RE: Failover internet connections, and implementation...

[<jmacaranas () fxdd com>]

An option is if the internet provider supports BGP IIRC you can do load
balancing on 2 internet connections or buy a SMB hardware that will do
connection fail over. (roughly <$85)

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Dan Denton
Sent: Tuesday, October 23, 2007 2:19 PM
To: security-basics () securityfocus com
Subject: Failover internet connections, and implementation...

I've a question about failover internet connections. I'm interesting in
knowing what kind of implementations that other SMB's use for
redundancy,
and to switch to in the case of a DOS attack. 

Do any of you have redundant highspeed internet connections for your
offices
(versus those for datacenters)? If so, what kind of setup do you have?

Here's the setups I'm considering...

1. Have a second cable modem/dsl modem active, but not hooked into the
network. In the event of a failure, move the connection for perimeter
devices over to the standby connection and reconfigure the perimeter
device
to use a different IP.

2. Have a second set of perimeter devices (firewalls) programmed to use
the
IP's on the second connection, as a hot standby.

My problem with the first option is the time it would take to
reconfigure
firewalls and IDS' to use the other ISP's connection. The problem I have
with the second is the expense of firewalls and IDS' just sitting there
idle. 

Any input is greatly appreciated!


Dan 




--------------------------------------------------------------------------------------------------------
This message and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom it is
addressed. It may contain sensitive and private proprietary or legally
privileged information. No confidentiality or privilege is waived or
lost by any mistransmission. If you are not the intended recipient,
please immediately delete it and all copies of it from your system,
destroy any hard copies of it and notify the sender. You must not,
directly or indirectly, use, disclose, distribute, print, or copy any
part of this message if you are not the intended recipient. 
FXDirectDealer, LLC reserves the right to monitor all e-mail 
communications through its networks. Any views expressed in this 
message are those of the individual sender, except where the 
message states otherwise and the sender is authorized to state them.

Unless otherwise stated, any pricing information given in this message
is indicative only, is subject to change and does not constitute an
offer to deal at any price quoted. Any reference to the terms of
executed transactions should be treated as preliminary only and subject
to our formal confirmation. FXDirectDealer, LLC is not responsible for any
recommendation, solicitation, offer or agreement or any information
about any transaction, customer account or account activity contained in
this communication.