Successfully reported this slideshow.
High-Availability Security Monitoring using Bypass Switches  August,  2011 Intelligent Access and Monitoring Architecture ...
Guest Speakers <ul><li>Lannie Rhodes – Product Manager </li></ul><ul><li>Lannie spent 25 years as a hardware design engine...
Agenda <ul><li>Trends and challenges </li></ul><ul><li>Highly reliable security monitoring </li></ul><ul><li>How a Bypass ...
Network Security Trends
The Security Monitoring Access Challenge <ul><li>Deploy today’s sophisticated </li></ul><ul><li>security and compliance mo...
<ul><ul><ul><ul><li>Bypass switches provide fail-safe ports for in-line security devices </li></ul></ul></ul></ul>The Bypa...
<ul><ul><ul><ul><li>Bypass switches provide fail-safe ports for in-line security devices </li></ul></ul></ul></ul>The Bypa...
<ul><ul><ul><ul><li>Bypass switches provide fail-safe ports for in-line security devices </li></ul></ul></ul></ul>The Bypa...
<ul><ul><ul><ul><li>Bypass switches provide fail-safe ports for in-line security devices </li></ul></ul></ul></ul>The Bypa...
What is a Tool Failure? <ul><li>Bypass Switch triggers on </li></ul><ul><li>Loss of link between Bypass Switch and tool </...
The Need for High Availability Monitoring <ul><li>If Bypass Switch fails  OPEN  to traffic, can you tolerate passing traff...
Redundant Tools Protect Against Tool Failure
Redundant Links Protect Against Link Failure
Redundant Tools and Links Together
iBypass HD – Redundant Links & Tools <ul><li>Net Optics iBypass HD — High Density, eight Bypass Switches in a 1U appliance...
iBypass HD Features <ul><ul><li>Manual (forced) Bypass On mode </li></ul></ul><ul><ul><li>–  Take tool offline immediately...
Tap Mode While Bypassing <ul><ul><li>Bypass Switch acts as a full-duplex breakout Tap while in Bypass ON mode </li></ul></...
Bypass Switch Benefits <ul><ul><li>Protects links with IPSs and other in-line security monitoring tools against </li></ul>...
Bypass Switch Interface 10GigaBit iBypass Switch
Question & Answer <ul><li>Please post questions to either the Chat or Q&A window </li></ul><ul><li>To receive future invit...
Thank You! Net Optics, Inc. www.netoptics.com 408.737.7777
Upcoming SlideShare
Loading in …5
×

High-Availability Security Monitoring Using Bypass Switches

2,091 views

Published on

As network security threats continue to multiply, so do the tools to battle them: firewalls, activity monitors, intrusion prevention systems (IPSs) and so forth. To defend your network, you need a reliable arsenal of these tools, but what if one of them stops performing?


Presented by Net Optics' Product Manager Lannie Rhodes and Director of Access Solutions Daniel Aharon this webinar dives into the rising security challenges facing your network and cover the latest trends in defending against them. Additionally, we discuss:

Advantages of utilizing a Bypass Switch to protect your network against security tool failure
Methods for developing monitoring redundancies for supporting uptime Service Level Agreements
Best Practices for maximizing your High Availability Networks

Published in: Technology, Business
  • Be the first to comment

High-Availability Security Monitoring Using Bypass Switches

  1. 1. High-Availability Security Monitoring using Bypass Switches August, 2011 Intelligent Access and Monitoring Architecture Solutions
  2. 2. Guest Speakers <ul><li>Lannie Rhodes – Product Manager </li></ul><ul><li>Lannie spent 25 years as a hardware design engineer at Intel, Tandem computers, and several start-up companies before shifting to a product management role. In her three years at Net Optics, she has been instrumental in building the control product line, making key contributions in the Director, iLink Agg, and xBalancer families. </li></ul><ul><li>Lannie is also a writer; her booklets &quot;Asic Basics&quot; and &quot;Developing Printed Circuit Assemblies&quot; can be found on Amazon.com and Lulu.com. Her non-technical writing is published under the pen name Lannie Rose. </li></ul><ul><li>Daniel Aharon – Director of Access Solutions </li></ul><ul><li>Daniel’s background includes 20 years of experience in Enterprise software with a focus on application and transaction performance management and system management. Daniel has held leadership roles in Product Management, Engineering, and Business Development for market leaders such as Symantec, Veritas, OpTier and BMC. </li></ul>
  3. 3. Agenda <ul><li>Trends and challenges </li></ul><ul><li>Highly reliable security monitoring </li></ul><ul><li>How a Bypass Switch works </li></ul><ul><li>High Availability Bypassing Configurations </li></ul><ul><li>Net Optics Bypass Solutions </li></ul><ul><li>Bypass Switch Benefits </li></ul>
  4. 4. Network Security Trends
  5. 5. The Security Monitoring Access Challenge <ul><li>Deploy today’s sophisticated </li></ul><ul><li>security and compliance monitoring tools in-line in the network </li></ul><ul><li>while minimizing the risk of downtime </li></ul>IPS DLP WAF DAM APM NGF
  6. 6. <ul><ul><ul><ul><li>Bypass switches provide fail-safe ports for in-line security devices </li></ul></ul></ul></ul>The Bypass Switch Solution <ul><li>Provides peace of mind when deploying new technology in-line </li></ul><ul><li>Protects against power, link, and application failure </li></ul><ul><li>Flexibility for testing, upgrades, and moves </li></ul><ul><li>Fully passive –when Bypass Switch loses power, the link is still up </li></ul>Normal Operation (Bypass Off)
  7. 7. <ul><ul><ul><ul><li>Bypass switches provide fail-safe ports for in-line security devices </li></ul></ul></ul></ul>The Bypass Switch Solution <ul><li>Provides peace of mind when deploying new technology in-line </li></ul><ul><li>Protects against power, link, and application failure </li></ul><ul><li>Flexibility for testing, upgrades, and moves </li></ul><ul><li>Fully passive –when Bypass Switch loses power, the link is still up </li></ul>IPS Failure (Bypass On – Fail OPEN)
  8. 8. <ul><ul><ul><ul><li>Bypass switches provide fail-safe ports for in-line security devices </li></ul></ul></ul></ul>The Bypass Switch Solution <ul><li>Provides peace of mind when deploying new technology in-line </li></ul><ul><li>Protects against power, link, and application failure </li></ul><ul><li>Flexibility for testing, upgrades, and moves </li></ul><ul><li>Fully passive –when Bypass Switch loses power, the link is still up </li></ul>Normal Operation (Bypass Off)
  9. 9. <ul><ul><ul><ul><li>Bypass switches provide fail-safe ports for in-line security devices </li></ul></ul></ul></ul>The Bypass Switch Solution <ul><li>Provides peace of mind when deploying new technology in-line </li></ul><ul><li>Protects against power, link, and application failure </li></ul><ul><li>Flexibility for testing, upgrades, and moves </li></ul><ul><li>Fully passive –when Bypass Switch loses power, the link is still up </li></ul>IPS Failure (Bypass On – Fail CLOSED)
  10. 10. What is a Tool Failure? <ul><li>Bypass Switch triggers on </li></ul><ul><li>Loss of link between Bypass Switch and tool </li></ul><ul><ul><ul><li>Tool maintenance or redeployment </li></ul></ul></ul><ul><li>Power loss to the Bypass Switch </li></ul><ul><li>Heartbeat failure </li></ul><ul><ul><ul><li>Power loss to the tool </li></ul></ul></ul><ul><ul><ul><li>Tool dropping packets due to oversubscription </li></ul></ul></ul><ul><ul><ul><li>Tool processing packets too slowly </li></ul></ul></ul><ul><ul><ul><li>Tool software hung </li></ul></ul></ul><ul><ul><ul><li>Tool hardware failure </li></ul></ul></ul>
  11. 11. The Need for High Availability Monitoring <ul><li>If Bypass Switch fails OPEN to traffic, can you tolerate passing traffic without monitoring while a tool is down? </li></ul><ul><ul><ul><ul><li>Intrusions and other attacks </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Data loss </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Compliance issues </li></ul></ul></ul></ul><ul><li>If Bypass Switch fails CLOSED to traffic, can you tolerate link down while a tool is down? </li></ul><ul><ul><ul><ul><li>Loss of mission-critical applications </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Customers cannot be serviced </li></ul></ul></ul></ul><ul><ul><ul><ul><li>$$$$$ impact </li></ul></ul></ul></ul>
  12. 12. Redundant Tools Protect Against Tool Failure
  13. 13. Redundant Links Protect Against Link Failure
  14. 14. Redundant Tools and Links Together
  15. 15. iBypass HD – Redundant Links & Tools <ul><li>Net Optics iBypass HD — High Density, eight Bypass Switches in a 1U appliance </li></ul><ul><li>Four Dual Bypass Modules (DBMs) </li></ul><ul><ul><ul><li>Configure DBM as two independent Bypass Switches </li></ul></ul></ul><ul><ul><ul><li>Configure DBM as a single HA Bypass Switch with Tool redundancy and/or Link redundancy </li></ul></ul></ul><ul><ul><ul><li>Configure as a Bypass Switch plus a Tap </li></ul></ul></ul>
  16. 16. iBypass HD Features <ul><ul><li>Manual (forced) Bypass On mode </li></ul></ul><ul><ul><li>– Take tool offline immediately in case of emergency </li></ul></ul><ul><ul><li>Acts as a Tap when traffic is bypassing the tool </li></ul></ul><ul><ul><li>– Test signature set out in IDS mode </li></ul></ul><ul><ul><li>Dual Heartbeat packets check both directions of data flow </li></ul></ul><ul><ul><li>Link Fault Detection (LFD) — fault mirroring across Link </li></ul></ul><ul><ul><li>Bypass Detection — signals tool that bypass is engaged </li></ul></ul><ul><ul><li>Fail-open and fail-closed modes </li></ul></ul><ul><ul><li>Remote monitoring (RMON) traffic statistics </li></ul></ul><ul><ul><li>RADIUS and TACACS+ authentication and authorization </li></ul></ul><ul><ul><li>Dual hot-swappable AC or DC redundant power supplies </li></ul></ul>Fiber Copper
  17. 17. Tap Mode While Bypassing <ul><ul><li>Bypass Switch acts as a full-duplex breakout Tap while in Bypass ON mode </li></ul></ul><ul><ul><li>– Use IPS as IDS to test new signature sets </li></ul></ul><ul><ul><li>– Use as Tap when you don’t need a Bypass Switch </li></ul></ul>Fiber Copper Half-duplex mirrored traffic
  18. 18. Bypass Switch Benefits <ul><ul><li>Protects links with IPSs and other in-line security monitoring tools against </li></ul></ul><ul><ul><ul><ul><li>Power failure (IPS or bypass switch) </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Tool failure (hardware, software hangs or slowdowns) </li></ul></ul></ul></ul><ul><ul><li>Increases solution reliability by independently checking the IPS and supporting High Availability (HA) network architectures </li></ul></ul><ul><ul><li>Provides capability to take tools offline instantly when problems occur </li></ul></ul><ul><ul><li>Provides flexibility to remove IPSs without interrupting link traffic; also flexibility to use as Taps </li></ul></ul><ul><ul><li>Increases traffic visibility with RMON traffic statistics and remote manageability </li></ul></ul>10GigaBit iBypass Switch
  19. 19. Bypass Switch Interface 10GigaBit iBypass Switch
  20. 20. Question & Answer <ul><li>Please post questions to either the Chat or Q&A window </li></ul><ul><li>To receive future invitations to our webinars, please sign up for our newsletter at the following URL: http://gurl.im/c2681zX </li></ul>
  21. 21. Thank You! Net Optics, Inc. www.netoptics.com 408.737.7777

×