Security at Fiber Speeds

It's no secret that a gigabit network can challenge the processing power of gigahertz microprocessors. So when local fiber ISP Dalton Utilities started looking for a gateway security solution, there were few options.

by Alex Goldman ISP-Planet Associate Editor [May 3, 2004]

Dalton, Ga.-based Dalton Utilities may be based in a small town, but that small town is the center of a big business. The "Carpet Capital of the World" is home to a large number of companies clustered around two giants, Shaw Floors (now part of Berkshire Hathaway) and Mohawk Carpet.

Dalton Utilities is the local provider of electricity, water, sewage, and natural gas. Founded in 1887 as Dalton Water Works, the company became semi-public when, in 1893, the Board of Water Commissioners was created. The town's mayor appoints the commissioners.

Jon Davies, Dalton Utilities' assistant manager of telecommunications, explains, "we're tax exempt, but we do not take tax dollars."

Davies says the local government asked his company to start providing broadband. "The city said, 'what do you think about this? We want to see this. We think it would be good for Dalton.' The city wanted to bring in more big business and also help the carpet industry."

The end result was positive. "The city had asked the incumbents nicely to upgrade. Then it took matters into its own hands and allowed us into the game. Where they were pushing off upgrades of the network, now the incumbents are expediting them."

The utility started its fiber build by constructing a network it would use itself, the Supervisory, Control, and Data Acquisition (SCADA) network. Any ISP interested in working with a utility to build a network should sell this first.

Utilities lack the asset tracking software that ISPs use everyday and that many ISPs take for granted. Even though every element of a utility's network is connected, most have no Network Operations Center where problems can be monitored and fixed in real time, but every twenty-first century utility wants such a command center.

After the utility completed its SCADA network, it connected major business customers, giving them their own fiber lines. "We started deploying optic fiber to tie together the carpet mills and other facilities."

Davies says it was an obvious business opportunity, and the ILECs could have been there ahead of Dalton Utilities. "We're a small rural town," he says, with bitterness mitigated by the fact that the ILECs' failure gave him his current job. "The incumbents were not moving fast at all."

Initially, the utility took the obvious choice, and looked to San Jose, Calif.-based Cisco Systems. But there were problems with the company's PIX firewalls.

"We had problems with IPSec pass-through," says Davies. "And, to be honest, it was hard to manage, so we thought, 'let's look around.' We got one of ServGate's boxes in to demo, and it withstood the impact of the network, which was very dirty at the time."

Other firewalls were not right for the ISP environment. "They were either outrageously expensive or were for a single enterprise situation."

The FTTH network is not a single enterprise. "It is segregated into smaller groups of customers. We distributed several ServGates, and now we can scan for viruses on the fly bidirectionally."

It's not a cheap network. The other products the company uses are popular in Europe and Asia, where businesses have more bandwidth. The company is using Alcatel's Fiber to the User (FTTU) system, which provides up to 20 Mbps per user. The company uses Mirapoint's mail system, which is probably the most expensive appliance-based mail system available, and also quite possibly the best.

Running a NAT environment for customers brings real responsibility (about 5 percent of residential customers use static IP). "ServGate scans on FTP, SMTP, POP3, and it does all of that in conjunction with our mail system. I'm looking forward to [future ServGate modules that will allow me to] check for infection in IM and HTTP. I believe that the majority of viruses are transmitted through P2P and e-mail."

If you're an ISP, protecting customers is also about protecting yourself. It's a virtuous circle. "We've got e-mail covered, but we want to nail down other sources of infection without being invasive," says Davies. "We've got to protect our environment."

Above all, Davies is pleased with ServGate's customer service. "I'm seen excellent service from major vendors," he says. "But ServGate was very responsive to our needs. We put in a feature request and got it in two weeks. They gave us a comfort level that should we run into issues, they'd be there. They're not like Cisco. They're not so big that they're inefficient."

As an ISP, Davies understands service. "That's how utilities operate," he says. "We have that too." Customer service, good equipment, and scrambling, backward ILECs—that's a profitable combination for an ISP.

— End