Gigamon Systems @ Interop New York 2007
Netwitness @ CSI Conference 2007

Bypass Switch for Fail-Safe IPS Deployment (by Trent Fierro)

Netoptics_logoVendor Profile - Trent Fierro is the Marketing Manager of Net Optics. Net Optics is the leader in innovative passive in-line devices for network security, traffic analysis, and IT monitoring solutions. Our products are used to access and monitor networks by enterprises, service providers, and government organizations globally. Leading vendors of protocol analyzers, RMON probes and IPS appliances have chosen Net Optics products to sit in the networks of their customers—from T1 Wan to 10 Gigabit links.

Introduction

The growth of the Internet is driving the need for global networks to connect businesses, organizations, and individuals together. The need to control and protect the flow of information has dramatically increased as well. Malicious and unpredictable attacks have become commonplace and have blurred the lines of responsibility between IT network and security organizations. As a result, both groups often deploy separate tools and monitoring devices on the same important, business-critical network links.

Firewalls are security control points that can be either standalone devices or embedded in network routing equipment. Firewalls operate by applying a set of rules whereby packets are checked as they pass through the network. Since the networking team usually manages firewalls, the security team is often challenged in its efforts to stay abreast of changes to the network and the rules being applied. As threats and viruses became more prevalent and transparency became an issue, the need for more sophisticated and targeted security devices conflicted with the analysis equipment used by the network team.

Intrusion-prevention system (IPS) appliances were developed to provide security teams with a device that could be placed in the direct flow of traffic within network links. An IPS not only notified network security administrators of suspicious activity, but could also respond to that activity by manipulating or blocking traffic. These devices were an improvement over firewall security measures because the IPS appliances allowed security managers to make real-time decisions based on application content rather than by IP address or port. Furthermore, most IPS appliances allow physical layer protocols and encrypted traffic to be monitored.

The Challenge

Regardless of the type of monitoring device being placed in-line within a network link both the network and security teams encounter similar issues. Network outages and downtime are required to install a monitoring device, and if it fails or needs to be moved, the physical stream is once again interrupted. For most, introducing a recognized, potential point of failure into the network is a truly unacceptable solution.

Creating a solution that addresses the concerns and connectivity issues experienced by both the network and security teams within an organization has become increasingly critical.

Vendor Response to IPS Concerns

In response to these issues, the monitoring appliance vendors turned to Tap vendors to satisfy the need for passive in-line devices that help solve the problems that occur due to power loss, IPS malfunction or redeployment of the appliance. A device was needed that could be bundled with monitoring appliances and offered customers a tested solution—the Bypass Switch.

Common features would include dual power supplies, visual status indicators, dual network and IPS monitor ports. And, for optimum performance, a means to capture and provide reports on the health of the network would be essential.

State-of-the-Art Solution

Bypass Switches were created to remain in-line, copy traffic to the IPS, provide a path for the IPS to manipulate traffic, and maintain link continuity. Innovation came about by looking at the problem from multiple perspectives and combining features that address the following problems:

• The results of power loss at the Bypass Switch
• Power loss at the IPS
• The appliance being taken off-line for maintenance
• The effects of heavy traffic

For example, Net Optics, Inc. has broadened the control functions of its switches by incorporating intelligent technology into the iBypass Switch, providing network security administrators with access to links and devices from remote locations and even greater visibility into operations via real-time statistics.

As shown below, the fail-safe, in-line technology available via iBypass Switches maintains seamless traffic flow when connected to the same power source as the IPS—the traffic is not interrupted in the event of power loss.

Picture1

Picture2

Summary

In today’s business-critical environments, 24/7 link uptime is not an option. It is a strategic imperative. Fail-safe Bypass switch such as the Net Optics iBypass Switches can be used in-line to protect critical links from downtime when disruptive power, link, or application events occur, providing a permanent, flexible, and secure solution to minimize threats across the network.


Continue reading other LoveMyTool posts on Net Optics »

Comments