Saturday, September 29, 2007
What do ISP Customers Expect from a VPN Service?
Lack of vendor consensus on this definition nearly two years after initial deployment left me wondering: What do ISP customers expect from an outsourced VPN service today?
Today's net consumer often begins with a web search; what he or she finds helps to shape customer expectations. So, to answer my question, I conducted a modest survey of ISP web marketing material, searching for "VPN" services. Information garnered was predominantly about big, national/global providers—not surprising, since they've been the trail-blazers in VPN outsourcing. What was surprising was that a number of clear trends and differentiators emerged.
Managed vs. Turnkey
Today's VPN services fall into two distinct categories: managed VPN services and turnkey VPNs. Rhythms NetConnections and Savvis are two ISPs that offer turnkey VPNs. These providers sell or rent customer premise equipment (CPE) for use with their local access facilities and backbone network connectivity. Customers install and manage CPE like FreeGate's OneGate and CheckPoint's Firewall-1, and then configure their own VPN. GTE, Pilot, Savvis, and MCI WorldCom offer managed VPN services that include CPE and network connectivity, plus 24x7 management and service-level monitoring. For a higher monthly recurring charge, these providers not only build your VPN, they operate it for you.
Different Maps for Different Apps
Expectations are also driven by customer application—remote access VPNs for travelers and teleworkers, site-to-site VPNs for intranets and branch office connectivity, and extranets that link business partners by spanning corporate network boundaries. Many top-tier ISPs offer separate remote access and site-to-site VPNs. For example, MCI WorldCom's UUSecure VPNSM connects customer sites with anything from ISDN to T3 into full mesh or hub & spoke topologies using Xedia's QVPN. But for remote access, MCI's UUDial uses an IndusRiver server at each site and dial-up client software on roaming PCs.
Extranet VPN services appear to be less common today. One example: Pilot's Corporate Partner Networking (CPN) allows participants to dial one of seven Pilot Network Security Centers, where a proxy server controls access by group and user.
http://www.isp-planet.com/technology/vpn-customers-a.html
Choosing Customer Premise Equipment for VPN Services
Many remote-access VPN services need only a modem and client software on the remote PC. That is, they don't require any special-purpose VPN CPE. But some remote-access VPNs—and all site-to-site VPNs—require some type of CPE to be installed at the customer site to serve as the endpoint for VPN tunnels. It may be an access router, a hardware "black box," a firewall, or a proxy server.
Access routers
WAN access routers from vendors like Ascend, Cisco, and 3Com can be outfitted with software images that allow the router to act as an IPsec Security Gateway. This configuration can be attractive in a managed service because everything to be managed is contained within a single edge device.
Because it places the processing burden of encryption on the router, however, this configuration may introduce a bottleneck for all traffic—particularly if the access router is serving a high-speed link and is already operating at or near capacity. Furthermore, if the access router is compromised, no other device protects your VPN.
Hardware VPNs
Vendors like NetScreen, RADGUARD, VPNet, and Xedia market special-purpose hardware devices designed just to support VPNs. These devices are hardened to protect against attacks that might compromise a general-purpose device, and they employ custom ASICs that enable high-speed encryption.
Some products can be purchased with WAN interfaces to operate as edge devices, effectively replacing WAN access routers. Other products offer dual or triple Ethernet interfaces and are designed to sit just inside the access router or firewall.
Hardware CPE can be simpler to deploy—just drop in a new box—and bring more focus on services required by the VPN. However, it's not quite that simple: Should the box be placed in front of, or behind, the customer's firewall? The new box will also impact network addressing, packet filters, routing, and redundancy.
VPN enabled firewalls
Axent, Checkpoint, Network Associates, and other firewall vendors market VPN add-on software that turn general-purpose firewalls into either a PPTP Concentrator or an IPsec Security Gateway. This configuration centralizes security policy decision-making at the firewall and does not obscure the firewall's view of packets to be tunneled.
VPN hardware sitting inside the firewall can be incompatible with network address translation applied at the firewall; VPN hardware or routers sitting outside the firewall cannot ensure the privacy of traffic all the way to the firewall. These dilemmas can be sidestepped by placing tunnel endpoints on the firewall itself. On the other hand, as with the access-router solution, this alternative cranks up the processing demands placed on the firewall. Furthermore, adding new software to an existing firewall can be technically tricky and a political nightmare, depending upon whether the firewall is managed by the customer or the ISP.
http://www.isp-planet.com/technology/vpn-cpe-a.html
Content Delivery Networks:
What is a Content Delivery Network?
Sandpiper defines a CDN as "a dedicated network of servers, deployed throughout the Internet, that Web publishers can use to distribute their content on a subscription basis." A CDN is essentially an overlay network of customer content, distributed geographically to enable rapid, reliable retrieval from any end-user location. CDNs use infrastructure technologies like caching to push replicated content close to the network edge. Global load balancing ensures that users are transparently routed to the "best" content source. Stored content is kept current and protected against unauthorized modification. Customer-accessible traffic logs enable data mining for marketing and capacity planning.
Most importantly, customers—typically, large enterprise Website owners—determine the content served by the CDN by selectively reassigning URLs to embedded objects. Dynamic or localized content can be served up by the customer's own site, avoiding the CDN, while static and easily distributed content can be retrieved from the nearest CDN server. According to Akamai, banner ads, applets, and graphics represent 70 percent of a typical Web page—content types easily offloaded to Akamai's FreeFlow CDN. Sandpiper's Footprint can handle other content types and can even use customer-delegated domain names like http://ww1.yourcompany.com/image.gif to offload content while maintaining customer branding.
CDN customers pay a premium price for premium services. For example, Footprint customers specify a Committed Aggregate Information Rate (CAIR), measured in Mbits per second, that can be changed daily. Monthly invoices apply rates based on CAIR to charge for delivery of the customer's content to end users.
Turning competition into opportunity
At first glance, a CDN might sound like steep competition for top-tier Web hosting service providers. Scott Yara, Sandpiper's VP of Marketing, wants you to think again: "Sandpiper allows Web Site Colocation and Hosting partners to resell Footprint directly to customers. These partners are an important distribution channel for Sandpiper." Footprint partners must satisfy minimum requirements, including 24x7 NOC support and Footprint-savvy sales and marketing staff. In return, Sandpiper offers Footprint subscription revenue sharing and a reduction in overall network costs through access to the Footprint CDN. "Elite" partners realize all subscriber revenues and can privately brand the Footprint service, but must commit to sales targets and contribute to joint marketing programs.
A different opportunity exists for Internet Access Providers. Akamai refers to this as its Accelerated Network Program; Sandpiper calls it the Footprint Alliance. IAPs broaden the reach of the CDN by providing POPs in return for network infrastructure gear and access to the CDN. To understand how this opportunity works, we first need to look inside the CDN.
Under the covers
Each CDN operates a bit differently, employing carefully crafted and sometimes patented network architectures to achieve its service goals. Akamai deploys its own rack-mounted, custom OS, Intel-based servers in IAP-owned POPs, at no cost to qualifying IAPs. To qualify, domestic providers need DS3 or better upstream connectivity, secure POPs, and 10,000+ subscribers.
Edgix plans to support its HotMedia service with a rack-mountable satellite receiver and a Dell caching appliance running Novel ICS, plus a rooftop satellite dish for upstream connectivity. HotMedia is currently in beta trials; pricing and partner details are not yet available.
Sandpiper provides a COTS combo of Alteon L4 switches, Sun RAID content storage, and Inktomi caches free of charge to "Premier" Alliance members (IAPs that provide direct or indirect access to 100,000 end users and 2 x DS3 or better connectivity.) Alternatively, Sandpiper will "Footprint-enable" an IAP's existing cache(s), allowing participation by smaller IAPs and those with existing cache infrastructure.
Although approaches differ, the basic benefits are similar in each case: reduced bandwidth consumption and latency for sites accessed through the CDN. Partnering with a CDN provider may also be simpler than designing, installing, and managing a private cache network to speed content delivery.
Getting a piece of the action
If industry interest is any indicator, CDNs hold promise. Cisco recently invested in start-up Akamai; Sandpiper merged with high-speed over-net provider Digital Island. According to Sandpiper's Yara, "the Digital Island merger only enhances service provider partner opportunities—Footprint partners will now have even greater coverage and bandwidth at their disposal."
Players in the emerging CDN market will be working to differentiate themselves. While Sandpiper and Akamai rely on partner-provided landline connectivity, Edgix will build a separate satellite network to deliver content. Akamai uses no-cost hardware to lure service provider partners. And Sandpiper differentiates itself by supporting all content types. According to Yara, "We actually assemble pages on the fly; we aren't limited to static content like Akamai. We also have an open architecture that accommodates streaming media."
CDNs are relatively new and ISP partnership programs will likely evolve over time. But one point seems clear: for a CDN to excel, it must have a broad reach. Partners are key to obtaining access to both POPs and subscribers. Service providers may be wise to leverage this point to their own advantage.
http://www.isp-planet.com/technology/cdn_connection.html
Network-Based VPN Platforms
Matt's question, along with my own exposure to a couple of new network-based VPN products at The Internet Security Conference (TISC), intrigued me. I decided to contact vendors in this arena and ask to speak with trial or early production customers.
It was no surprise to find few customers ready to speak publicly about their experiences with these emerging "carrier class" products. While a number of top-tier ISPs and telcos are trialing central office VPN products, most are in the "hush hush," pre-service-deployment stage and thus reluctant to tip their hands. Clearly there is significant interest here; it's just too early for public consensus.
What makes a Network-Based VPN product different?
Most VPN hardware is geared for enterprise use or for deployment at the customer's premises. These VPN tunnels end at the enterprise network edge—at a VPN-enabled router, firewall, or security device.
The good news: confidentiality and authentication services can protect every packet that enters or leaves the enterprise network. The bad news: CPE involves up-front investment, recurring management costs, and security expertise.
Some CPE products integrate multiple functions—firewall, VPN, QoS—while others focus on performing a single function well. The dilemma: put all your eggs in one (presumably more easily managed) basket and hope it scales, or deploy several products in sequence for greater flexibility—and complexity. In very large scale, centrally-managed service provider networks with many CPE devices per customer, this CPE-based approach becomes unwieldy.
Some vendors think they may have a better answer for service-provider VPNs: move the VPN tunnel termination into the provider's own network. To build a "network-based VPN," providers will need heftier, more versatile VPN products, suitable for central office use, scalable and manageable for both large numbers of subscriber terminations per customer and large numbers of customers. These products are designed to sit someplace between the subscriber access line termination and the core network, concentrating and aggregating customer traffic headed for the provider's backbone network. This is a convenient place to enforce policies that control access, filter packets, shape traffic, and perform high-speed bulk data encryption.
Sounds Interesting, Tell Me More?
As you might expect, each vendor has its own spin on what it takes to be a network-based VPN product. Let's take a quick look at a few of the new products now under development.
The Compatible Systems IntraPort Carrier supports a variety of tunneling protocols (IPsec, L2TP, PPTP), routing protocols (RIP, OSPF, BGP4), and authentication services (RADIUS, SecurID, X.509 certificates). Initially suited for Frame Relay networks, Compatible Systems also plans to support ATM and MPLS networks.
PSINet is using the IntraPort Carrier-8 as a VPN security gateway on its backbone network to support a new Secure Remote Access service. This service, now in alpha test, available 1Q2K, will support up to 40,000 concurrent tunnels between Compatible's IntraPort Client and the IntraPort Carrier gateway. PSINet chose the IntraPort Carrier primarily because of its scalability in performance, price, and deployment. According the Prasad Tumuluri, Product Manager for Security Services at PSINet, "One advantage of this type of product is that we can start with a 10,000 client license and upgrade as the number of users increase." Tumuluri expects a carrier-class VPN gateway to be suitable for backbone deployment: bigger, more robust hardware. PSINet shied away from offering a CPE-based VPN service because doing so would involve greater expense and management by the customer. "With a core based VPN solution, we can take both of these problems out of the customer's hands," says Tumuluri.
CoSine Communications's IP Service Delivery Platform adds a "service processing layer" between subscriber access line concentrators (frame relay switches, DSLAMs) and the provider's core network. In a presentation made at TISC, Dean Hamilton, CoSine CEO, suggested that scalable, network-based VPNs require a non-stop switch delivering service to thousands of subscribers' networks, automated provisioning of services, tracking and reporting against SLAs, and customer network management tools that allow subscribers to view performance and configure their own priorities and services. CoSine employs "virtual routers" (VRs) that can be independently provisioned to reflect the needs of each subscriber. Traffic from customer VRs is aggregated through service provider VRs to provide core network access. Branch office VPN traffic can arrive "in the clear" on private access lines, while remote access PPTP or IPsec traffic can arrive encrypted, allowing both high-performance tunneling between VRs and integration of dial-up clients or remote CPE.
The Nortel Shasta 5000 Broadband Services Node sits at the subscriber edge of a provider's network, integrating DSL, cable, and dial traffic onto a backbone ATM or IP network. In October, I demonstrated the Shasta 5000's Service Creation System (SCS) during VPN @ TISC. SCS enables subscriber self-provisioning and service provider creation of policies. A profile manager is used to create rule-based policies that include VPNs, firewalls, anti-spoofing, differentiated service marking, traffic policing and traffic shaping. Multiple service policies can be combined to create a service profile—a gold package or a bronze package, for example. The Shasta 5000 can operate as an L2TP LNS or LAC and supports site-to-site IPsec tunnels. Nortel sees network-based security as an enabler for residential broadband: residential users won't tolerate CPE-based VPNs, but "always on" services like DSL and cable increase exposure to hacking.
The Redback Subscriber Management System 1000 is designed for placement at service provider's POP, concentrating traffic from leased lines, DSLAMs, cable modems, and wireless head-ends, then grooming traffic for delivery to the service provider's backbone router. The SMS 1000 can be partitioned into 20 virtual routers. "Dynamic service selection" provisions different service characteristics to subscribers sharing the same backbone connection. "Dynamic provider selection" supports both wholesale and wholesale/retail service provisioning models. Redback's target market includes both tier one and tier three ISPs, but its VPN support is limited to L2TP in LAC, LNS, or tunnel switch mode.
Spring Tide's IP Services Switch 5000 is said to lie in the "service layer" of the public Internet because it performs service processing on individual user traffic flows, based on provisioned authentication, encryption, compression, and CoS/QoS characteristics. The IP Services Switch detects new user traffic flows and performs session-level filtering to map each new flow onto an authorized VPN. Input and output protocol stacks are constructed for each virtual access and backbone network connection, and virtual routers maintain separation between customer networks. The IP Services Switch will support IPsec, L2TP, and PPTP tunnels, with service policies stored in RADIUS or LDAP directories.
The proof is in the pudding
These network-based VPNs sound promising: improved scalability, subscriber-based provisioning, rapid service creation and faster service turn-up. Next spring, we'll check back with early network-based VPN customers to see how well this promise has been fulfilled.
http://www.isp-planet.com/technology/carrier_class_vpns.html
Managed Security Service: A Primer
When aspects of enterprise security are outsourced to an ISP—which is happening more and more—we've got a managed security service. There are several types of managed security services: managed VPN services, managed firewall services, even managed secure application or webhosting services.
Minding others' business
Nearly all such managed security services share a distinguishing characteristic: Hardware and software—even on a customer's premises—are supplied and managed by the ISP. A few providers allow hardware to be comanaged by the customer. Most ISPs also include pre-sales consultation to assess security risk and vulnerability, security policy configuration, 24x7 NOC support, some form of realtime, proactive service-level monitoring, accounting, and reporting.
To get a better feel for typical features and emerging trends, we surveyed several commercially available managed security services. We limited our survey to security infrastructure services: VPNs, firewalls, intrusion detection, anti-virus protection, and active content management (filtering and blocking). To maintain focus, we did not include secure application services—email, web hosting, enterprise resource planning—that are increasingly offered by a different kind of service provider: an ASP (Application Service Provider).
Our findings—the core of this survey—are summarized in a comprehensive table, below. We precede the table with some observations pertinent to each major category of managed security service.
Managed VPN
The lure of reduced-cost remote access for corporate travelers and teleworkers has fostered growth in managed Virtual Private Networking services, although it's still early days. Today, several ISPs market services for remote access (RA) and branch office (BO) site-to-site tunneling. Few offer secure Extranet communication between business partners and customers.
VPNs can be supported with a variety of tunneling technologies: Point-to-Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), Internet Protocol Security (IPSec), and other circuit or application proxies. We found IPSec most common, with fair diversity in hardware platform, nearly always located on the customer' premises. Pilot Network Services' approach (see table entry) is a noteworthy exception here.
Our survey table also identifies features that caught our attention, such as token-based authentication, integration of public key infrastructure (PKI), and service level agreements (SLAs). For example, GTE offers proactive monitoring and money-back guarantees for the following SLA: 99.9 percent availability and 125 ms or less round-trip latency between NOC and VPN CPE, 97 percent busy-free remote access or industry average, whichever is higher. Customer network management (CNM) provides on-line access to real-time and historical usage data.
Managed Firewall
Firewalls existed long before VPN, so it's not surprising that the managed firewall market appears more mature and consistent in its deployment. The majority of the ISPs we surveyed use CheckPoint's Firewall-1 for stateful packet inspection [see sidebar]. We found few providers willing to manage application proxy firewalls on behalf of customers. Of course, some ISPs combine both packet inspection and proxy approaches; PSINet even uses two platforms to accomplish this.
In many cases, one CPE firewall provides an integrated platform for both managed VPN and firewall services. A customer may subscribe to a managed firewall service and later add VPN support. Nearly every managed firewall service we saw involves CPE; AT&T/IBM Global Services is an exception to this rule. As with VPN, our survey table also identifies features that caught our attention, such as analysis reports, detailed logging, incident response support, and network forensics consultation.
Additional security services
Starting out, we expected to find services like Anti-Virus Protection, Active Content Management, and Intrusion Detection sold as free-standing managed security services. What we found was that, often, these services are included as a feature or add-on option with a managed VPN or Firewall service.
When included in a managed security service, Anti-Virus Protection (AV) may involve in-line scanning of packets flowing through a firewall or VPN device, or it may involve deflecting packets to an AV server using the content vector protocol. Some mail server AV products scan just email, an extremely popular carrier for infected attachments. As expected, we found most AV services to include regular updates.
We use the term Active Content Management to refer to services that filter or block traffic based on destination or user. Typically a firewall add-on subscription service, these products limit employee access to undesirable sites to reduce non-business activity and bandwidth consumption. They also allow enterprises to keep tabs on URLs or files being accessed. Half of the ISPs surveyed offer this service; this is a growth market.
The most prevalent managed security service, after VPN and Firewall, is Intrusion Detection. IDS platforms may probe individual hosts, servers, or scan entire networks. The key to offering a managed Intrusion Detection service is automated scanning, incident response, and escalation procedures. Corrective action must be initiated automatically; it is not enough to warn of intrusion after the damage has been done. The most successful managed ID service providers will be those that do this well.
Final thoughts
It's no surprise that managed VPN services are taking off more slowly than analysts initially projected. We found ISP sales staffs often had to rely on engineering to provide service details. This must improve, because managed VPN consumers are large enterprises that have a greater "need to know" than $20/month Internet access customers. We found many managed VPN services described in rather sketchy terms—with some noteworthy exceptions (Transport Logic, Concentric).
Most managed security services are not yet "complete packages"—they include some combination of single service offerings of the categories we surveyed. And while a number of ISPs have SLAs for QoS, we did not find a single ISP with a Security SLA. We expect these situations to change as the managed security services market matures. Security requires expertise; customers must be assured that ISPs really know what they're doing. This requires complete solutions with money-back guarantees.
The information included in this survey was drawn from service provider web sites and responses to email inquiries. This survey is intended to be representative, not exhaustive. Please contact service providers directly for further information on any managed service that interests you.
http://www.isp-planet.com/technology/managed_security.html
Friday, September 28, 2007
Where risk meets opportunity: Part 1
A growth market
Until recently, PDA and smartphone adoption moved slowly, hampered by limited device capabilities and slow wireless links. But last year, device and network innovations finally put a kink in that curve. According to Canalys, global PDA and smartphone shipments jumped 75 percent between 3Q04 and 3Q05.
By mid-2005, Gartner estimates that PDA adoption had reached 47 million—about half the installed base of laptops.
Many mobile devices are purchased by individuals, without employer funding or blessing. But business use is quite common, especially among executives, sales, and other on-the-go workers. In a Pepperdine University survey, 38 percent of US professionals said that they had used their PDA to access their company's network. By 2007, IDC predicts that 90 percent of enterprise mailboxes will be accessed from mobile devices.
This surge in mobile device use is creating many new revenue opportunities, from mobile network services and business applications, to mobile device management and security. Gartner reports that mobile data protection sales were greater in 2004 alone than for the previous three years combined, and IDC projects that $1 billion will be spent on mobile device security in 2008. A diverse crop of security software vendors, old and new, are jockeying for position in this growth market.
ISPs are in a great position to re-sell and deploy mobile security products to individual subscribers, SMBs, and enterprise customers. Doing so can expand an ISP's portfolio, make existing internet service packages more attractive, and avoid customer erosion by 3G wireless carriers. For example:
* Any ISP that already sells secure remote access services or software for laptop users can complement that offering by adding similar measures for PDAs and smartphones, helping to retain customers as workforces shift to using mobile devices.
* ISPs can capitalize on today's unmanaged mobile device fleet to fix a growing problem not yet addressed by corporate IT. Customers who appreciate the risk but lack mobile security know-how may be happy to offload that job to a service provider with whom they have an existing relationship.
To help you determine whether mobile device security represents an opportunity for your business, this article explores today's mobile devices, their built-in security features, and after-market products that can be used to augment those capabilities.
Mobile devices and operating systems
Personal Digital Assistants (PDAs) and cellular phones are rapidly converging into what many generically refer to as "smartphones." Gartner defines a PDA as a data-centric handheld that may include a cellular radio. IDC considers any device that offers cellular voice to be a mobile phone or a converged device (aka smartphone). No matter how you slice the pie, many mobile devices shipping today offer more than one wireless interface:
* Bluetooth for peripheral (e.g., earbud or PC) connection,
* Wi-Fi for internet hotspot and corporate WLAN access, and/or
* 2G/3G wireless for voice, messaging, and mobile packet-switched data.
Older devices relied on "graffiti" pen-strokes or telephone keypads, but newer devices use thumb-wheel menu navigation and tiny QWERTY keyboards to better support e-mail and other text-based business applications. Personal Information Manager (PIM) applications (e.g., contacts, calendars, tasks) are still common, but are now frequently accompanied by internet clients (e.g., web browser, POP/SMTP e-mail, instant messaging (IM)), multimedia applications (e.g., media player, photo capture), and document viewers or editors (e.g., Acrobat, Office Mobile). Of course, the data associated with these applications also requires space: 64 to 128 MB of RAM and 2 GB removable storage are now typical.
Mobile devices are not limited to these factory-installed applications. A healthy crop of after-market consumer and business applications have emerged for mobile devices that offer APIs and SDKs for third-party development.
However, porting applications to mobile devices is no simple task—capabilities vary across devices and models, and processors and operating systems are very different. Most of today's mobile devices run one of the following operating systems:
http://www.isp-planet.com/technology/2006/mobile_security_1a.html
Managed Security Service Providers
Managed Security Service Providers (MSSPs) are filling the growing gap between need and capability. From small offices with no IT staff to over-burdened enterprises, many companies now implement their security policy by partnering with an MSSP. This approach might save your business time and money while yielding more effective security—IF you choose the right partner to defend your networked assets.
Purchasing a managed security service means establishing a trust relationship with subject matter experts. It means asking that third party to assess your security requirements and vulnerabilities, then install and configure appropriate countermeasures. It means hiring an outsider to monitor and analyze traffic that threatens your networked assets—in some cases, taking action on your behalf to block intrusions or neutralize attacks. These and other security-related tasks can be shared to varied degrees, depending on the provider and service(s) you choose.
Available managed security services range from managed firewall and virtual private network (VPN) devices to intrusion prevention (IPS) and anti-virus/anti-spyware (AV/AS) solutions, and content filtering solutions. MSSPs leverage economies of scale to deliver these services with higher quality, at lower cost.
When an MSSP issues an RFP, conducts a field trial, and selects a "best of breed" platform, those efforts support hundreds of future installations. When an MSSP outfits a security operations center (SOC) with certified specialists and sophisticated Security Event Management (SEM) tools, those costs are amortized over thousands of devices. Customers get to benefit from the latest and greatest in security, while providers reap return on investment through monthly service fees.
This concept may be simple, but choosing the right MSSP is complex. When selecting a security partner, is it vital to consider history and reputation. You should evaluate the processes used by the MSSP to provision services, respond to incidents, support in-house investigations, and report on events. You must clearly understand the division of labor between you and your provider and how you will interact, not just during activation, but for the years to follow.
To assist our readers with this endeavor, ISP-Planet has conducted MSSP surveys since 1999. What follows is our fifth MSSP survey, conducted during Q4 2006. With this survey, we hope to provide you with insight into seven of today's most popular managed security services.
To create a representative sample, we invited over sixty providers—small to large, national to global—to complete an in-depth questionnaire. Invitees included past survey participants, companies that contacted us after our last survey, and many other players in the MSSP landscape.
http://www.isp-planet.com/technology/mssp/2006/mssp1a.html
Bolting the Back Door with NAC
Why this flurry of NAC activity? What the heck is NAC anyway? And why should you care? In this four part series, we examine the business needs driving NAC, compare today's major flavors of NAC, and show NAC in action by taking one popular implementation for a test drive: Juniper Network's Unified Access Control.
Turning network security inside out
Over the years, perimeter defenses have gradually improved. Today, almost everyone understands that private business networks must be protected from perils posed by the public internet. However, many network owners still turn a blind eye to threats emanating from internal systems connected to their own wired and wireless LANs.
Historically, all systems inside the network perimeter have been viewed as trustworthy, and their users have enjoyed a great deal of freedom to reach private servers and data. Compared to measures commonly applied at the internet edge, internal LAN access controls are frequently weak or absent.
Many organizations still rely on physical security measures like entrance badge checks and wall port disablement to deter unauthorized LAN access. Every system that manages to connect to a physical or virtual LAN becomes a trusted endpoint that can send packets to every other network endpoint, without regard to system integrity or user identity. While logins are often required to actually use sensitive services or fileshares, those measures do nothing to insulate the network itself from attack or misuse.
In truth, the assumption that LAN endpoints are trustworthy was always shaky. Insider attacks by disgruntled employees have long been a significant but under-appreciated risk. For example, the 2006 CSI/FBI Computer Crime and Security Survey (1.5 MB .pdf file) found that 2 in 5 companies attributed over 20 percent of their cybercrime losses to insider attacks. But over the past few years, evolving business conditions and network technologies have rewritten the ground rules and imposed costly penalties.
* Workforces have become increasingly mobile, carrying corporate laptops (and more!) from work to home to hotspot. When those endpoints connect to external LANs, they are directly exposed to a myriad of network-borne threats. Laptop anti-virus and personal firewalls help, but easily become outdated or disabled. When a compromised endpoint returns to work and connects to the internal LAN, it becomes a source of infection or intrusion. Trojan downloaders, keyloggers, and other spyware have become especially troublesome, resisting removal while causing identity theft or financial loss.
* Most offices are now visited daily by guests, contractors, auditors, and other users who require some degree of public or private network access. If accommodations are not made, visiting endpoints are likely to find their way onto your LAN anyway—for example, by borrowing a cubicle Ethernet jack or an employee's WLAN access password. When connected in this fashion, visitors become like any other trusted endpoint, gaining access to confidential documents, financial records, personnel files, management systems, and other sensitive resources.
* Malware recovery is costly, but pales in comparison to the fear instilled by government and industry regulation compliance. For example, companies that process credit/debit card transactions must comply with the Payment Card Industry (PCI) data security standard by protecting and controlling access to cardholder data. Public US companies must now comply with the Sarbanes-Oxley Act (SOX), a law created to deter accounting errors and fraud. Hundreds of regulations exist worldwide that require organizations to not only secure affected networks, systems, and/or data, but to prove they have done so through logs and audits. Breach or audit failure due to non-compliance can result in direct costs, legal fees, hefty fines, even imprisonment.
The role of network access control
These changes have caused many organizations to reconsider internal network security policies, implementations, and practices—in many cases, following C-level mandates to reduce associated business risk. While no silver bullet, NAC can help to address these concerns by overhauling the way we control access to internal network resources.
NAC is an evolving strategy with many possible implementations. At an abstract level, NAC avoids granting unfettered LAN access to known/trusted endpoints. Instead, NAC bases network access decisions on individual user identity, the security state of that user's endpoint, and policies which define who should be allowed to use which resources, under what pre-conditions.
Identity-based controls let us differentiate between employees, contractors, and guests and treat them accordingly. Assessing each endpoint's health and policy compliance lets us spot compromised laptops before they can communicate with the rest of the network. Mapping those endpoints onto defined authorizations lets us dynamically permit or deny access on a "need to know" basis. For example, we could give guests internet-only access while admitting only healthy accounting department users to the finance LAN.
Furthermore, instead of the static pass/fail approach associated with conventional ACLs, NAC can reshape permissions on the fly. An infected endpoint might be re-directed to a remediation server for cleansing, while an endpoint missing critical patches or programs might be sent to a download server. Remedied endpoints could then be automatically re-authenticated and receive trusted resource access, while healthy endpoints that fail periodic re-assessments could be sent right back to "quarantine."
This utopian vision of NAC involves a large number of moving parts, all working together seamlessly to enforce and audit defined security policies. In reality, today's early-adopter NAC deployments are far less ambitious. Juniper estimates that 57 percent of companies want to deploy NAC incrementally, starting with a pilot that addresses a specific near-term need in a confined network segment. For example, many companies pursue NAC to enforce policy compliance for selected managed (employee) endpoints. Others deploy NAC to facilitate unmanaged (guest, contractor, phone) access. In fact, the first step towards NAC deployment is deciding what you hope to accomplish.
http://www.isp-planet.com/technology/2007/nac_1.html
Find a DSL Internet Service - Choosing a DSL ISP Provider
If you are interested in DSL internet service, you probably value high speed internet access. When it comes to high speed broadband internet access, you generally have the choice between DSL providers, satellite internet and cable internet services. Read this page to learn background information and when you're ready visit our page to compare DSL Internet companies.
There are two components to internet speed, bandwidth and latency, and these can be something to keep in mind when choosing DSL internet access. Read our article on How to Choose Cable for detailed explanations of bandwidth and latency. In summary, bandwidth is the maximum sustained rate at which data can be downloaded, and high bandwidth is important if you download large files, movies, music, TV clip, or if you stream audio or video. Latency is basically the delay in processing requests, such as the lag between clicking on a link and when the page begins to download. Latency if of supreme importance if you do a lot of internet browsing.
For DSL internet and cable internet, you can usually find the maximum bandwidth offered. Sometimes with DSL providers there are different plans, offering higher bandwidth for higher prices. Even the lowest priced plan is usually many times faster than a dialup connection, so for many people the budget plan is the best choice for DSL access.
However, it should be noted that the actual bandwidth you see with DSL internet connections can vary due to your distance from the phone company central office terminating your connection, the load at the ISP and other factors, just as cable and dialup speeds vary from the maximums.
Likewise, the other component of internet speed, latency, can vary from hour to hour and day to day on the same DSL internet service. DSL providers and other ISPs do not typically give any latency data, making it hard to compare internet service providers based on latency. Fortunately, most DSL services provide low latency on a consistent basis, so you generally do not even have to worry about it.
When you are looking for DSL internet access, you may find that your local telephone company is your only choice for DSL internet access. For example, if you are in an area where SBC is your local phone company, SBC DSL may be your only choice for DSL internet access. Likewise if Verizon is your local phone service, Verizon DSL is likely your only choice for DSL internet. However, in addition to your local telephone company, you should also check into Earthlink DSL.
http://www.getisp.info/find-dsl.html
Charter High-Speed Internet ISP Review
My main problem with their customer service is that they put you on hold for an extremely long time, sometimes even hanging up on you. When you finally get someone on the phone, they usually rush through the conversation without fully answering questions, and are not very friendly. They do not seem to care at all about their customers.
Charter High-Speed offers a choice between three different speeds: 3 Mbps, 5 Mbps, or 10 Mbps. Their highest speed is not quite as fast as the exceptional Cox High Speed Internet, but it is very fast, and definitely better than DSL or dial-up. The 10 Mbps speed is quite good when it's working, and even the 3 Mbps speed is generally better than DSL. The speed may decrease quite a bit in busy areas, however, since Internet over cable is always shared with all the other cable users on the same line.
Another problem with the Charter High-Speed Internet service, however, is that the connection goes down quite often, and they do not seem to make a very good attempt at restoring the connection quickly. After researching other reviews online, I find that this again seems to be a local issue, but seems to correlate with customer service. If the customer service in your area is poor, then your down times may be greater.
I suppose when the Charter High-Speed service is bad, it's really bad, but when the service is good, it's really good. In the High Desert, California area, it's really bad. Internet service can be down for many hours, and sometimes even days. This may be more likely in some areas such as the High Desert where high winds are common of course, but the real problem is that they do not seem to care enough to fix the problem quickly, even when the weather is pleasant outside. If you have bad weather in your area (especially with above-ground cable lines), have bad customer service in your area, and live in a busy city, your Internet connection may be of very little use.
Charter High-Speed Internet offers a couple of decent extras to go with your high speed Internet connection. Included is a security suite including anti-virus software, firewall, spam filtering, and parental controls. You also get ten email addresses with about 100 MB storage each, for a total of 1 GB of storage. These services are good, but many other companies are now offering the same services (or more) in order to compete.
http://www.associatedcontent.com/article/113069/charter_highspeed_internet_isp_review.html
Selecting Your First Satellite Internet Provider
Internet connectivity in rural areas has been dominated by dial-up for many years. Satellite Internet is becoming a common service upgrade in these areas however now that the demand for broadband has begun to rise, and of course the availability has increased. Satellite TV led the way to new Internet service for rural communities and providers are now focusing more attention to markets outside metropolitan areas.
Selecting a Satellite Internet Service can be confusing for a first-time user. Discussed below are the things to avoid in a service, as well as what to look for.
What to Avoid
Avoid a provider that doesn’t provide the required hardware if possible. Most offer third party hardware and will install it as well, and for a first-time user this can be important. Find out what hardware a potential provider uses and make sure they are authorized to sell it and install it. Installation will probably come with a fee, but service providers will sometimes work out a special deal that includes this cost.
Having tech support close to home can be a big advantage. If a provider doesn’t have a local office, then make sure they have contractors in the area that can respond quickly to a problem. Having to wait 2 weeks for a tech support agent to arrive might be a bit frustrating.
Traditionally satellite connections come in two flavors, one-way and two-way. By using proxy servers and an additional phone line it is possible to surf the Internet via a one-way connection, but it is slow and unnecessarily complicated. Almost every provider now offers two-way Satellite Internet connections, but it doesn’t hurt to make sure. One-way connectivity was a very early satellite Internet technology and has been almost completely replaced.
What to Look For
Many satellite services use more than one satellite in orbit. This is done to offer increased coverage as well as a higher level of redundancy to avoid outages. When choosing a provider ask how many satellites that have in use and how they are making sure the uptime of their users is maximized.
A provider that services its own hardware is important, but so is a service level agreement that offsets this cost to the provider. Look for a service contract that includes regular maintenance as well as equipment upgrades as technology changes. There will almost certainly be a cost associated with this, but make sure the provider is sharing this burden.
Internet connection speed is important with any service. Satellite Internet Service will not be as fast as cable or DSL in the foreseeable future, but it is a great alternative to dial-up. Latency is always an important issue when discussing satellite internet. Hardware optimization and compression will help mitigate the effects, but there is no way to completely avoid it. Ask a potential provider how they are dealing with the inherent latency issue.
http://www.americanchronicle.com/articles/viewArticle.asp?articleID=28412
Choosing an Internet Service Provider
An Internet Service Provider is the company that takes care of the technical aspects of connecting your computer(s) to the internet. Enabling your computer to access the world wide web, email, newsgroups and other Internet resources.
What are the choices?
Business vs Home packages
Packages are often divided up between those targeting home users, almost always the cheapest, and those catering for businesses, which offer more features at a higher price. Small voluntary organisations often sit between these two categories, and can be tempted to go for the cheaper option. A low-cost home package may restrict future development, such as use of a domain name. The key deciding factor should be service quality and the ability to alter the package at a later date, to meet your developing needs.
Dial-up
Until a few years ago Dial-up was the main mechanism for connecting to the internet. This is really just like a simple phone connection. Because dial-up access uses normal telephone lines, the speed and quality of connection is very basic. Having a dial up internet connection also means your phone line is tied up when you’re connected to the Internet so this can be a problem if you only have one phone line.
Increasingly dial-up is seen as a back-up or secondary connection method.
Broadband
Broadband is the term used to describe a high speed Internet connection. There are two main types of broadband connection, ADSL (Asymmetric Digital Subscriber Line) and Cable, for the purposes of this article the term broadband will be used to cover both types of connection. Over the last few years the price of Broadband has come down dramatically. It is the most prevalent type of connection to the internet, for this reason this article will focus on broadband when looking at choosing an ISP.What is an ISP?
An Internet Service Provider is the company that takes care of the technical aspects of connecting your computer(s) to the internet. Enabling your computer to access the world wide web, email, newsgroups and other Internet resources.
What are the choices?
Business vs Home packages
Packages are often divided up between those targeting home users, almost always the cheapest, and those catering for businesses, which offer more features at a higher price. Small voluntary organisations often sit between these two categories, and can be tempted to go for the cheaper option. A low-cost home package may restrict future development, such as use of a domain name. The key deciding factor should be service quality and the ability to alter the package at a later date, to meet your developing needs.
Dial-up
Until a few years ago Dial-up was the main mechanism for connecting to the internet. This is really just like a simple phone connection. Because dial-up access uses normal telephone lines, the speed and quality of connection is very basic. Having a dial up internet connection also means your phone line is tied up when you’re connected to the Internet so this can be a problem if you only have one phone line.
Increasingly dial-up is seen as a back-up or secondary connection method.
Broadband
Broadband is the term used to describe a high speed Internet connection. There are two main types of broadband connection, ADSL (Asymmetric Digital Subscriber Line) and Cable, for the purposes of this article the term broadband will be used to cover both types of connection. Over the last few years the price of Broadband has come down dramatically. It is the most prevalent type of connection to the internet, for this reason this article will focus on broadband when looking at choosing an ISP.
Other options
Both Dial-up and most broadband connections rely on having access to a BT line. If this is not possible there are other options such as 3G phones and satellite broadband. The I Can’t Get Broadband - Help! article on the Knowledgebase goes through the alternative ways of getting connected.
Considerations
There are so many ISPs out there offering a bewildering array of packages the best approach is to focus on some key considerations to enable comparison between different providers.
Terms and conditions
Always check! Areas to look out for include – length of contract (do you have to stay for a given amount of time), switching providers (what will you have to pay to terminate contract) and connection or any other hidden charges.
Support
Hopefully you will not need to call on support from your ISP. If you do clarify what support is offered – 24 hours a day? 7 days a week? Is this done through a premium rate phone number? When thinking about support also consider the skills and knowledge you have within your organisation.
Length of contract
Many ISPs ask you to sign up for a specific time – usually a year or eighteen months. They may offer a discounted price to customers who do this. If you are not given the choice, make sure that you can get out of the contract if the ISP does not deliver the service they agreed to.
Free services
Nothing in life is truly free. All ISPs have to make money on service somehow. “Free” services may do this through advertising when you connect or more likely an expensive technical support line.
Connection Speed
Although broadband is considered a fast Internet connection there are still differences in speed. This can vary from 512Kb to 8Mb connections. Exactly how important speed is depends on intended use of the connection. Generally speaking, 512Kbps should be more than adequate for 90% of Internet tasks (website browsing/updating, e-mails). However this will be affected by factors like the number of computers sharing the Internet connection within your organisation, the type and amount of content you need to download, and contention (see below).
If you’re likely to need to download larger quantities of data (e.g. large documents, audio and video content, or to use your connection to make cheaper Phone calls over the Internet?) then 2Mbps or greater should be the aim. 2Mbps is essentially four times the speed of a 512Kbps connection and is generally adequate for most online content and downloads.
Uptime/Service levels/contention issues
As with purchasing any service you want to know about what level you are going to get.
Uptime
This is the percentage of time the Internet service provider's (ISP's) service is running properly. Establish what uptime figure the ISP claims for its services. Will it guarantee this uptime and discount your account if it fails?
Contention
Each ISP will have a contention ratio; this means the number of connections sharing an exchange. A ration of 50:1 means that the exchange could be shared between 50 different users, the level of this ratio may affect how much of full broadband speed is achieved.
Service levels
When considering a service level agreement, it is particularly important to bear in mind two things. First, that allowance should be made for any planned downtime for maintenance of the server which should be excluded from the calculation of the time during which the server is unavailable. Second, it is not possible for anyone to guarantee a 100% connection success rate
Download caps or Fair Usage Policy
Although broadband is an always available service some providers limit the amount of information you can download in a given time period (this is usually monthly). If you use your connection for browsing the Internet and sending/receiving emails then a service capped at 5Gb will usually be adequate. If you are downloading a large number of files this could be an issue but there are packages allowing up to 30Gb per month. Some ISPs will allow you to go over this download limit but will charge for doing so, for example a charge will be levied per Gb over, as well as and administration charge.
Some providers who do not issue a specific download limit often use the term “Fair Usage Policy”. It is essential that you check the small print to determine what this level is. The problem is that most Fair Usage Policies fail to identify a specific level of consumption, so you can be left with no real practical basis with which to asses their expected usage against the ISP’s limitations.
Both Dial-up and most broadband connections rely on having access to a BT line. If this is not possible there are other options such as 3G phones and satellite broadband. The I Can’t Get Broadband - Help! article on the Knowledgebase goes through the alternative ways of getting connected.
Considerations
There are so many ISPs out there offering a bewildering array of packages the best approach is to focus on some key considerations to enable comparison between different providers.
Terms and conditions
http://www.icthubknowledgebase.org.uk/choosingisp
Always check! Areas to look out for include – length of contract (do you have to stay for a given amount of time), switching providers (what will you have to pay to terminate contract) and connection or any other hidden charges.
Support
Hopefully you will not need to call on support from your ISP. If you do clarify what support is offered – 24 hours a day? 7 days a week? Is this done through a premium rate phone number? When thinking about support also consider the skills and knowledge you have within your organisation.
Length of contract
Many ISPs ask you to sign up for a specific time – usually a year or eighteen months. They may offer a discounted price to customers who do this. If you are not given the choice, make sure that you can get out of the contract if the ISP does not deliver the service they agreed to.
Free services
Nothing in life is truly free. All ISPs have to make money on service somehow. “Free” services may do this through advertising when you connect or more likely an expensive technical support line.
Connection Speed
Although broadband is considered a fast Internet connection there are still differences in speed. This can vary from 512Kb to 8Mb connections. Exactly how important speed is depends on intended use of the connection. Generally speaking, 512Kbps should be more than adequate for 90% of Internet tasks (website browsing/updating, e-mails). However this will be affected by factors like the number of computers sharing the Internet connection within your organisation, the type and amount of content you need to download, and contention (see below).
If you’re likely to need to download larger quantities of data (e.g. large documents, audio and video content, or to use your connection to make cheaper Phone calls over the Internet?) then 2Mbps or greater should be the aim. 2Mbps is essentially four times the speed of a 512Kbps connection and is generally adequate for most online content and downloads.
Uptime/Service levels/contention issues
As with purchasing any service you want to know about what level you are going to get.
Uptime
This is the percentage of time the Internet service provider's (ISP's) service is running properly. Establish what uptime figure the ISP claims for its services. Will it guarantee this uptime and discount your account if it fails?
Contention
Each ISP will have a contention ratio; this means the number of connections sharing an exchange. A ration of 50:1 means that the exchange could be shared between 50 different users, the level of this ratio may affect how much of full broadband speed is achieved.
Service levels
When considering a service level agreement, it is particularly important to bear in mind two things. First, that allowance should be made for any planned downtime for maintenance of the server which should be excluded from the calculation of the time during which the server is unavailable. Second, it is not possible for anyone to guarantee a 100% connection success rate
Download caps or Fair Usage Policy
Although broadband is an always available service some providers limit the amount of information you can download in a given time period (this is usually monthly). If you use your connection for browsing the Internet and sending/receiving emails then a service capped at 5Gb will usually be adequate. If you are downloading a large number of files this could be an issue but there are packages allowing up to 30Gb per month. Some ISPs will allow you to go over this download limit but will charge for doing so, for example a charge will be levied per Gb over, as well as and administration charge.
Some providers who do not issue a specific download limit often use the term “Fair Usage Policy”. It is essential that you check the small print to determine what this level is. The problem is that most Fair Usage Policies fail to identify a specific level of consumption, so you can be left with no real practical basis with which to asses their expected usage against the ISP’s limitations.
Thursday, September 27, 2007
Benefits of Using Satellite Internet
Satellite internet is a great solution for people that are on the go. Truckers, people who travel for business, or people who spend a lot of time on the road can all benefit from using satellite internet. However, when people go shopping for a truck satellite antenna they may pick up the wrong items. There are two different types of truck antennas. One is for satellite radio, while the other is designed for linking up with the Internet. Make sure you know the difference before you go shopping.
The term wireless satellite internet is not entirely interchangeable with satellite internet. However, both connect you to the Internet in the same manner, via a satellite uplink. However, wireless satellite takes advantage of Bluetooth technology to connect multiple devises to the Internet without wires, cables or other tethering devises. Wireless internet is a great option for RVers, businesses that have staff in the field and for people who want to connect more than one computer to their internet service.
In order to take advantage of the benefits offered by satellite internet you need to purchase and install all of the dish components. Every internet service provider is going to require different dish components, however, you can generally expect to purchase a dish antenna, a transceiver, various cables, a dish harness and platform, a modem and special software. If you plan on using a one way satellite internet program with terrestrial return then you will also need a phone cable and an active phone line.
Satellite internet is the latest way to access the World Wide Web. It comes in three variations, a multi-cast one way version, a one way satellite internet connection with a terrestrial return and V-Sat. The type of satellite internet that you select needs to be based on what you use your internet access for and if you have access to a phone line. Familiarize yourself with satellite internet. Learn about satellite internet access, service, providers and two way satellite systems calls V-SAT.
Article Source: http://EzineArticles.com/?expert=Sarah_Freeland
Satellite Internet Services for Business
You can utilize satellite internet service for professional use in several ways. First you can use it to link your field staff to office resources via satellite internet for laptops. This will allow anyone in your business to connect to the internet from any locations. This could help them to research problems or to connect to data and files on their office computer. Digital satellite internet can also be used in the office in the form of wireless internet. This will give your in-office staff the ability to move between offices without losing their internet connection, or you can utilize the wireless connection to offer internet service to all of your employees without having to run cables or network computers in your office.
When you are looking for internet service for your office you will want to look for specific features. First you will want to look for a service that is priced competitively for the type of services that it offers. Secondly you will want to look for satellite internet providers that offer the bandwidth that you need for your business activities. Finally you will want to look for a service that offers you the type of modem connection that you want. For example you can choose from one-way, one-way with terrestrial return, or a two way modem system.
In the market for satellite internet services? Nationwide Satellite Solutions is your provider of HughesNet satellite internet as well a great resource that will answer any questions you have. Find out if it available in your area. For more on satellite technology visit the technology and internet directory.
http://EzineArticles.com/?expert=Sarah_Freeland
A Review of DSL Internet Service
The standard package for most DSL service includes things like a choice of online services, such as Yahoo and MSN. They offer technical service that is live all the time, they usually have a standard 30 day guarantee for services, so that if you are not happy with them as your ISP, you can ask for a full refund if it is within thirty days. Many also offer you the option of having multiple email addresses, so that everyone in the family can have their own. They also give you 10 MB of web space for you to use. All this can be yours for a fairly reasonable price if you choose to sign up for a one-year contract. If you prefer to have a monthly service, it will cost you more per month.
Make sure that you compare the various facets of DSL Internet service. These areas are all important and complile a composite image of how good the Internet service is. Overall cost is one area. This is measured by how competitive the prices really are, and that your bill is accurate. How quickly they respond to and fix any billing problems or changes are also part of that category.
Another area that is measured includes image. You want to go with a company that appears to have a good reputation among ISPs, and represents their services and prices honestly. Their performance and reliability is also considered to be very good. As for customer service, which rates how quickly problems are solved, how friendly and helpful their customer service reps are and the satisfaction of customers, they are considered to be as good as other ISP providers. They are also comparable in their email services, which measures how quickly you can send and receive email.
Overall, you want to choose a DSL Internet service that appears to be working to provide a good service to their customers and seems to care about making sure that service is one of the best available.
The key is to find the plan that best suits your needs for a price that you can afford. If you think that you have the right DSL service for you, check out their website and find out if they offer DSL service in your area. However, it always makes sense to comparison shop before making a final decision.
Bob Hett has extensively covered the Internet Service Provider industry as an analyst and has researched the various companies for factors based on price, reliability, support and overall quality. Learn more at DSL Internet Service.
http://EzineArticles.com/?expert=Bob_Hett
Six Things You Don't Know About Broadband
You may answer yes. I know you may have tried different broadband from several broadband ISPs. You may have installed broadband by yourself several times. You know broadband speed - 2Mb, 8Mb or 24 Mb. You may understand the monthly usage and control your usage. But if you are not a technician in that area, you may not know everything behind these numbers. There is something broadband ISPs will not tell you, or try to write it in a shady corner on their web page.
Let me tell you all these things:
Price:
As more and more ISPs have packages, the price became more and more incomparable. Some packages like Talktalk have call bundles (including anytime package or off-peak package), some are combined with mobile phone contract, and some deals are only available to TV Program subscribers.
A main problem is most deal descriptions don't show whether the price contains the line rental. They may wish customer forget the existence of line rental. But usually, if the deal doesn't tell you that, it means the line rental is not included in the price. If the line rental is included, no ISP will forget to tell you.
Speed:
When we talk to speed, I should tell you broadband ISPs are playing two tricks in words.
The first is the unit. They usually use Mb to describe the speed. Do you think if the speed can reach the theoretic max speed, you can download a song in MP3 format (about 4MB) in half a second? You are tricked. In computer, the size of the file is displayed in MB, which means MegaByte. While in broadband specification, speed is showed in Mb, which means Megabit. 1 MegaByte = 8 Megabit. So 8Mb per second means 1 MB per second.
Another instance I have to emphasise is: Do ask your broadband ISP the maximum speed your phone line can support. Because not all the phone line in UK support 8Mb broadband. Phone lines in some areas can only reach 2Mbps. If your telephone line can't support fast speed, it's a waste of money to buy fast broadband. And I know some ISP don't check it for customers and just open fast broadband for customers no matter real speed the phone line can reach.
Connection Rate:
Now, we know the actually speed broadband ISPs provide to us. However, there is another bad news - you may have to share the bandwidth with other 49 people. So in Internet rush hour, the real speed may be slow down to 160 Kb a second. That is 20 KB per second.
Wonder why? Because there is a connection rate for broadband! Few broadband ISPs tell customers its connection rate on an explicit place on the web site. But it does affect the speed a lot.
So what is connection rate? Connection rate shows the number of users who share the bandwidth on a single broadband connection between your local exchange and your broadband ISP. Normally, the connection ratios are 50:1 and 20:1.
In UK, the connection rate for home broadband is 50:1, which means you would likely to share your bandwidth with 49 other users, of course, never more than that number. The connection ratio for business broadband is 20:1. It will be much faster in Internet rush hour.
Usage:
Are you annoyed because many providers set a monthly usage cap for broadband, so that you have to check all the time how much you used? Are you looking for broadband with unlimited usage? But you have to consider this instance, if one broadband provider offers unlimited broadband, and customers of this broadband will try and use it all the time. Most providers offer unlimited broadband will have a fair use policy, which actually is led by the connection rate. As there is a connection rate exists, usually 50 people share one line between the exchange and the broadband ISP, so many people will cause the broadband network grind to a halt. This not only makes your broadband speed slows down, but also makes the volume you download decrease largely.
Let me do some calculation, if there are always 40 people (as we have seen, one line may be shared by 50 people) using an 8Mb speed broadband, then the real speed for each person is 200Kb/s. That is 25 KB per second. So you can download as much as 90 MB in one hour, in theory. If you download 12 hour a day, 30 days a month, you can download as much as 32 GB. This number is less than some deals with 40 GB monthly cap. So, don't only looks at the unlimited broadband, even if you download a lot, some deals with large monthly cap provide almost the same volume you can download.
However, a good news is, the monthly download limit or we say monthly usage cap is measured by GB, not Gb. There are no tricks this time.
Contract Length:
Even last year, there is few broadband provider offer broadband with no contract. But now there are several broadband ISP offering no contract broadband, for example, PlusNet, NamesCo, Eclipse.
Those broadband which are so called "no contract broadband" do have contract length. Usually they are one-month rolling contracts. If you don't wish to go on with that broadband provider, call that provider and ask for disconnection. The contract will end at the end of the contract period.
And some providers offer free connection or free modem even if you commit such one-month contract. But if you disconnect within a certain period (usually 12 months), you have to pay for the connection fee and modem fee. So, if you wish to get those broadband, read their terms and conditions carefully.
Availability:
When you check broadband availability of a certain provider, the checker may tell you that that broadband is available in your area. But later, when you plan to install broadband from that provider, you may told that you have to pay more than the price shown on the web site to get that broadband.
What's happened? The reason is some broadband ISP use two types of network. They have their own broadband exchanges in some areas. In some place elsewhere, they provide broadband service by BT network. The cost is different, leading the different price in different areas. As far as I know, Sky Broadband and TalkTalk Broadband have such differential price policy. And Orange also use two networks, but their price are the same.
http://EzineArticles.com/?expert=Jerry_Niu
Will EVDO Knock Satellite Internet Out of the Park?
When EVDO Revision A (and soon thereafter Rev B) comes out in Q3 2007, there will be a full blown skirmish between Cell operators and the Satellite Internet industry for available consumer and business internet accounts. The territories they are trying to claim are the areas where concentration of homes and business is great enough to build out advanced cell service, but not great enough for terrestrial providers like cable and dsl. These suburban and rural areas have historically been the territory for Satellite operators and some adventuresome WiFi businesses.
Current Status:
With the current levels of cell service available (EVDO rev.0), cell operators are taking a fair amount of business away from satellite operators in fringe suburban areas....why?.... younger users who want to stream video, trade music and video, play internet games and not have any limitations on usage. So far, the cell operators are filling the bill for about $50 or so for the "Aircard" and charging about $59 per mo. for high speed internet....well, sort of.
The speeds on most EVDO plans are about 400-800 kbps download and around 200 kbps upload. Much higher speeds are promised when Revisions A and B come in to play later this year and beyond. Latency is around 200-350 ms - 50% lower or more than a satellite connection. This latency allows gaming without too many bumps along the way. For those who have been experiencing oppressive limitations from the satellite operators, it seems like heaven....but for how long?
Some of the providers already have a limit of usage each month and it's pretty restrictive (as low as 4GB per month - lower than the satellite operators are assessing). There is no decent data to report on what happens when the network begins to "load up" with users. I was in Denver's airport during a recent snow storm and the EVDO service was non-existent until you were several miles from the airport.....so it's not perfect, by any means. I personally believe that the cell operators are going to learn the same lessons that satellite internet operators have learned........bandwidth is expensive! You can lure people in with attractive prices and speeds, but when you can't maintain those speeds as the network loads up, you just become another one of those lying, cheating, false advertising no good internet providers that we have too many of already! Just kidding........it's not easy to balance a high speed internet network in this day and time.
Future:
When cell operators build out and offer Rev B. EVDO high speed internet service (about 2 years out), the landscape for service will be incredibly competitive. City, suburban and rural individuals and companies will have a lot of choices and the providers with foresight and innovation will be the one's to survive. It should be good for the consumer!
http://EzineArticles.com/?expert=Randy_Scott
Choosing a Home Phone and Broadband Package UK Provider
So rather than getting your phone service and your internet service from two different providers you can now find many home phone and broadband package UK providers battling it out for your business. Better yet, because the industry is so competitive you can find some really good deals.
It wasn't so many years ago that an unfeasibly slow dial-up Internet connection would cost you the best part of £20 a month. Back then I can remember the boffins saying you would never get a standard telephone line to receive faster than 56k. How wrong they were. ADSL Broadband technology came along and you can now receive the Internet at breakneck speeds for a similar price.
With the proliferation of broadband comes the ability to stream voice and video. Something which has the media companies shaking in their boots. This is another factor driving the convergence which I talked about. In a reaction to the threat from free communication over the Internet many UK companies are now offering great deals on your landline home phone and broadband package.
Believe it or not there is even a provider offering a free 8 Meg broadband connection conditional on the fact that you will also take your home phone service from them. This is standard practice. The deal has been very popular in the marketplace and this company have experienced a massive take up of their free broadband service.
The great thing about the Internet is that it takes no prisoners when it comes to business. We the consumers benefit because our various media providers have to work harder to earn our loyalty. If you've been wanting to switch your phone provider but couldn't face all the hassle then now could be good time to bite the bullet. For less than the cost of a Friday night out you can now enjoy lightning fast Internet and unlimited phone calls to any landline in the UK. Doesn't get much better.
Rory Mac writes for the Internet and also enjoys designing web sites. He can be hired for a variety of different Internet jobs such as article writing. He enjoys his free 8 Meg connection along with thousands of others. You can find out more information about his home phone and broadband package UK provider here.
http://EzineArticles.com/?expert=Rory_Mac
Reviews of the Top 3 VoIP Service Providers
These services are also called a voip service provider. One such company is Skype which began as a free service, but recently has revamped its fee program and is now charging for most basic services. Skype is a peer to peer internet telephony system and allows such additional services as video calling and voice mail to its customers. With its Skypeln service, virtual phone numbers can be created. Virtual phone numbers are numbers that are created in local directories and can receive calls at local rates from other users in that same zone. A user living in California can create a virtual number in Paris, France, and receive local calls from other people living in Paris. The protocol used for Skype transmissions has raised some concerns about security.
VoiceGlo is an example of a more conventional VoIP service provider. It allows call forwarding which is one of the nice features available on all phone systems. The sound quality of the calls is excellent, but VoiceGlo does not yet offer the full range of features that can enhance VolP. You are not able to use your existing phone number when you transfer to this service. There is no virtual numbers, call return, or conference calling available. A major drawback is that it does not have 911 support. The services like VoiceGlo are really intended as a low price addition to your regular landline telephone service, rather than a replacement for it.
Perhaps the best and certainly one of the most well known services is Vonage. Vonage is moderately priced and offers a full range of services. It is easy to install and allows you to retain your existing numbers. It does have 911 service, although it differs slightly from normal and must be activated during installation. Virtual numbers can be used on Vonage. With its full range of services, Vonage is designed to replace your landline telephone service. A VoIP phone service has the advantage of being able to go with you when you travel as it is available anywhere you can hook up to the internet. Power loss is the one drawback to VoIP telephony, but back up batteries can overcome this. VoIP is one of those remarkable new technological breakthroughs that is revolutionizing communication in our society today.
Natalie Aranda writes about technology. The Voice over Internet Provider services have provided an alternative to the older analog landline telephone services. There are several companies that are now serving as a VoIP provider. Perhaps the best and certainly one of the most well known services is Vonage. Vonage is moderately priced and offers a full range of services. VoIP telephony as it is sometimes called is a protocol that converts an analog signal to a data signal and transmits it over the internet and then converts it back to an analog signal to be received as a voice transmission.
http://EzineArticles.com/?expert=Natalie_Aranda
Wednesday, September 26, 2007
Internet Telephony Service Providers
The choice of a service provider in this case also depends on the quality of voice and reliability one is looking for. There are certain service providers who may be charging less, but the voice quality they provide is extremely poor. There are others who may charge a higher price, but the voice quality is almost as good as a traditional telephone. Before you sign a long-term contract with a service provider, it would be better to go for a short-term contract and test the quality of services. Many service providers offer ""free trial periods"" or trial periods with a money-back guarantee. Many others offer flexible plans which allow a customer to cancel the contract if the services are not satisfactory. Now not only the new start-ups but also even some of the traditional telephone companies have started offering these services.
The result is that consumers are enjoying a wide variety of packages at very low prices. Many of the companies are even offering these services free of cost. However, one must ensure that he has the required software and hardware devices to take advantage of such offers. Information about Internet telephony service providers is available in abundance online. One can even start utilizing their services by downloading the required software available on their web sites.
Internet Telephony provides detailed information on Internet Telephony, VOIP Internet Telephony, Free Internet Telephony, Internet Telephony Service Providers and more. Internet Telephony is affiliated with IP Telephony Solutions.
Article Source: http://EzineArticles.com/?expert=Eddie_Tobey
Internet Content Provider Needed To Create Hunger
This skill is very important and is not only badly needed but can also make all the difference between success and failure in any marketing campaign carried out with the help of an Internet content provider.
How do you give out so much information and end up creating a hunger for more? It is actually simpler to achieve than you may think. It is all about giving useful unique information that opens up countless new possibilities in the mind of the reader. The sort of needed information that an Internet content provider can offer in their article that ends up creating a lot of excitement in the reader. Actually excitement never fails to create hunger for more information.
For instance if you meet a new person and the initial information you get about them creates excitement in you, you will be hungry for much more information about them. If you see a new product that gets you excited, you will be hungry for all sorts of information about it.
Excitement is badly needed in many web sites and any Internet content provider that a webmaster can find, who can successfully create it will always end up with a bigger impact and more sales.
Are you considering hiring a ghost writer? If so don’t do anything until you’ve read a few more articles at the author’s hire a ghost writer blog.
Article Source: http://EzineArticles.com/?expert=Christopher_Kyalo
Your Internet Phone Service Provider - Offering Real Security?
If you're an individual, your first question may be about security, i.e., keeping other people from eavesdropping on your conversations. Ask your Internet phone service provider if they offer any kind of voice security using encryption or separate data routes. For example, it's possible to break your conversation into multiple pieces and send it out over multiple pathways. The person you are calling will not notice any difference; but anyone try to eavesdrop will only get part of the conversation at any given time. Problem solved.
Eavesdropping isn't the only security issue to be concerned with. Remember, you're using an Internet infrastructure to send and receive calls. So you are more vulnerable to the sorts of attacks that your PC can be a target for. Fact is, viruses and spyware can disrupt your phone service just as easily as they can disrupt your local area network. So if you're using your broadband Internet connection for Internet phone service, data files coming across the line should be checked for viruses. And you should make sure you use a firewall as well.
If you're in business and you're using your Internet phone service to discuss private business information, you need to be on guard. Ask your Internet phone service provider what they can offer you in the way of security against some of the following risks.
One common way that Internet communications are disrupted is through what is called the Denial of Service (DoS) attack. A hacker or intruder can crash your phone system by bombarding it with a nearly infinite number of information requests in a very short time. Make sure your Internet phone service provider can protect you adequately against this possibility.
Eavesdropping is another very real risk with Internet phone service users. An intruder could record phone calls that you make. They could restructure your voice, data and create conversations that never occurred. But the damage from eavesdropping can include nonvoice communications, too. Hackers have an infinite number of ways to get information that you're sending over the Internet such as sensitive business files.
Viruses and spyware can be sent with voice data. And although this hasn't happened on a widespread basis yet, it is possible that your system can be compromised or brought down. VoIP can also be subject to message-spam in much the same way that fax machines are targets for spam-faxes.
And while we're talking about hackers, be aware that they can access information like phone numbers and user identities from your network. Imagine what could happen: a hacker could make phone calls using your identity.
There are solutions to these problems. Earlier, I mentioned in encryption. This uses a technology very similar to what is used when credit card information is sent over a secure data connection. Another method of protecting voice conversations is to send the data separate from other Internet traffic using what is called a virtual Local Area Network (VLAN). The voice quality is not the greatest, but the security is much better.
Conclusion
I hope this gives you enough information to begin to make an informed decision about Internet phone service in your home or your business.
Ara Rubyan is not a part of the VoIP industry, nor does he sell VoIP services, nor does he pretend to be a guru of any kind. Instead, he is like you: a consumer, a business owner, and someone who has been researching the industry so that he could make an informed decision about the best VoIP service for his needs. Now, he's put all his research (so far) in one convenient location and he's sharing it with you, no strings attached.
Article Source: http://EzineArticles.com/?expert=Ara_Rubyan