IP ENFORCER

As more independents introduce IP services to their consumers, they're realizing that it can be a big, bad dangerous world. IP attacks are a problem that show no signs of slowing, and independents with limited budgets are often without the financial and technical resources the big carriers have when it comes to defending themselves.

Two-year-old network security firm Subsentio (Latin translation: to notice secretly) has stepped in to focus on finding solutions to better protect rural independents. Subsentio uses a systems integration approach in cooperation with different partner vendors to develop applications tailored to each client's unique situation. Components include firewall, intrusion detection, intrusion prevention, anti-virus and Web-content filtering, which allows carriers to offer the option of blocking inappropriate content sites for children and employers. The feature is often a draw in Bible Belt markets, said Subsentio President Steve Bock.

The company offers its iPolicy Intrusion Prevention Firewall in combinations with Allot Communications' NetEnforcer traffic management solution and Allot box, which detects network threats. The idea is to keep IP networks safe from attack while optimizing costly bandwidth.

“My guess is that 10% to 20% of the bandwidth that's being used today in the rural telco space is junk,” Bock said. “It's worms, it's viruses, it's DOS attacks. Since bandwidth is so expensive for these guys, because they're so far from the metro areas, it only makes sense to make it more efficient by cleaning that bandwidth first and not just throwing bandwidth at the problem, which is what typically happens.”

Rice Belt Telephone, which serves around 1000 customers in a 275 square-mile area in rural Arkansas, was unaware of the amount of garbage that was coming through in its newly launched Internet business. The telco had rolled out dial-up and DSL business and had not received a sizable number of complaints yet because its customers were still so new to the service. However, one area it did see problems was in its home office.

“We were just getting all kinds of viruses on our computers in our business office,” said Bob Pierson, president and CEO of Rice Belt. “We couldn't have that destroying any of our accounting records or customer records so we had to do something to protect all that. Subsentio offered to put the equipment in for a week or two weeks so that we could see if it blocked everything that we hoped it would. We just didn't know how much stuff was coming in through Web sites and attached to e-mails and all that sort of thing that was coming in our system until the iPolicy piece of equipment was installed, and then we could really see it.”

Subsentio uses Allot Communications' gear as eyes on the network, to investigate the source of problems and slowdowns.

“You can get really granular and see exactly what kind of traffic is going on,” Bock said. “By putting that on there, we were able to analyze how much bandwidth a particular client was using and found out that he was only using 5% of his bandwidth. He didn't go out and get another T-1 because that wasn't the problem. The problem was all of this junk floating around.”

Bock says some independents don't realize their existing security measures might be inadequate at first. At the same time, they admit to having customers bringing in laptops and servers, requesting clean-up of harmful worms and viruses, sometimes even going through the expense of rolling trucks or hiring freelance troubleshooting help.

“That's very consistent with all of these guys,” he said. “Their clients — even though they might have gone to a pornographic site and downloaded something malicious, for example — are blaming the rural telcos for inspecting their computers,” Bock said.

Once the solution is in place, ongoing updates are necessary to keep up with denial of service (DOS) and other attacks launched almost daily. The iPolicy device attracts attacks on an open network, Bock said, almost like a honeypot so that the system can update itself of the newest viruses and worms.

“Rural telcos, carriers in general, have always been vulnerable to hackers constantly trying to find holes in the networks,” Bock said. “One reason would be that they can get anonymity once they come in and then hairpin back out of that. People may not be able to trace where they're coming from. One of our clients, for example, had someone come into their switch from mainland China, hairpin back out and do a DOS attack on someone in Taiwan. So these networks are constantly being used a lot of times as jumping off points to propagate problems elsewhere.”

With the influx of cable companies and other larger national ISPs providing broadband, rural independents need to compete on the same footing. Bijou Telephone Co-op, which serves 10,000 homes and businesses with dial-up, DSL and wireless Internet access in a 800-square mile area 50 miles east of Denver, is facing encroaching competition and wants to let its customers know that it can offer similar features — such as parental content controls — as larger providers do.

“What we're really trying to do is to say, ‘We can do that, too.’ Just because we're smaller, we're certainly not less capable of those types of features that [customers] may find beneficial,” said Bill Buchanan, executive vice president of Bijou Telephone. “It's not that we're going to go out there and really market it as an ancillary service that people have to pay for. It's going to be more of a value-added feature to our existing service.”

Bijou deployed the iPolicy Intrusion Prevention Firewall because spam, viruses and worms that customers would download congested its network, causing frequent outages. Since they have installed the firewall, Buchanan said network performance has improved substantially. Perhaps even more important is that the company's network service manager has been able to focus his efforts on improving overall service, not just troubleshooting.

“It's amazing how fast it works, it really opened up the network and the server,” he said. “How I think of it is that it was being suffocated by e-mails — it was kind of like putting an oxygen tank on it, and it started breathing again.”

Bock said DOS attacks, worms and viruses, particularly ones originating in foreign locations, only will continue as independents progress further into the IP world. Add on the increasing number of IP devices being attached to the network by customers, and the number of targets jumps exponentially.

“I think the last figure I saw from Semantic was a 332% spike in worms and viruses in the second half of 2004, and that trend just continues,” he said. “Voice-over-IP networks — once there's enough usage out there — people will start hacking into them, and I don't see any end in site to this. Since we've been doing this, there's always been more and more problems, not less.”

For continuing coverage of the independent telco landscape, sign up for Telephony's Independent monthly newsletter:
http://telephonyonline.com/newsletters/