3 posts categorized "Network Access Control" Feed

The Do's and Do NOT's of using SPAN Ports (by Darragh Delaney)

The do’s and do not's of SPAN ports!

A mirror or SPAN (switch port analyser) port can be a very useful resource if used in the correct way. SPAN ports are typically found on network switch gear although their features vary among switch vendors. They are commonly used for network appliances or software applications that require monitoring of network traffic, such as an intrusion detection system or application performance management.

While all this sounds great you do need to be very careful with the way you use SPAN ports. On the Cisco Catalyst 5500/5000 and 6500/6000 series switches, a packet received on a port is transmitted on the internal switching bus. Whether one or several ports eventually transmit the packet has absolutely no influence on the switch operation.

The problems with SPAN ports start when you overload them with data. A typical example would be where someone has a bunch of servers connected to a core switch and they try and mirror all of these ports to a single SPAN port. Chances are the port will become oversubscribed resulting in dropped packets on the SPAN port. In some extreme cases the switch may even throttle back on its own operations if the SPAN port is receiving too much data.

Tap span

Continue reading "The Do's and Do NOT's of using SPAN Ports (by Darragh Delaney)" »


Why Invest in a Product that is Built Around a Modular Design? (by George Bouchard)

Why is Modularity important when considering purchasing a network access product? Well, for example, it may not be practical to design a house in a modular fashion, but if it were practical, then you could build your house exactly the way you wanted it for your needs today.  And if you only had the need for two bedrooms today, you could design it that way.  As your family grew, you could then add more bedroom modules to accommodate the growth of your family or your mother-in-law coming to live with you.

Modular Network Access Image 
Modularity gives you flexibility…you only have to purchase what you need today, and you can add or change functionality as your needs expand. 

So, when considering equipment to provide Network Access for the tools you need to keep your network safe, secure, and in compliance; it would be wise to consider ProfiTAPs extensive line of modular and flexible full bandwidth access technology.

The ProfiTAP's System will give you the flexibility you need to solve your network access problems today and is so flexible it can be changed to meet your needs of tomorrow.

When it comes to networks, you can guarantee one thing -- the network will GROW. 

It always does. Even in the smallest of networks, like the one you have in your home, will grow and change.  You will need to add tools and access more links.

ProfiTAPs motto - "It all starts with Visibility"

Continue reading "Why Invest in a Product that is Built Around a Modular Design? (by George Bouchard)" »


Improving Network Recording and Storage Efficiency with Taps, Aggregation and Filtering

 

Introduction

Most large computer networks are improving their storage infrastructure to meet compliance and security standards.  The deployment and resources required to improve security are under constant assessment. Business and technology are both driving the requirements for improved storage solutions.

 

 

Framework

Providing adequate storage solutions throughout a network is not always technically or financially feasible.  While storage costs per terabyte continue to decline, methods to efficiently manage storage facilities must evolve. 

 

 

Storage-1


Figure 1 - Typical Network Diagram With Probe Deployment using Port Mirror

 

 

 

Network recording has become commonplace for security, compliance and network analysis purposes.  Frequent backups of databases and other high volume traffic can drastically decrease the amount of available storage.  Backing up databases across a network for offsite storage requires adequate bandwidth and is often done so that all data is stored at another location. 

 

 

Recording traffic as it moves from one location to another is conveniently done at egress points of a local network.  Recording of database transfers is often not necessary for compliance or security purposes on a local recording device.  The database is fully transferred to another location, and this becomes the backup copy.  Network data, VOIP conversations, web and application traffic is what is necessary to be recorded.  Eliminating only database backups at the egress recording location has been problematic until the development of filtering TAPs.  

 

Continue reading "Improving Network Recording and Storage Efficiency with Taps, Aggregation and Filtering" »