Whitepaper - Use of Taps and Span Ports in Cyber Intelligence Applications

®

White Paper

��

Use of Taps and Span Ports in Cyber Intelligence Applications

�� !��"�� #��"�#��$��"�%��"��&��"��'��'��'� ��'�� '�� '��'��"�� (��)��'��$�� "�� $��"�� "�� $��

*�� "��'�'��'' ��'�� "�� '��'�� '��$��'��"�� +'�� ,��,��,��"��-�� '��(�� .��'��'��"/��.��'��'�� 0 ��0 ��"��"��"��$�"��'��'��'��1��'�� /��2�� "��"�Terrorism Informatics��3��4�� 5��"�6778"��+�� (��'��'��$��'��'�� "��'��"��:��"��+'��'��"��"��'�� ;��'�� (�� '�� '�'��-�� 3�� '��0 �� '�� '��'��'��

Introduction��'��+��)�� <��<�� '��'��=>;3��"��'��;��"��'�� '��-��"��"�� '��

Switch

SwitchSwitch

Switch

Span Ports Mirror Traffic for Monitoring

Monitoring Device

Mirrored Traffic

®

Use of Taps and Span Ports in Cyber Intelligence ApplicationsWhite Paper

��

!�� "�� '�� '��(�� 5

� ?� (�� ?� (�� ?� (�� ?� (��'��'�

(��

Problem #1: Dropped Packets(�� '�� -�� '�'��"�� '��0 ��'�� ' �� ;��-�� @�� '��0 ��'�� @�� "�� -��"�� "�� A �� '�'��

��'��'�� "��'��2��"�� '�� '��;�� '��"�� @�� '�� @��

3��"�� '�� '�� ' �� -�� +�B�&�� "��B�&��@��C��: �� +�� +��B�&��E;3�� $��F7��(��"�� B7�&��"��@��'��+��'�� 2��"�� '�� A��"�� B��6��'��5��+'��"�� $��$�� "�� G��(�� '��=>;3��"��-��"�� '��"��'�� (��'�� '�� "��'�� '��:��+'��"�� A�� A��"�.HG��I��=>;3��'��"�� -�>��876�B0"��-�� J/� ��511��'��'1��1677K1781span��'��

�� ;�� '�� (��'��5

� ?� ��.-��'�� "�� '��'�� '�� -�� '��"/��G��A�C��"�� (��(��3�� L�� 511��'�� 1;��1,��N3�� N(��

®


��

� ?� ��;�� "�� '��'��'�� .�� /�� (��'��'�� -(�L�� A��2 ��"�.�� -��'��-� �� ,�� ,�� "�� '�� '�� 2��'�'�� '��/� ��511�� '1677K1B61�+��''��'��

� ?� ��!��-�� "�� '�� "��'�� @��'��-��$��"�� '�� $�� A��"��'�� '��'��

� ?� ��"��$"��"��"��"��3�� '�$�� 0 ��'��-�� '�'�� "�� '��

� ?� ��"��"�"��!��-�� '��"�� @�� '� �� "�� '�' ��' ��0 �� '�'�� "�� +�� J

-�� '�� "�� OF77�� '��5�.�� '�� 0 ��*��A�� /� ��511��'1��1!�1�� 1��1��1��K781�� N��N��7QB8O7787BF�OB6��'�R��8�B�

Problem #3: Vulnerability to Attack �� "��'��'��2��"��'�� "��'��'��'��'��'��3-��'��,�� "��'��"�� (��"�� -��'��'�� "�� '��@��L;��"�� $�� @��

��%��""�!�;��'�� '�'��5�(��'��@��:��+'��"�&��'��"��,�� "��"�.��'��'��"��UF77��@��"�� /��511��'��'1��1677K1781��'��(��'�� '��"��'�� '��-��'��'��

®


��

�� &��!�(��'�� '�'��"�� +�� A�C��''�� (�� (��B77�� '��'��*��(�� '�� '��"�� B��6��(�� '��'�� *��(�� "��(�� )��(��(�� '��5

?� (��'��+�� "�� B��6�� '��'�� "��'�� (��

?� (��0 �� *��(�� "�'�� "�� ?� (�� (��-E�� '"�� C�� '��-��"��(�� '��'�� "�� .��/�'�� ?� (��'��(�� "��

(�� "�'��3��'�� 0 �� '��

� ?� Regeneration Taps�� ' �� ' ��' �� '��' �� 4� �� '�'�� '�� $�� ?� Aggregator Taps��'��'�� +�� '�' �� 3-��'��3�� +��'�� ?� &��!�'�"��"� ��"��'��'�� (�E��"�� -�LE�'��"��;�>�� (�� -�� ;��G��(�� +��(��.��/�� ?� iTaps��'��'��'��'�� "�� $��G�'��'��'��0 ��-E��"� � � � �� "��2"�2((E�"��'��

Monitoring Device

Fully passive fiber network Tap with optical splitters

SwitchSwitchFirewall

Network Tap

®


��

?� (��!��"��(�� '�� '��L��(�� :E��W:E��'�� ''��'�� '��(��'�B7� � � &��B�&��B�&��B7�&�� ?� Filter Taps��'�� "�� -E��"�=>;3�"��"��"�' �� "��'��'�� :��+'��"��3��*��L�� "��"��'��'��'��"��'��"�� ?� Bypass Switches�� '��

(��(��'�� "��"�� "�>;3"�� L��;��E��'��L;E��'��"�� '��E��'�� '�'��(��L;E��"��"�� '��"��'' �� '��'��'��

Forensic

Forensic

IDS

AnalyzerAnalyzer

Integrated Monitoring Access Platform Based On Tap Technology

Analyzer

WIFI

IPS

RMON

RMONON

OFF

Network Tap

Matrix Switch

Link Aggregator

Director™

iBypass Switch

Regeneration Tap™

iTap™

alyzer

Analyzer

na

RMON

An

RMON

RMON

Analyzer

RMON

IPS

M

alyzer

M

IDS

Analyzer

IDS

R

Network

Ana

FForensic

Internet

IDS

IPS

AnalyzerAnalyze

RMON

Analyzer

RMON

Forensic

Analyzer

ForensicIDSIDS

IPS

IDS

ForensicForensic

er SIDSrTap

®


- 6 -

Disclaimer: Information contained herein is the sole and exclusive property of Net Optics Inc. Your retention, possession or use of this information constitutes

your acceptance of these terms. Please note that the sender accepts no responsibility for viruses and it is your responsibility to scan attachments (if any).

Conclusion

seven key characteristics: monitored, inventoried, controlled, claimed, minimized, assessed, and current. (http://taosecurity.blogspot.com/2008/01/defensible-network-architecture-20.html) Utilizing Span ports for counter-terrorism monitoring access is placing that building block on a weak foundation, subject to

integrated within the network architecture, is an alternate access approach that provides a solid base on which to build your network’s security and counter-terrorism applications.

For further information about Tap technology for security applications:

http://www.netoptics.comNet Optics, Inc.5303 Betsy Ross DriveSanta Clara, CA 95054(408) [email protected]

BRAIN FORCE Software GmbHOhmstr. 1263225 Langen (near Frankfurt/M.)Germany

Tel.: +49 6103 906-767Fax: +49 6103 906-789

[email protected]://www.network-taps.eu

Distributed by

Whitepaper - Use of Taps and Span Ports in Cyber Intelligence Applications

Documents

Transcript of Whitepaper - Use of Taps and Span Ports in Cyber Intelligence Applications