2011/08/19

Static IP Address ISP List

Filed under: virtualization — iben @ 17:40

Etheric

http://www.etheric.net/

Dedicated Guaranteed Speeds, ultra fast & no bandwidth caps from $199 a month

Wireless Business Service Plans

Fast, Symmetric Internet Access: Up to 45 mbps fast with our standard systems.
Fast Install: We can roll this afternoon in some cases, but generally within 2 -5 days is customary.
Stronger user rights and guarantees than ComCast or ATT.
Gigabit Service available using our high end radio services.
Robust Survivable Network. With multiple paths to fiber the etheric network of towers and data centers is is not affected by grid failure as are Cable and Phone companies.
Redundant diverse internet connectivity: Dual Internet connections guarantee very high up time, or by using our service in conjunction with your current ISP.

VIA.NET – VMAN

http://www.via.net/

Product: VMAN Fiber broadband
Term: 3 Years
Speed: 50 Mbits
Install $250
Monthly $2,750

Sonic.net Elite-S DSL

http://www.sonic.net/sales/broadband/dsl/elite_s_residential.shtml
$59.95/month
Features:
Download Speed: 3.0mbps – 6.0mbps
Upload Speed: 512kbps – 768kbps
IP Addresses: 8 Static (More Info <http://www.sonic.net/features/staticip/>)
Routed Subnets (DSL)
Several Sonic.net DSL offerings include blocks of static, bridged IP addresses. For some purposes, including larger networks or more advanced networking, it is advantageous to have more than 8 static IPs on a routed subnet.

Number of IPs	Subnet	Setup Fee
16	/28	$95.00
32	/27	$195.00
64	/26	$295.00
128	/25	$395.00

Prices reflect a one-time setup fee. Routed subnets are only available on Basic-S, Express-S, Pro-S, and Elite-S DSL circuits.

Sonic.net FlexLink

1.5-30 Mbps Business Class connection
starting at $229
FlexLink’s next generation network uses Ethernet in the First Mile to deliver new lower price points for higher speeds:

FlexLink Ethernet: Available today at 5Mbps, 7.5Mbps, 10Mbps, 15Mbps, 20Mbps, and 30Mbps symmetric speeds. This is the ideal step up for businesses that require outbound speed, and who may be outgrowing a current T1 configuration.

Comcast Business Cable

http://business.comcast.com/internet/plans.aspx

Choose an Internet package that’s right for you. Need help finding one? Take our speed demo.	Starter	Premium	Deluxe	Deluxe 100
Internet + Basic TV	$64.90	$104.90	$194.90	$374.90
Internet + Full Featured Phone Line	$99.00	$139.90	$229.90	$409.90
Internet + Basic TV + Full Featured Phone Line	$103.95	$144.85	$234.85	$414.85
Download/Upload Speeds*	12Mbps/2Mbps	22Mbps/5Mbps	50Mbps/10Mbps	100Mbps/10Mbps
Quick Comparison	8x Faster Than T1	14x Faster Than T1	32x Faster Than T1	64x Faster Than T1
Static IP AddressRefers to an unchanging or permanent Internet address code. Comcast can provide Static IP addresses to businesses that have their own IDS (Intrusion Detection System) or firewall.	Available 1 – $14.95/mo., 5 – $19.95/mo., 13 – $34.95/mo.

Verizon FIOS

http://www.verizonbusiness.com/Medium/products/internet/fios/options.xml

Purchase Options

Bandwidth Down/Upstream	Monthly Recurring Charge for Static IP		Monthly Recurring Charge for Dynamic IP
	No Term	Two Years	No Term	Two Years
Up to 15 Mbps / 5 Mbps			$94.99	$69.99
Up to 25 Mbps / 25 Mbps	$134.99	$109.99	$114.99	$89.99
Up to 35 Mbps / 35 Mbps	$154.99	$129.99	$129.99	$104.99
Up to 50 Mbps / 20 Mbps	$219.99	$194.99	$179.99	$154.99
Up to 150 Mbps / 35 Mbps	$239.99	$214.99	$229.99	$204.99

Early termination fees, eligibility restrictions, activation and other fees, taxes, charges, software limitations and other terms apply. FiOS Verizon Wi-Fi available in select areas in the U.S. with qualifying packages. Actual speeds may vary. Battery back-up for standard fiber-based voice service and E911 (but not Voice over IP) for up to eight hours.*
Need more than 25 Static IP addresses? Click here

Comments (0)

2011/08/11

Virtualization Security Round Table Podcast

Filed under: cloud,it,security,virtualization — iben @ 12:08

Virtualization Security Podcast | The Virtualization Practice.

Virtualization Security Podcast

The Virtualization Security Round Table Podcast provides an open forum to discuss all things related to Virtualization, Virtual Environment, and Cloud Computing Security. The podcast is hosted by Talkshoe, with the after podcast write-ups and notes are hosted here. The podcast can also be found on iTunes. https://itunes.apple.com/us/podcast/virtualization-security-roundtable/id302845147

Use Talkshoe to join us in our discussions every other week on Thursday at 2:30 PM EST.Call in with this info:

Phone Number:
(724) 444-7444
Call ID:
34217

To receive email notifications when new episodes are scheduled use Talkshoe’s Follow This feature. However to use this feature you most likely need a Talkshoe account.

You can also subscribe to the Podcast RSS Feed.

This podcast addresses many Virtualization Security items and is always looking for more ideas. Please contact one of the panelists or contact myself via Twitter, the VMware Communities Forum, or by submitting a comment below.

Expand to View all Virtualization Security Podcast Episodes

Our past guest panelists have included people from Altor Networks, Catbird Security, Cisco, Citrix, EMC, HyTrust, NetApp, PCI DSS, Reflex Systems, RSA, TrendMicro, VMware as well as other industry virtualization security groups, consultants, and auditors.

The static panelists of the podcast are:

Edward L. Haletky, Author of VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment and virtualization security analyst, as Moderator.
Michael Berman, Former CTO of Catbird Security
Iben Rodriguez, Independent Virtualization and Cloud Security Advisor and Maintainer of the VMware vSphere ESX Hardening Guidance from CISecurity
Hemma Prafullchandra, CTO of HyTrust

Our podcasts are equalized by Tim Pierson of DataSentry Inc, who is a contributing author to VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment and virtualization security trainer.

ESX vSwitch L2 Security

Filed under: it,security,virtualization — Tags: arp, esx, mac address, network, security, vmware, vswitch — iben @ 11:58

VMware vSphere ESX Host Virtual Switch Layer 2 Security Features

The virtual switch has the ability to enforce security policies to prevent virtual machines from impersonating other nodes on the network. There are three components to this feature. These should all be set to “REJECT” to enable the security feature.

•Promiscuous mode is disabled by default for all virtual machines. This prevents them from seeing unicast traffic to other nodes on the network.

•MAC address change lockdown prevents virtual machines from changing their own unicast addresses. This also prevents them from seeing unicast traffic to other nodes on the network, blocking a potential security vulnerability that is similar to but narrower than promiscuous mode.

•Forged transmit blocking, when you enable it, prevents virtual machines from sending traffic that appears to come from nodes on the network other than themselves.

Cisco Nexus 1000v Switch Layer 2 Security

MAC ACLs

MAC ACLs are ACLs that filter traffic using information in the Layer 2 header of each packet.

http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0/security/configuration/guide/security_9mac_acls.html

Port Security

Port security lets you configure Layer 2 interfaces permitting inbound traffic from a restricted set of MAC addresses called secure MAC addresses. In addition, traffic from these MAC addresses is not allowed on another interface within the same VLAN. The number of MAC addresses that can be secured is configurable per interface.

http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0/security/configuration/guide/security_10port.html#wp1210839

DHCP Snooping

DHCP snooping acts like a firewall between untrusted hosts and trusted DHCP servers by doing the following:

•Validates DHCP messages received from untrusted sources and filters out invalid response messages from DHCP servers.

•Builds and maintains the DHCP snooping binding database, which contains information about untrusted hosts with leased IP addresses.

•Uses the DHCP snooping binding database to validate subsequent requests from untrusted hosts.

Dynamic ARP inspection (DAI) and IP Source Guard also use information stored in the DHCP snooping binding database.

http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0_4_s_v_1_2/security/configuration/guide/n1000v_security_12dhcpsnoop.html#wp1272686

Dynamic Address Resolution Protocol (ARP) Inspection (DAI)

DAI is used to validate ARP requests and responses as follows:

•Intercepts all ARP requests and responses on untrusted ports.

•Verifies that a packet has a valid IP-to-MAC address binding before updating the ARP cache or forwarding the packet.

•Drops invalid ARP packets.

DAI can determine the validity of an ARP packet based on valid IP-to-MAC address bindings stored in a Dynamic Host Configuration Protocol (DHCP) snooping binding database. This database is built by DHCP snooping when it is enabled on the VLANs and on the device. It may also contain static entries that you have created.

If an ARP packet is received on a trusted interface, the device forwards the packet without any checks. On untrusted interfaces, the device forwards the packet only if it is valid.

http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0_4_s_v_1_2/security/configuration/guide/n1000v_security_13arpinspect.html#wp1329252

IP Source Guard

IP Source Guard is a per-interface traffic filter that permits IP traffic only when the IP address and MAC address of each packet matches the IP and MAC address bindings of dynamic or static IP source entries in the Dynamic Host Configuration Protocol (DHCP) snooping binding table.

You can enable IP Source Guard on Layer 2 interfaces that are not trusted by DHCP snooping. IP Source Guard supports interfaces that are configured to operate in access mode and trunk mode. When you initially enable IP Source Guard, all inbound IP traffic on the interface is blocked except for the following:

•DHCP packets, which DHCP snooping inspects and then forwards or drops, depending upon the results of inspecting the packet.

•IP traffic from static IP source entries that you have configured in the Cisco Nexus 1000V.

The device permits the IP traffic when DHCP snooping adds a binding table entry for the IP address and MAC address of an IP packet or when you have configured a static IP source entry.

The device drops IP packets when the IP address and MAC address of the packet do not have a binding table entry or a static IP source entry.

http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0_4_s_v_1_2/security/configuration/guide/n1000v_security_14sourceguard.html#wp1096775

Reference Links

http://www.vmware.com/files/pdf/dmz-vsphere-nexus-wp.pdf

http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/vmware/VMware.html#wp696333

Labels: