Are your systems safe against the Heartbleed bug?

By Jeff Brown, director of training, U.S. global support, Endace division of Emulex

On April 7, the “Heartbleed” bug was announced.  It’s a serious flaw in the OpenSSL 1.0 – 1.0.1 code series which affects all applications using it for encryption.  In short, it means that anyone who can connect to the server can remotely read the server’s memory – including the SSL certificate secret key, usernames and passwords, and anything else.

With the Heartbleed bug exploit code in the wild,  anyone can take advantage of the critical time between public exposure of the exploit and when all organizations can patch (or take offline) vulnerable systems.  So, for almost every organization in the world, there are three questions that come to mind. The first question is “which of my public facing servers is vulnerable?”  The second question is “have I been exploited since this became public?”  And the third question is “what have I lost?”

The EndaceProbe™ Intelligent Network Recorder (INR) helps answer all three questions.

Which of my public facing servers is vulnerable?

The first step is to use your database (you DO have a database matching services, servers, and operating systems, right?) to locate those systems known to be vulnerable and that are public facing.  Take them offline and patch them.  Those are the knowns.  Now, what about the unknowns?

You cannot use the presence of malformed heartbeat requests to confirm or deny vulnerability – that just tells you somebody is attacking, which is perhaps a common event these last few days!  It is the heartbeat response that identifies whether a server is vulnerable.  So what you need is to send each of your servers an exploit request and then filter on just heartbeat responses from vulnerable servers.  As it turns out, that is surprisingly easy if you have an EndaceProbe INR monitoring your network.

First, download the exploit code off the Internet, set it up on a workstation running outside your firewall on a known IP address X.  Have it run the exploit against every IP address in your domain.  That’s what the bad guys are going to do … beat them to it! If you can’t set up your own attack system, there are websites already online that will attack for you.  You just need to send them your IP addresses to attack.

Next, on the EndaceProbe INR which is monitoring traffic just inside your firewall (you do have an EndaceProbe INR capturing your firewall traffic, don’t you?), set up a visualization that is filtering bi-directionally on IP address X – your attack workstation’s address.  That will isolate the exploit attempts and responses.  This filtering will result in a small amount of data over the length of time it takes for your exploit workstation to work through your IP address space.

From this visualization, click on the “packets” view and enter the following display filter:

(ssl.record.content_type == 24) && (ssl.record.length > 64)

The (ssl.record.content_type == 24) identifies all heartbeat requests and responses.  Heartbeat requests (both valid requests and exploit requests) are typically less than 64 bytes long.   Valid heartbeat responses should also be less than 64 bytes.  So the (ssl.record.length > 64) should only catch responses returning lots of data back to your attacking workstation.  That means every packet that matches the above display filter is probably from a server that is vulnerable.  Locate the server by its IP address, pull it offline and patch it.

Have I been exploited?

Until April 7, this bug had been undiscovered (publicly), but it has existed in versions of the OpenSSL code for more than two years.  It is therefore very difficult for an organization to fully determine its overall risk of having been exploited if someone discovered the bug earlier and has been using it nefariously.  But what we do know is that the bad guys are most certainly monitoring vulnerability releases, especially ones that are accompanied by simple-to-use exploit code!  Therefore, it stands to reason that an organization’s risk of exploit is highest between public disclosure of the exploit and time-of-patch.

So having an EndaceProbe INR with even a few days’ worth of storage allows the organization to perform an exhaustive post-mortem for those critical hours or days of maximum risk.  Fortunately that EndaceProbe INR you have sitting behind your firewall will have captured 100 percent of the traffic from the last few days.  Time to put it to use!

From step one above, you now (hopefully) have a short list of IP addresses for servers that are vulnerable.  To make the search efficient, first look for the exploit attempt, and then for the response.  This two-step process works best because:

  • The amount of traffic into the server is typically much less than out. It is faster to search the traffic coming in.
  • The exploit arrives on port 443, so is easy to filter on that port.  The response can go out on any port number.

It it is therefore much faster to find the exploit than to find the response, so only look for the response, if you know the exploit has occurred.

Going through your vulnerable IP addresses one at a time, use a visualization that filters on the server’s destination IP address and destination port 443.  (If you use other ports for SSL you’ll want to check that traffic too.)  Now launch Endace Packets™  and enter:

((ssl.heartbeat_message.type == 1) && (ssl.heartbeat_message.payload_length > 61))

This filter might result in some false positives depending on whether or not there are legitimate clients out there that use heartbeat payloads > 61 bytes, but 61 seems to be the common number used.  This filter will identify heartbeat request packets where the ssl.heartbeat_message.payload_length is larger than normal – a strong indication of an exploit attempt.

If you see any results from this filter, then it is time to look at the heartbeat response.  So, back to your visualization!  Filter on the attacker’s IP address as the destination.  You could just stop there and look at everything sent to the attacker on any port, but depending on how much traffic that is, you might want to step through one vulnerable server at a time.  If slow and steady is your style, then you will also filter on the source IP address of the vulnerable server detected above, with destination port taken from the heartbeat request packet.

Now, launch Endace Packets and enter the same exploit response filter you used before:

(ssl.record.content_type == 24) && (ssl.record.length > 64)

This will identify if the server responded to the exploit.  You’ve already confirmed that server is vulnerable, so it probably sent a large amount of RAM data back to the attacker.  Bad news, but at least you know for sure you’ve been exploited.  Now…

What have I lost?

The heartbeat response will consist of several IP packets forming a single TCP PDU.  Overall size of the PDU will depend on how large the (false) payload size was in the exploit heartbeat request.  The response PDU is easy to identify in Endace Packets, but it is encrypted so you won’t be able to see what is inside.  Time for Wireshark!

Use the EndaceProbe INR download capability to download the exploit session to your workstation.  You’ll need to get the private SSL key from the exploited server, load it in Wireshark, decrypt the response message, and determine whether anything important is there.  It’s time-consuming work, but well worth knowing what, if anything, has been lost!

What about workstations?

The SSL heartbeat is symmetrical, so, in theory, an OpenSSL client can be attacked by a malicious server just as easily as a server can be attacked by a client.  This should be your next concern.  Windows and Mac appear to be safe, but what about your Linux workstations?  Workstations are harder to test because they won’t respond to a direct attack. They have to go to a malicious website before you will see any exploit heartbeat requests coming to them.

Good luck with your mitigation efforts, and please let us know if there’s anything we can do to help with this process.

 

World Tour, Featuring Next Generation EndaceDAG Data Capture Cards

I’ve always dreamed of fortune and fame just like in the Nickelback song “Rockstar.” Just think about it, on a world tour with the band, a large audience of people who know everything about your music and lyrics. Ah, what a life. Well, back to reality.

But I do have the next best thing, a world tour (sort of) with the Emulex EndaceDAGTM Card High Frequency Trading (HFT) roadshow. The real “rockstar” of this show is the next generation EndaceDAG Data Capture Cards. We will begin our roadshow in North America with our first stop in Chicago tomorrow,  April 8, and then New York City on April10. We will then hop across the pond to the EMEA and APAC regions after that.

The Emulex Endace Network Visibility Product (NVP) portfolio is used worldwide for high-performance, nanosecond accurate network data capture and visualization. The keystone of these products are the EndaceDAG Data Capture Cards, which have been used for more than a decade to provide consistent, reliable, high  performance packet capture in a variety of mission-critical applications. Emulex will soon be making its next generation EndaceDAG Cards, which provide the best possible foundation for 10Gb and 40Gb Ethernet (10GbE/40GbE) network visibility solutions, generally availible.

Next Generation EndaceDAG Data Capture Cards are at the core of EndaceProbe TM Intelligent Network Recorders (INRs) and have extended features and capabilities that provide reliable, accurate timestamping for high-bandwidth enterprise network monitoring, including:

  • Doubled performance with PCI Express (PCIe) 3.0 support
  • Greater ROI with Precision Time Protocol (PTP)
  • Industry-leading port density advantage
  • Investment protection with the EndaceDAG Card open architecture
  • Highest performance and reliability

Our focus is on improving your ability to resolve critical network issues quickly.  We will also have a special guest joining us, Arista Networks. So, if you just happen to be in Chicago or New York City, please join us at our happy hour event to for an update on Arista and Endace solutions, including the next generation EndaceDAG Data Capture Cards.

Find out all the details on these next generation EndaceDAG Cards here.

To get on our special VIP list for Chicago you can reserve your spot by clicking here.

To get on our special VIP list for New York City you can reserve your spot by clicking here.

 

Place Your Bets, Then Visit Emulex at Interop Las Vegas

I just love this time of year. Not only is it finally warming up outside after this unseasonably cold winter, but we are in full swing with March Madness and the Final Four is shaping up for a thrilling conclusion. Yeah, and my NCAA tournament bracket picks didn’t make me a billionaire either, but there is still a chance to win big as I just happen to be heading to Las Vegas. Yes, that’s right, it’s that time again for Interop, where there is an opportunity to learn about the latest IT technology innovations.

We are exhibiting at Interop in booth #1158, scheduled from Tuesday, April 1 through Thursday, April 3 at the Mandalay Bay Convention Center in Las Vegas.

We will be giving presentations in our booth theatre every hour on the half hour on a variety of topics, including our OneConnect® network connectivity products and Endace® network visibility products. Learn about how Emulex products are used in overlay networks, software-defined networking (SDN), as well as improving response times for security incidents. And, just for listening to our presentations, all of our attendees will receive a promotional giveaway and a chance to win an iPad Air. Don’t miss out!

Here is a rundown of the sessions we’ll be presenting:

Tuesday, April 1, 2014

2:30 p.m.: Emulex OneConnect Open Compute Project (OCP) 10 & 40GbE Adapters, Barbara Porter, Sr. Product Marketing Manager, Emulex

3:30 p.m. : What? Who? When? How Network Visualization Can Help You Answer the Difficult Questions that Arise from Security Breaches, Sonny Singh, Channel Marketing & Alliances Manager, Emulex

4:30 p.m. : Overlay Networks, Brandon Hoff, Director of Product Marketing, Emulex

5:30 p.m. : Emulex OneConnect Open Compute Project (OCP) 10 & 40GbE Adapters, Barbara Porter, Sr. Product Marketing Manager, Emulex

6:30 p.m. : What? Who? When? How Network Visualization Can Help You Answer the Difficult Questions that Arise from Security Breaches, Sonny Singh, Channel Marketing & Alliances Manager, Emulex

Wednesday, April 2, 2014

11:00 a.m : Overlay Networks, Brandon Hoff, Director of Product Marketing, Emulex

12:00 p.m. : Software Defined SANs, Scott Ruple, Marketing, Jeda Networks

1:00 p.m. : What? Who? When? How Network Visualization Can Help You Answer the Difficult Questions that Arise from Security Breaches, Sonny Singh, Sr. Channel Marketing & Alliances Manager, Emulex

2:00 p.m.: Emulex OneConnect Open Compute Project (OCP) 10 & 40GbE Adapters, Barbara Porter, Sr. Product Marketing Manager, Emulex

3:00 p.m. : Software Defined SANs, Scott Ruple, Marketing, Jeda Networks

4:00 p.m. : Next Generation EndaceDAG™ Data Capture Card, Rick Trujillo, Product Marketing Manager, Emulex

Thursday, April 3, 2014

11:00 a.m.: 12:00pm: Software Defined SANs, Scott Ruple, Marketing, Jeda Networks

12:00 p.m.: Next Generation EndaceDAG Data Capture Card, Rick Trujillo, Product Marketing Manager, Emulex

1:00 p.m.: Emulex OneConnect Open Compute Project (OCP) 10 & 40GbE Adapters, Barbara Porter, Sr. Product Marketing Manager, Emulex

1:00 p.m.: What? Who? When? How Network Visualization Can Help You Answer the Difficult Questions that Arise from Security Breaches, Sonny Singh, Channel Marketing & Alliances Manager, Emulex

In addition, for the second year running, Emulex has been selected to provide its EndaceProbe™ Intelligent Network Recorders (INRs) to record all of the activity on the Interop network, otherwise known as InteropNet (read our related blog here for all of the details). We are proud to provide a critical service to such a modern and cutting-edge network!

Don’t gamble on your network visibility infrastructure (or your network connectivity, for that matter!). Come by and learn how we can help you gain full visibility into your network and help you resolve your most critical network and security issues while reducing your network downtime and outages.

 

Endace Network Visibility Solutions Part of InteropNet at Interop 2014!

As Interop once again draws near, the InteropNet infrastructure stands ready and waiting to provide critical connectivity to the thousands of visitors and hundreds of exhibitors who attend the show.  Each year, InteropNet is provided by a dedicated band of volunteer vendors, whose preparation starts early in February at the UBM hot stage. There, the network is designed, constructed and tested, so that it is ready to be shipped to Las Vegas in time to provide the network for Interop. Each year, the team reviews the latest technology to determine what is needed to provide a state of the art network that can showcase emergent trends in the networking space.

As many network managers deploying 10Gb Ethernet (10GbE) are finding, traditional network monitoring technologies are no longer sufficient to provide the accuracy and visibility demanded by modern enterprises, which depend on the network to conduct day-to-day business. In fact, it’s arguable if traditional methods were ever sufficient; however, it is safe to say that today, the stakes are much higher than in the past, just ask the executives at Target.

What some people may find astonishing with regard to the Target breach, is that a recent report uncovered that their security systems actually detected the initial stages of the compromise and were sending alerts to the security team for weeks! Some ask, ‘how is it possible that they didn’t notice?’  It’s sad to say, but in fact this is a common occurrence. Network and security teams are deluged with alerts and alarms and one of the key constraints they continually face is time to investigate those notifications. With so many alerts, it’s impossible to investigate them all, and those that are passed on for triage are given only a small time window in which the analyst can determine the nature of the alert.

For this reason, accurate packet capture and rapid access to that data are paramount to improving the efficiency and effectiveness of network and security operations teams. With Emulex EndaceProbe™ Intelligent Network Recorders (INRs) and EndaceFlow™ NetFlow Generator Appliances (NGAs) deployed strategically across the network, investigations are short and accurate, analysts can quickly determine the true nature of the event. In the case of a security event, invaluable pre-breach reconnaissance and surveillance activities are captured in the network history record.

For the second year running, Emulex has been selected to provide its EndaceProbe INRs to record all of the activity on the Interop network. We are proud to provide a critical service to such a modern and cutting-edge network and look forward to a successful show. Come visit us in booth #1158!

 

Make Sure March Madness Doesn’t Live Up to its Name

Last month, we talked about how to keep the Winter Olympics from clogging up your networks as employees raced to stream live events during the workday.  Well, in the U.S., today and tomorrow are two of the biggest sports streaming days of the year.  Although we’ve already seen some play-in games this week, when Ohio State and Dayton tip-off this afternoon in the NCAA Men’s Basketball Tournament, the annual “madness” repeats itself all over again. This is because this next slate of games will run almost continually over the coming 36 hours, mostly during regular business hours.  And let’s be honest, most of us want to sneak a peek at the scores and witness some of the thrilling upsets that happen every year.

As more people try to tune in remotely (most of us can’t be in front of a television for two days straight),

March Madness Live will be the place employees flock to online. The digital service is provided by the NCAA along with broadcasters CBS and Turner. March Madness live-streams games to laptops or desktop computers and can be accessed with a range of mobile devices. In fact, like most things, there’s an app for that. March Madness Live can even be downloaded for iOS, Android, Windows phones and Kindle Fires.

While you don’t want to be the authoritarian IT pro who cuts off access, the amount of streaming that will be happening on your network is worth considering. Just as we said about the Sochi Olympics, employees don’t always realize the impact they can have on network performance and how it could impact the entire company. Personal mobile devices can really shut down your corporate wireless network quickly too.

So, the same rules apply here. Again, the only way to analyze this traffic and be able to reroute it or add more capacity is to have full visibility into the network.  There are a couple of “best practices” that make performance of this task more likely to result in a successful outcome.  These include:

  • Baseline your networks BEFORE you need to start “allocating” bandwidth.  If you know what your normal network needs are, you are in a better position to set Quality of Service (QoS) policies to guarantee bandwidth for your mission-critical applications.  Most importantly, don’t be satisfied with simply knowing the “average” bandwidth required – look across a several-day baseline to see usage by hour, and pay close attention to if/when you have microburst activity (applications causing his will most likely be the ones impacted first if your network becomes saturated).
  • Since it is likely that most “non-business web browsing” will happen on Bring your Own Devices (BYODs), which are nearly universally wireless, think about isolating your wireless network from your mission- critical network, and consider putting limits on the outside bandwidth served to that network.
  • Monitor your network closely, and look for signs of issues proactively.  High-resolution network visibility tools are critical to ensuring you will see problems before they impact your enterprise.
  • Assume you will run into issues, and plan what your options are when they occur.  If your playbook has already thought-out and documented options to deal with issues, it is far more likely that you can mitigate issues quickly.

Learn more about our network visibility solutions here, and let’s keep the madness on the court and out of your data centers!

 

Securing the Evidence of Network Threat Propagation

“Spot the bad guys, stop the bad guys,” are rational and valid goals when it comes to securing your network. In fact, many organisations commit the majority of their security resources and investment to defense and detection, often by deploying automated technologies and solutions. But by their very nature, such solutions focus on protecting against known vulnerabilities and threats, have little context of your own network and can’t be a complete security solution.

Attack vectors continue to diversify and accelerate and so many of the security threats now faced are unknown. Such unknown unknowns are therefore impossible to accurately anticipate. Combine that with threats that increasingly embedded themselves within your network and operate autonomously from external command and control functions, and it makes sense that early identification and understanding of anomalous and nefarious network traffic is fundamental to understanding, retarding and then eliminating the propagation pathways of attacks and the staging of malicious code.

Your network is the digital backbone and an essential resource of your organisation, but it’s also the conduit exploited by threats to propagate and infect. Identifying and understanding what, why and how such threats can propagate is key. When you combine your skills, experience, instinct and understanding with hard evidence and insight, then you give yourself the very best chance to make rapid, successful security interventions and actions that close down threat propagation.

Examining your network traffic before, during and after events of interest can provide you a source of actionable insight. Approaches to capture, indexing, search and recall of captured traffic can vary in cost and complexity, ranging from simple open source software tools to high performance, high fidelity Intelligent Network Recording solutions capable of operating at sustained link bandwidths up to 100Gb per second (100Gbps).

I recently shared some thoughts around how to use network recording and analysis for this  issue in our recent webinar “Stop Nefarious Network Hitchhikers: Controlling Threat Propagation” – in which we provided practical tips and techniques using freely available software tools that will enable you to identify, mitigate and close down the transmission pathways and expansion of threats. The webinar is available on demand for you if you’d like to find out more.

 

Go on the Offensive with the Endace Fusion Connector for Sourcefire Defense Center

There is an adage in the sporting world that states “the best defense is a good offense.” Some give credit to Jack Dempsey for that quote, but I had a basketball coach that would reverse that saying, “the best offense is a good defense.” I guess because most everyone on the team would focus on dribbling, passing and shooting and not so much on preventing the other team from scoring, much like the NBA. I guess to some degree that is true, if your opponent can’t score, you shouldn’t lose.  Most outcomes are decided on how well your defense is prepared for whatever the opposition can throw at you.

The same can be applied when it comes to security for enterprise networks. Whether you see deploying security detection, intrusion and forensic tools as taking an offensive or defensive position, the idea is the same, protect yourself against the so-called hackers.

Emulex has teamed up with Sourcefire (now part of Cisco) as part of the Endace Fusion Ecosystem™ Program and announced the Endace Fusion Connector for Sourcefire Defense Center. This solution offers a best-of-breed, comprehensive next-generation intrusion detection system (NGIDS) that provides complete forensics visibility of impacted data in the case of breaches, and enables proactive prevention of future threats.

The Endace Fusion Connector for Sourcefire Defense Center works by connecting users to the precise network packets that they need to diagnose, respond to and establish the root cause of a problem through an elegant and seamless workflow. EndaceProbe™ Intelligent Network Recorders (INRs) are deployed at strategic/relevant points across the network to provide 100 percent packet capture at speeds up to 100Gb Ethernet (100GbE). Leveraging the EndaceProbe INRs’ RESTful API, users can click on a Sourcefire Defense Center event and pivot straight to the packets of interest which are delivered to the user as a .PCAP or .ERF file for deep analysis in a protocol analyzer, such as Wireshark.

With total visibility, you gain contextual awareness, correlating extensive amounts of data related to IT environments to make more informed security decisions and implement policies and controls to defend your network. This allows you to rapidly gain deeper insight into critical problems and ultimately lower time to resolution (TTR).

So I guess my old basketball coach was right, the best offense is a good defense.  It just depends on the application. The new Endace Fusion Connector for Sourcefire Defense Center is available for free from the Sourcefire community downloads page.

Learn more about the Endace Fusion Connector for Sourcefire Defense Center here.

 

Come visit Emulex at RSA and win a chance to be a fighter pilot for a day!

The Endace division of Emulex is exhibiting at RSA 2014 (Booth #2333, South Expo Hall) scheduled from Monday, February 24th to Thursday, February 27th at the Moscone Center in San Francisco, CA.

We will be giving presentations in our booth theatre every hour on topics ranging from how IT departments are deploying Endace Network Visibility Products to improve response times for security incidents to how our valued partners and customers are actually putting these solutions to use in real-world scenarios. We will have guest speakers from our partners including Lancope and Sourcefire in our booth theater presenting on topics including optimizing Security Operations (SecOps) workflows and improving network forensics capabilities to using NetFlow to streamline security analysis and response to cyber threats. Don’t miss it!

In addition to showcasing the Endace Network Visibility Products, we will be offering attendees the opportunity to win some great giveaways including a grand prize giveaway from Nationwide Adventure worth $1,500 and good for everything from race car adventures to being a fighter pilot for a day! With more than 18,000 adventures to choose from, you no longer have to wait for a mid-life crisis to make it happen. Everyone is a winner with Emulex because even if you don’t win the grand prize, you can still spin our “Wheel of Giveaways” and have a chance to win a bevy of gifts ranging from really cool Journey Cooler backpacks to Jawbone Jambox Bluetooth speakers!

And it doesn’t stop there… for showing our appreciation of being a valued customer and attendee, we offer you the opportunity to attend our much coveted customer appreciation cocktail party taking place Tuesday, February 25th, 8 p.m. to midnight at the world-famous Clift hotel in The Rita / Ava Room, which is located on the mezzanine level, and features dramatic white velvet curtains, etched Venetian mirrors and modern banquet furniture that is perfect for enjoying a nice dirty martini while you unwind with your industry peers! And if that doesn’t tickle your taste buds, we will also provide professional cigar rollers who will be on hand to roll you a cigar Don Corleone would even be envious of! Register now before it’s too late.

We look forward to seeing you all at RSA so come ready with curious minds and a healthy appetite for fun and adventure!

 

Going for the Gold with Next Generation EndaceDAG Data Capture Cards

Okay, I admit it I am a big sports fan, and just like many of you, I enjoy watching great competitions, unlike this year’s Super Bowl. That is unless of course  you’re a Seahawks fan. But every two years, we get treated to the Olympic Games. Whether they are the winter or summer games, the excitement and competition of each event include outcomes determined by fractions of a second. The Olympic judges have the benefit of precise timing equipment and instant replay to make decision on scoring each athlete. They are well aware that the accuracy of this equipment can be the difference between gold, silver or bronze, or maybe missing the podium altogether, not to mention national pride.

Another area where precise accurate timing and replay is essential is network packet capture and recording. Network and security operations teams gather and use this information to resolve network and application performance issues as well as security related events. But to make the recorded data valuable, it must be accurate (high-resolution timestamps), complete (not sampled), and collected from the right places in the network.

Emulex has strengthened its position as the leader in data capture and intelligent network recorders by introducing its next generation EndaceDAG™ Data Capture Cards with Precision Time Protocol (PTP) hardware timestamp capability. PTP is approximately three orders of magnitude (1000 times) more precise than previous technologies (e.g. network time protocol or NTP), offering sub-microsecond timing accuracy that can be implemented at a fraction of the cost of specialized network time appliances (e.g. GPS receivers). Unlike the competition, EndaceDAG Cards provide PTP support through a dedicated 1Gb Ethernet (1GbE) port, which increases your return on investment (ROI), effectively enabling all 10GbE ports on the card to be used for network data streams.

Next generation EndaceDAG Data Capture Cards offer a broad range of features and outstanding performance. EndaceDAG Cards capture 100 percent of available network traffic from the wire, timestamped and transferred to host memory without loss and without impact to live network traffic. This capability makes network key performance indicators (KPIs), such as network latency and packet loss, easier to measure and allows network operation teams to take quick, decisive action to remedy issues at the network packet-level and lower time-to-resolution (TTR).

The next generation o fEndaceDAG Cards provide industry-leading port density advantage with offerings in both dual-port and quad-port 10GbE configurations along with a dedicated PTP port. This effectively doubles port density and halves the price per port when compared to competing solutions that do not offer dedicated PTP ports. It provides a 2:1 port density advantage for customers using the dual-port EndaceDAG Card and a 4:1 port density advantage for customers using the quad-port EndaceDAG Card in PTP applications.

Furthermore, the EndaceDAG Card provides hardware-based processing of a host of enterprise protocols and encapsulated telecom protocols such as GPRS Tunneling Protocol (GTP) and Generic Routing Encapsulation (GRE) for load balancing, classification and filtering that allows EndaceDAG Cards to be deployed in core, mobile, enterprise and cloud network environments.

You can learn more about next generation EndaceDAG Data Capture Cards here.

 

How to Keep Sochi From Sucking Up Bandwidth

The Sochi Winter Olympics are officially underway, and as you may have seen, NBC will once again be providing viewers access to live streaming in a multitude of mediums. On the NBCOlympics page, computer users can enter their cable or digital television provider personal user name and password and watch live video of the events. Mobile viewers can also download the free NBC Live Extra App. The iPhone, Droid and iPad app will have live and recorded events, and on demand HD video.  And for the first time, NBCUniversal will stream video on Facebook as part of a partnership deal with the social media giant.

The games run until February 23, which includes 10 business days of events.  Given the time difference, many of the events will air during normal working hours throughout the U.S.  As NBC makes it easier and easier to bring the Olympics viewing experience to the office, are network operations staff prepared for the potential bandwidth onslaught? Employees don’t always realize the impact they can have on network performance and don’t understand how watching something as exciting as the cross country skiing finals could impact their entire company.

Streaming video can be an enormous bandwidth hog and can occupy much more network resources than almost any other application. At a remote office location, even one person watching live video coverage of the Olympics can bring an entire LAN to a standstill. And it doesn’t take more than a handful of viewers at large sites to slow the network to a point where customers have difficulty accessing the company’s Web site or the quality of Internet-based telecommunications tools (like Skype) degrades.

This problem has only been exacerbated by the influx of personal mobile devices into the enterprise, all of which are sucking up bandwidth from the corporate wireless network, which is generally more bandwidth constricted than the fixed-line Ethernet network.

The only way to analyze this traffic and be able to reroute it or add more capacity is to have full visibility into the network.  There are a couple of “best practices” that make performance of this task more likely to result in a successful outcome.  These include:

  • Baseline your networks BEFORE you need to start “allocating” bandwidth.  If you know what your normal network needs are, you are in a better position to set Quality of Service (QoS) policies to guarantee bandwidth for your mission-critical applications.  Most importantly, don’t be satisfied with simply knowing the “average” bandwidth required – look across a several-day baseline to see usage by hour, and pay close attention to if/when you have microburst activity (applications causing his will most likely be the ones impacted first if your network becomes saturated).
  • Since it is likely that most “non-business web browsing” will happen on Bring your Own Devices (BYODs), which are nearly universally wireless, think about isolating your wireless network from your mission- critical network, and consider putting limits on the outside bandwidth served to that network.
  • Monitor your network closely, and look for signs of issues proactively.  High-resolution network visibility tools are critical to ensuring you will see problems before they impact your enterprise.
  • Assume you will run into issues, and plan what your options are when they occur.  If your playbook has already thought-out and documented options to deal with issues, it is far more likely that you can mitigate issues quickly.

Learn more about our network visibility solutions here, and we, like many others around the world, look forward to watching the best of the best compete in Sochi for this year’s Winter Olympics!

** this blog was originally posted to APM Digest