spliting services
    between two ISP providers

    Dave,
    You and Frank have both made excellent points. Utilization of bandwidth
    and risk reduction through splitting services across providers. I guess

    I had taken a particularly narrow view in my initial response.

    Splitting of services across different ISP's is not a bad idea. My note

    vaguely addressed that. If a cost to benefit evaluation supports an
    entity utilizing two separate ISP's. My question would be, Is this
    extra expenditure necessary for the organization? An SLA with one ISP
    might be enough to accomplish a logical space split for a fraction of
    the costs of buying two SLA's from two providers. Now, if you are in an

    area that is prone to natural and man made disasters (fires, flooding,
    earthquakes and bombings) and since you are a global entity, then by all

    means split services as described. However, if that is the case then
    full redundancy would be my goal.

    My apologies for the terse initial response. Sleep is a good thing and
    I will try to get more of it.

    Reece

    Dave Hawkins wrote:

    >In the case of DDoS, if your web services are targeted, your email
    >systems would still have plenty of bandwidth (splitting services in
    that
    >way). Segmenting services like this would pose no real threat from a
    >security standpoint, and in my opinion, only allows you to more fully
    >utilize both lines that you're already paying for. In the case of
    >actual ISP failures, it is quite easy to use something like the Radware

    >LinkProof or WSD to handle complete fail-over to other network
    >providers. It can be (and is) easily done with a lot of our clients who

    >require high-availability for disasters, but also to prevent someone
    >from saturating a particular ISP link. Combine this with a
    >multi-segment IPS and you can minimize your risks greatly.
    >Don't misinterpret this as a plug for our products, but Radware has
    been
    >in the high-availability and security space for a while now, and we get

    >these kinds of questions all the time.
    >
    >Cheers,
    >-Dave Hawkins
    >Security Engineer
    >Radware
    >http://www.radware.com
    >
    >
    >-----Original Message-----
    >From: full-disclosure-bounces@lists.grok.org.uk
    >[mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf Of Frank
    >Laszlo
    >Sent: Tuesday, May 17, 2005 8:04 AM
    >To: Reece Mills
    >Cc: full-disclosure@lists.grok.org.uk
    >Subject: Re: [Full-disclosure] Security benefits of spliting services
    >between two ISP providers
    >
    >Not exactly. If one ISP fails, the other could be used as a backup
    >system for the services that are on the "failed" isp. This could be
    done
    >with a transparent proxy or something of the sort.
    >
    >Regards,
    > Frank
    >
    >
    >Reece Mills wrote:
    >

    > Only part of what you need will be affected if one of your ISPs
    > fail.... Hope it is not the web based business services provider...
    > Hope it
    > is not the email provider....
    > Ok... What will be the security benefit of splitting services between
    > two ISP providers as you described?
    >
    > Nothing.
    >
    > Reece
    >
    >
    > Rossen S. Naydenov wrote:
    >
    > |Hi group,
    > |
    > |What will be the security benefit of splitting services between two
    > |ISP providers?
    > |By splitting services I mean have one ISP serve only web based
    > |business services and other ISP serve the email and traffic generated
    >
    >
    > |by internal web browsing (or something similar).
    > |Right now everything goes through one ISP and second ISP connection
    > |is kept as a backup.
    > |
    > |Thanks.
    > |
    > |
    > |
    > |Disclaimer:
    > |
    > |This communication is confidential. If you are not the intended
    > recipient, you are hereby notified that any disclosure, copying,
    > distribution or taking any action in reliance on the contents of this
    > information is strictly prohibited and may be unlawful. If you have
    > received this communication by mistake, please notify us immediately
    > by responding to this email and then delete it from your system.
    > |Bulgarian Post Bank is not responsible for, nor endorses, any
    > opinion, recommendation, conclusion, solicitation, offer or agreement
    > or any information contained in this communication.
    > |Bulgarian Post Bank cannot accept any responsibility for the accuracy
    > or completeness of this message as it has been transmitted over a
    > public network. If you suspect that the message may have been
    > intercepted or amended, please call the sender.
    > |_______________________________________________
    > |Full-Disclosure - We believe in it.
    > |Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    > |Hosted and sponsored by Secunia - http://secunia.com/
    > |

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/

    >_______________________________________________
    >Full-Disclosure - We believe in it.
    >Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    >Hosted and sponsored by Secunia - http://secunia.com/

    Disclaimer:

    This communication is confidential. If you are not the intended
    recipient, you are hereby notified that any disclosure, copying,
    distribution or taking any action in reliance on the contents of this
    information is strictly prohibited and may be unlawful. If you have
    received this communication by mistake, please notify us immediately by
    responding to this email and then delete it from your system.
    Bulgarian Post Bank is not responsible for, nor endorses, any opinion,
    recommendation, conclusion, solicitation, offer or agreement or any
    information contained in this communication.
    Bulgarian Post Bank cannot accept any responsibility for the accuracy or
    completeness of this message as it has been transmitted over a public
    network. If you suspect that the message may have been intercepted or
    amended, please call the sender.
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/


  • Next message: Martin Schulze: "[Full-disclosure] [SECURITY] [DSA 724-1] New phpsysinfo packages fix cross site scripting"

    Relevant Pages

    • Re: Waiting for Verizon.. [telecom]
      ... thoughts as to whether you can rely on them as an ISP? ... obvious as a complete service outage, but instead packet loss, bandwidth ... mention of static IPs. ... for "fios reseller" turns up several hits, including a CA ISP that is ...
      (comp.dcom.telecom)
    • Re: [Full-disclosure] Security benefits of spliting services between two ISP providers
      ... You never really want to utilize 100% of your bandwidth, ... >Having two online ISP connections doubles the possibility of having bad ... >and risk reduction through splitting services across providers. ...
      (Full-Disclosure)
    • Re: [SOLVED] Updated web page, but seeing older one?
      ... how does the ISP using a cache server save bandwidt? ... >> if the requests are coming from their clients to web pages outside, ... The outside bandwidth is still used. ... >traffic from the ISP through their core network to others' networks are ...
      (RedHat)
    • Re: How to get around Packeteer firewall? ISP BLOCKS EVERYTHING
      ... > blocking kazaa, but even I think blocking kazaa is too much. ... Do you blame the ISP for not wanting to be sued ... or else demand a refund. ... > than making lots of money from people by not buying much bandwidth ...
      (comp.security.firewalls)
    • Re: Some information
      ... We even sign contracts that say "no illegal behavior ... Go re-read your ISP contract. ... *allow* the ISP to cut off the customers who do such abuse. ... other customers, ties up the bandwidth you and I pay for, costs them a lot ...
      (comp.os.linux.security)