Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: Security benefits of spliting services between two ISP providers
From: "Rossen S. Naydenov" <rnaydenov () postbank bg>
Date: Wed, 18 May 2005 10:00:13 +0300

I see what you mean guys.

But still I think there are some other things to consider.
Having two online ISP connections doubles the possibility of having bad
happening to you (attacks, floods, etc.), right?

On the other hand when speaking about bandwidth utilization things are
different. Let's see the two options:
First option - One ISP online and one offline
        - Say we have 3Mbps online and that's it - both services will
share that bandwidth.
Second option - Two ISP online
        - Say 2Mbps for business purposes on first ISP and 1Mbps for
other purposes on the second ISP.

But when speaking for total bandwidth I see that in the second option
total bandwidth is 2Mbps, while in first total is 3Mbps. What about
that?

In case of failure of one ISP (second option) we will have 2/3 or even
1/3 of the bandwidth we need... Having two ISP online with 3Mbps
available bandwidth is not good, because we will not be able to utilize
it.

Rossen

-----Original Message-----
From: Reece Mills [mailto:reece.mills () charter net] 
Sent: Tuesday, May 17, 2005 8:38 PM
To: Dave Hawkins; laszlof () tvog net; Rossen S. Naydenov
Cc: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] Security benefits of spliting services
between two ISP providers

Dave,
You and Frank have both made excellent points. Utilization of bandwidth 
and risk reduction through splitting services across providers.  I guess

I had taken a particularly narrow view in my initial response.

Splitting of services across different ISP's is not a bad idea.  My note

vaguely addressed that.  If a cost to benefit evaluation supports an 
entity utilizing two separate ISP's.  My question would be, Is this 
extra expenditure  necessary for the organization?  An SLA with one ISP 
might be enough to accomplish a logical space split for a fraction of 
the costs of buying two SLA's from two providers.  Now, if you are in an

area that is prone to natural and man made disasters (fires, flooding, 
earthquakes and bombings) and since you are a global entity, then by all

means split services as described.  However, if that is the case then 
full redundancy would be my goal.

My apologies for the terse initial response.  Sleep is a good thing and 
I will try to get more of it.

Reece



Dave Hawkins wrote:

In the case of DDoS, if your web services are targeted, your email
systems would still have plenty of bandwidth (splitting services in
that
way). Segmenting services like this would pose no real threat from a
security standpoint, and in my opinion, only allows you to more fully
utilize both lines that you're already paying for. In the case of
actual ISP failures, it is quite easy to use something like the Radware
LinkProof or WSD to handle complete fail-over to other network
providers. It can be (and is) easily done with a lot of our clients who
require high-availability for disasters, but also to prevent someone
from saturating a particular ISP link. Combine this with a
multi-segment IPS and you can minimize your risks greatly.
Don't misinterpret this as a plug for our products, but Radware has
been
in the high-availability and security space for a while now, and we get
these kinds of questions all the time.

Cheers,
-Dave Hawkins
Security Engineer
Radware
http://www.radware.com


-----Original Message-----
From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Frank
Laszlo
Sent: Tuesday, May 17, 2005 8:04 AM
To: Reece Mills
Cc: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] Security benefits of spliting services
between two ISP providers

Not exactly. If one ISP fails, the other could be used as a backup
system for the services that are on the "failed" isp. This could be
done
with a transparent proxy or something of the sort.

Regards,
 Frank


Reece Mills wrote:


Only part of what you need will be affected if one of your ISPs
fail....  Hope it is not the web based business services provider...
Hope it
is not the email provider....   
Ok... What will be the security benefit of splitting services between
two ISP providers as you described?

Nothing.

Reece


Rossen S. Naydenov wrote:

|Hi group,
|
|What will be the security benefit of splitting services between two
|ISP providers?
|By splitting services I mean have one ISP serve only web based
|business services and other ISP serve the email and traffic generated


|by internal web browsing (or something similar).
|Right now everything goes through one ISP and second ISP connection
|is kept as a backup.
|
|Thanks.
|
|
|
|Disclaimer:
|
|This communication is confidential. If you are not the intended
recipient, you are hereby notified that any disclosure, copying,
distribution or taking any action in reliance on the contents of this
information is strictly prohibited and may be unlawful. If you have
received this communication by mistake, please notify us immediately
by responding to this email and then delete it from your system.
|Bulgarian Post Bank is not responsible for, nor endorses, any
opinion, recommendation, conclusion, solicitation, offer or agreement
or any information contained in this communication.
|Bulgarian Post Bank cannot accept any responsibility for the accuracy
or completeness of this message as it has been transmitted over a
public network. If you suspect that the message may have been
intercepted or amended, please call the sender.
|_______________________________________________
|Full-Disclosure - We believe in it.
|Charter: http://lists.grok.org.uk/full-disclosure-charter.html
|Hosted and sponsored by Secunia - http://secunia.com/
|


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/






Disclaimer:

This communication is confidential. If you are not the intended recipient, you are hereby notified that any disclosure, 
copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and 
may be unlawful. If you have received this communication by mistake, please notify us immediately by responding to this 
email and then delete it from your system.
Bulgarian Post Bank is not responsible for, nor endorses, any opinion, recommendation, conclusion, solicitation, offer 
or agreement or any information contained in this communication.
Bulgarian Post Bank cannot accept any responsibility for the accuracy or completeness of this message as it has been 
transmitted over a public network. If you suspect that the message may have been intercepted or amended, please call 
the sender.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]