Added Security via Network Traffic Management
Network traffic management can have a useful side effect: added security. By setting policies for unknown applications, they can in most circumstances be contained, so the risk of a worm flooding your entire bandwidth is reduced.
Allot has introduced specific features on its NetReality WAN appliance to help against denial of service (DoS) attacks. “If the server has 100 connections per second, and this suddenly jumps to 800 per second, then there's a good chance that a DoS attack is under way,” says Antoine Guy, Director of Global Marketing at Allot Communications.
“If this happens, we can set off an alarm and execute a script automatically to create a policy and shrink the bandwidth allocated to it, so the hacker probably concludes he has succeeded, when in fact the rest of your network is operating normally. You can then store the IP address and blacklist it.”
Limitations of Router-based Traffic Control
As an alternative to installing dedicated network management appliances, many companies try to control traffic at the router, but there are several problems associated with this. Routers can’t actually look into the application layer, so the control they offer is necessarily very much less targeted. And a dedicated appliance — installed on the WAN, like NetReality, or behind the WAN access router, like PacketShaper — is also much quicker to implement, as setting up each router can potentially be a long-winded and complex affair.
“This technology can deliver benefits on the first day, and a reason that these appliances are popular is that their cost is very low compared with the cost you’d incur on consultancy and upgrading all your routers,” says Guy. A NetReality solution for a 45 Mbps WAN costs under $20,000, he says. “Our studies show a typical ROI of 4-5 months, with 10 months at the longest.”
It may be that an organization simply does not have enough bandwidth to run all its mission-critical applications — after all, companies’ needs change, and WAN bandwidth upgrades are inevitable from time to time. But what seems clear is that without some way of managing the traffic on a network, it’s almost impossible to ensure there will ever be enough bandwidth, whatever the capacity of the WAN. So if your company has shelled out hundreds of thousands of dollars for an SAP or a PeopleSoft implementation, for example, then spending a few thousand dollars more is not an unreasonable additional investment to consider for ensuring your mission-critical apps don’t run too slow and your business doesn’t grind to a halt.