tag:blogger.com,1999:blog-4088979.post8180167504874423936..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: Why Network TapsRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger18125tag:blogger.com,1999:blog-4088979.post-63210463052817866032013-04-16T06:07:07.914-04:002013-04-16T06:07:07.914-04:00Just stumbled across this article and wanted to ju...Just stumbled across this article and wanted to just lend my voice to the pro-network tap side of the argument.<br /><br />So many more advantages that it amazes me that more people don't utilise the hardware.<br /><br />Keep up the good work.<br /><br />TStrafficsharehttp://www.datacomsystems.com/products/network-tapsnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-41137367616143833822009-09-05T16:25:38.034-04:002009-09-05T16:25:38.034-04:00We have been looking at two solutions a data aggre...We have been looking at two solutions a data aggregation switch and aggregation taps. Both are similar in features. We most likely will go with the aggregation switch for the filtering capabilities and some more basic taps as well. here is a some info I found helpful on why network taps are needed. http://www.nextgigsystems.com/network_taps/what_are_network_taps.htmlAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-29476095565537946692009-07-13T16:34:11.851-04:002009-07-13T16:34:11.851-04:00APCON seems to have a very complementary offering ...APCON seems to have a very complementary offering to network taps with the most scalable platform I have seen in the industry. They have a very nice management offering too. www.APCON.comAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-12130687785649749402009-02-01T19:25:00.000-05:002009-02-01T19:25:00.000-05:00Well said. I have had to go against our network ar...Well said. I have had to go against our network architect over this subject. The only point that counters taps is the magical word "inline" and "outage." I think I have the tide turned after bringing in a few consultant engineers to show that hardware bypass and failing open work. Now I can use a single tap to monitor traffic for a variety of security purposes.Anonymoushttps://www.blogger.com/profile/05184514838073792623noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-28377462120196614922009-01-31T21:50:00.000-05:002009-01-31T21:50:00.000-05:00Totally agree. The main function of a switch is to...Totally agree. The main function of a switch is to deliver traffic, if it is under heavy load then not all packets will get to the SPAN port. Taps versus SPANs hasn't been the issue for me, it's the number of redundant links, tools which need to see those links, strategy about system placement (both physical and virtual). On top of this we have a bunch of 10Gb links. Currently we use taps and feed them into Gigamons so we can better meet our needs. Things get very messy fast when you need to monitor communication between tiers of application environments. :-)Scott Burchhttps://www.blogger.com/profile/06520510377860958577noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-60675802625372271642009-01-30T05:16:00.000-05:002009-01-30T05:16:00.000-05:00Vivek,I know that Network Critical ( www.networkcr...Vivek,<BR/><BR/>I know that Network Critical ( www.networkcritical.com) provides SMART TAP’s with port lock, so you can (remotely) open en lock the monitoring ports. This prevents people from plugging in a cable and sniff the traffic.<BR/><BR/>There are so many different kind of TAP’s available. You also have to consider what you need and from there you choose the best solution. Do you want to have breakout or aggregation or work with span feeds, regeneration of the traffic. There are even SMART TAPS that you can program for every function so you always have the right choice.<BR/><BR/>You only have to keep in mind that there is a differents between Copper 10/100 and Copper Gigabit if it comes to TAP’sAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-33889571674178146942009-01-29T17:56:00.000-05:002009-01-29T17:56:00.000-05:00Hi Richard - we did a review of TaoSecurity on our...Hi Richard - we did a review of TaoSecurity on our own blog (because it's a great blog and resource). Just thought you might want to take a look here: http://www.anuesystems.com/blog/?p=39Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-83798477273349439012009-01-29T14:42:00.000-05:002009-01-29T14:42:00.000-05:00Gigamon deserves a mention here too:http://www.gig...Gigamon deserves a mention here too:<BR/><BR/>http://www.gigamon.com/span_port_or_tap.phpAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-13856817076788000672009-01-28T19:32:00.000-05:002009-01-28T19:32:00.000-05:00If you're really worried about network reliability...If you're really worried about network reliability, perhaps you should use a simple optical or copper tap. Some are better than others, but you can use an aggregating tap at a higher level than the "dumb" device. This would eliminate the problem that "Joe" talked about with power failures as these devices are not powered. This also eliminates any type of software or firmware bug from possibly bringing down your network. See http://www.vssmonitoring.com for more details.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-89576895807238667132009-01-28T10:36:00.000-05:002009-01-28T10:36:00.000-05:00Vivek, how do you physically secure the rest of yo...Vivek, how do you physically secure the rest of your networking equipment and cabling? It's all presumably in the same place, and if the TAP is vulnerable to someone walking into the LAN closet and connecting to an interface then everything else is likely vulnerable, too. I'm not sure a TAP should be any more worrisome than a physical attack against all your other equipment.Nathaniel Richmondhttps://www.blogger.com/profile/16307898781407130985noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-50531225371270478702009-01-28T06:55:00.000-05:002009-01-28T06:55:00.000-05:00Vivek,Most network taps are "dumb," meaning they d...Vivek,<BR/><BR/>Most network taps are "dumb," meaning they don't even have an interface. There is nothing to configure. So-called "smart" taps might run a Web server or allow serial access so authorized users can see network traffic statistics. There is no device on the market that will only expose traffic to "authorized applications," unless you want to put a full-fledged inline device on the wire in place of the network tap.Richard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-42489424846250927482009-01-28T04:26:00.000-05:002009-01-28T04:26:00.000-05:00Good entry blog.Another article about TAPS vs SPAN...Good entry blog.<BR/><BR/>Another article about TAPS vs SPAN by Tim O´Neill: <A HREF="http://www.lovemytool.com/blog/2007/08/span-ports-or-t.html" REL="nofollow"> SPAN Port or TAP? CSO Beware (by Tim O’Neill) </A>Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-46339679222471925072009-01-27T21:44:00.000-05:002009-01-27T21:44:00.000-05:00What is the best way to secure a network tap so th...What is the best way to secure a network tap so that only authorized applications are allowed to look at traffic ?<BR/><BR/>Some switch owners fear a loss of control with taps vs span.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-82713478786092228842009-01-27T21:05:00.000-05:002009-01-27T21:05:00.000-05:00I was already a true believer in the tap, but had ...I was already a true believer in the tap, but had overlooked point 4. Excellent post, thanks!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-75493279118873398342009-01-27T14:20:00.000-05:002009-01-27T14:20:00.000-05:00Also, if you get dual monitor port taps, you can l...Also, if you get dual monitor port taps, you can let the network team use one and encourage them to monitor the network if they aren't. Convince them and they'll buy taps everytime they buy new network gear.Joehttps://www.blogger.com/profile/14998755598722686389noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-12419363384195483222009-01-27T14:18:00.000-05:002009-01-27T14:18:00.000-05:00I have zero failures or problems with NetOptics ta...I have zero failures or problems with NetOptics taps. I have had 4 instances when DataCom taps have brought down the network. I plugged into the monitor interface and noticed the network engineer did not mount the taps securely. This caused the poor quality power connector to briefly lose connection. This shouldn't have been a problem, but with the DataCom taps, it caused all the lights on the tap to go out. <BR/><BR/>Lesson learned: Some vendors lie about their products. Some don't. Go with what works and test it before deploying. NetOptics has never failed me. <BR/><BR/>Caveat: Maybe I received two bad Datacom taps and two bad Datacom tap power supplies that will lose power if you so much as sneeze at the tap.Joehttps://www.blogger.com/profile/14998755598722686389noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-6434276537562723372009-01-27T13:33:00.000-05:002009-01-27T13:33:00.000-05:00I agree with you, Richard. With only one caveat: s...I agree with you, Richard. With only one caveat: some tap models break the link down signal. In other words, these taps do not pass the port down status to adjacent switchesAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-52351510441119815992009-01-27T09:54:00.000-05:002009-01-27T09:54:00.000-05:00Taps should really be part of any network deployme...<I>Taps should really be part of any network deployment, especially at key points in the network.</I><BR/><BR/>I have to agree with you on this, taps are a must. Taps are all about "location, location, location", just like real estate.Anonymousnoreply@blogger.com