WHITE PAPER. Fail-Safe IPS Integration with Bypass Technology

Similar documents
WHITE PAPER. Monitoring Converged Networks: Link Aggregation

IXIA IBYPASS HD DATA SHEET PROBLEM: INLINE TOOLS ARE A SINGLE POINT OF FAILURE IN THE NETWORK

Ixia ibypass: Avoid 5 Common Security Risks in One Easy Step

IXIA FLEX TAP TM DATA SHEET PASSIVE NETWORK MONITORING KEY FEATURES HIGHLIGHTS

Ixia Net Optics ibypass 1Gb Fiber

APPLICATION NOTE IXIA NOVUS 25GE SPEED OPTION INDUSTRY SPECIFICATIONS AND INTEROPERABILITY OVERVIEW

Ixia Flex Tap PASSIVE NETWORK MONITORING HIGHLIGHTS KEY FEATURES. Data Sheet

IXIA PHANTOM VTAP WITH TAPFLOW FILTERING

WHITE PAPER. The Growing Impact of Social Networking Trends on Lawful Interception

GIGABIT ETHERNET XMVR LAN SERVICES MODULES

VISION ONE: SECURITY WITHOUT SACRIFICE

IXIA XSTREAM TM 40 DATA SHEET AGGREGATION, FILTERING, AND LOAD BALANCING FOR 10GBE/40GBE NETWORKS HIGHLIGHTS

Testing Enterprise WAN Applications Ixia Network Emulator Best Practices

CLOUDLENS PUBLIC, PRIVATE, AND HYBRID CLOUD VISIBILITY

IXIA NET TOOL OPTIMIZER 5204

WHITE PAPER. Use of Taps and Span Ports in Cyber Intelligence Applications

WI-FI AND LTE COEXISTENCE VALIDATION METHODS

3299 Rack Mount. Product Highlights. Multifunctional BypassP 2 Segment. Switching Fabric

CloudStorm TM 100GE Application and Security Test Load Module

NGY 10GE FUSION LOAD MODULES

Tipping Point. Introduction. Bypass Switch Operation SOLUTION BRIEF

Ixia Net Optics ilink Agg xstream

XGS2 CHASSIS PLATFORM

NETWORK VISIBILITY NETWORK PACKET BROKER COMPARISON TABLE KEY VISIBILITY ATTRIBUTES SYSTEM SPECIFICATIONS SYSTEM CAPACITY.

XGS2 CHASSIS PLATFORM

Nokia Intrusion Prevention with Sourcefire. Appliance Quick Setup Guide

Product Highlights. Multi-rate segments of multi-functional bypass and active Tap. Multifunctional BypassP 2 Segment.

XMVAE GIGABIT ETHERNET MODULES

2804 Hybrid Packet Broker

Optical Network Management System. Remote Testing, Network Monitoring, and Service Provisioning Solution for High-Quality Network Performance

EBOOK. Leveraging vsphere 5.0 For Optimal Visibility and Efficiency

RELEASE 6.6/6.7 EA RELEASE 6.8/6.9 EA RELEASE 6.10/6.10.1EA NEW FEATURES/ENHANCEMENTS IMPLEMENTED

IXIA NET TOOL OPTIMIZER 7300 CHASSIS FAMILY

Behavior-Based IDS: StealthWatch Overview and Deployment Methodology

Making Remote Network Visibility Affordable for the Distributed Enterprise

Maximizing visibility for your

Cisco FirePOWER 8000 Series Appliances

SINGLEstream Link Aggregation Tap (SS-100)

What is SD WAN and should I know or care about it? Ken LaMere Ecessa

More companies are turning to technology to help boost their bottom line

INSIDE. Symantec AntiVirus for Microsoft Internet Security and Acceleration (ISA) Server. Enhanced virus protection for Web and SMTP traffic

Device Management Basics

Cisco Stealthwatch Endpoint License

Device Management Basics

Information Infrastructure and Security. The value of smart manufacturing begins with a secure and reliable infrastructure

Why Real Testing Requires Emulation, Not Just Simulation for Layer 4-7

Symantec Network Security 7100 Series

Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide. Sourcefire Sensor on Nokia v4.8

How to properly deploy, configure and upgrade the NAB

The New Intelligent Network Building a Smarter, Simpler Architecture

Security Platform. Security. Availability. Manageability. Scalability.

Device Management Basics

DA-3400/DA-3600A Ethernet Analysis Real-time Monitoring and Testing

The State of Cloud Monitoring

STATE OF THE NETWORK STUDY

One Release. One Architecture. One OS. High-Performance Networking for the Enterprise with JUNOS Software

NetDetector The Most Advanced Network Security and Forensics Analysis System

INNOVATIVE SD-WAN TECHNOLOGY

IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions

McAfee Network Security Platform

C O M P E T E A T Y O U R P E A K

Network Security Platform Overview

Cisco ASA 5500 Series IPS Solution

5 Best Practices for Transitioning from Legacy Voice to VoIP and UC&C

NTT DATA Hokuriku Corporation in Hokuriku, Japan, a

Ixia xstream TM 10. Aggregation, Filtering, and Load Balancing for 1GbE/10GbE Networks. Aggregation and Filtering DATA SHEET

IPS Device Deployments and Configuration

Link Analyzer. Supports 10/100 Mbps RJ-45 UTP or LX/SX/T Gigabit Ethernet using hotswappable

IntellaFlex Packet Aggregation Switching Solutions

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

Ixia Net Optics Flex Tap TM

Traffic Management Solution: Allot NetEnforcer and Juniper Networks Session and Resource Control (SRC) Platform

RELEASE SUMMARY IXIA BREAKINGPOINT 8.10, 8.13, AND 8.20 FEATURES

IPS-1 Robust and accurate intrusion prevention

The Future of Threat Prevention

OSSIR. 8 Novembre 2005

White Paper. IxVeriWave Express Evaluation Test Plan

FUSION-ENABLED XCELLON-ULTRA NG

Ixia xbalancer. A Purpose-Built Load Balancer for 10G Networks. The Load Balancing Solution DATA SHEET. Highlights

Online Bank Secures Future Leadership

Observer Probe Family

DDoS MITIGATION BEST PRACTICES

Ethernet Wide Area Networking, Routers or Switches and Making the Right Choice

Gigabit Ethernet XMVR LAN Services Modules

Gigabit Ethernet XMVR LAN Services Modules

HMS Industrial Networks. Why it s time to move to PROFINET

Never Drop a Call With TecInfo SIP Proxy White Paper

Data Sheet: Endpoint Security Symantec Multi-tier Protection Trusted protection for endpoints and messaging environments

Network Security Protection Alternatives for the Cloud

Security Testing Summary of Konica Minolta bizhub vcare 2.8 Device Management and Communications System and Various bizhub Products

Intel PRO/1000 PT and PF Quad Port Bypass Server Adapters for In-line Server Appliances

Visual TruView Unified Network and Application Performance Management Focused on the Experience of the End User

Reduce Your Network's Attack Surface

Juniper Networks M-series and J-series Routers. M10i. Solution Brochure J4350. Internet. Regional Office/ Medium Central Site. Branch Office J2320

SECURITY PRACTICES OVERVIEW

WHITE PAPER Hybrid Approach to DDoS Mitigation

An Oracle White Paper October Minimizing Planned Downtime of SAP Systems with the Virtualization Technologies in Oracle Solaris 10

Brocade Fabric Vision Technology

Security for SIP-based VoIP Communications Solutions

Driving Network Visibility

Transcription:

WHITE PAPER Fail-Safe IPS Integration with Bypass Technology www.ixiacom.com 915-6907-01 Rev. A, July 2014

2

Table of Contents Summary... 4 Key Features... 4 Introduction... 4 The Challenge... 5 Industry Response to IPS Concerns... 5 The Net Optics Solution... 5 Features That Deliver... 5 Heartbeat... 6 Fast Path... 6 Software Management Tools... 6 Hardware Functionality... 7 Enhanced Information Visibility... 7 When All Else Fails... 7 References... 8 3

Summary Threats that require the installation, redeployment or upgrade of in-line IPS appliances often affect uptime on business critical links. Organizations are demanding solutions that prevent disruptive outages and provide an efficient return on investment for their IPS resources. Net Optics offers intelligent bypass solutions for a secure in-line deployment with remote control and monitoring. The ibypass Switch with Heartbeat technology protects against power, link, and application loss. SNMP and Web browser interfaces allow for remote management, providing access to baseline traffic statistics, alarms and utilization levels. Key Features Malicious and unpredictable attacks have become commonplace and have blurred the lines of responsibility between IT network and security organizations. Secure monitoring with any in-line appliance Protects against downtime due to power, link, and application failure Maintains link integrity during IPS redeployments and upgrades Remote control and monitoring from Web browser and SNMP interfaces Front panel LCD shows traffic utilization levels and peaks View basic traffic counters from remote interfaces Introduction The growth of the Internet is driving the need for global networks to connect businesses, organizations, and individuals together. The need to control and protect the flow of information has dramatically increased as well. Malicious and unpredictable attacks have become commonplace and have blurred the lines of responsibility between IT network and security organizations. As a result, both groups often deploy separate tools and monitoring devices on the same important, business-critical network links. Firewalls are security control points that can be either standalone devices or embedded in network routing equipment. Firewalls operate by applying a set of rules whereby packets are checked as they pass through the network. Since the networking team usually manages firewalls, the security team is often challenged in its efforts to stay abreast of changes to the network and the rules being applied. As threats and viruses became more prevalent and transparency became an issue, the need for more sophisticated and targeted security devices conflicted with the analysis equipment used by the network team. Intrusion-prevention system (IPS) appliances were developed to provide security teams with a device that could be placed in the direct flow of traffic within network links. An IPS not only notified network security administrators of suspicious activity, but could also respond to that activity by manipulating or blocking traffic. These devices were an improvement over firewall security measures because the IPS appliances allowed security managers to make real-time decisions based on application content rather than by IP address or port. Furthermore, most IPS appliances allow physical layer protocols and encrypted traffic to be monitored. 4

The Challenge Regardless of the type of monitoring device being placed in-line within a network link both the network and security teams encounter similar issues. Network outages and downtime are required to install a monitoring device, and if it fails or needs to be moved, the physical stream is once again interrupted. For most, introducing a recognized, potential point of failure into the network is a truly unacceptable solution. Creating a solution that addresses the concerns and connectivity issues experienced by both the network and security teams within an organization has become increasingly critical. Industry Response to IPS Concerns In response to these issues, the monitoring appliance vendors turned to Tap vendors to satisfy the need for passive in-line devices that help solve the problems that occur due to power loss, IPS malfunction or redeployment of the appliance. A device was needed that could be bundled with monitoring appliances and offered customers a tested solution the Bypass Switch. Common features would include dual power supplies, visual status indicators, dual network and IPS monitor ports. And, for optimum performance, a means to capture and provide reports on the health of the network would be essential. The Net Optics Solution Bypass Switches were created to remain in-line, copy traffic to the IPS, provide a path for the IPS to manipulate traffic, and maintain link continuity. Innovation came about by looking at the problem from multiple perspectives and combining features that address the following problems: Bypass Switches were created to remain in-line, copy traffic to the IPS, provide a path for the IPS to manipulate traffic, and maintain link continuity. The results of power loss at the Bypass Switch Power loss at the IPS The appliance being taken off-line for maintenance The effects of heavy traffic More recently, Net Optics, Inc. broadened the control functions of its switches by incorporating intelligent technology into the ibypass Switch, providing network security administrators with access to links and devices from remote locations and even greater visibility into operations via real-time statistics. Features That Deliver Based on passive, fail-open technology that regularly monitors traffic flow, ibypass Switches help security managers quickly identify link anomalies or device failures. Automated functionality ensures that information forwarded to an IPS is correct or not sent at all. 5

Heartbeat The Heartbeat feature sends customer-configurable packets to the IPS appliance continually verifying the state of the link between the IPS and the Switch. The frequency of the heartbeat and the type of heartbeat packet are customizable depending on appliance and network type. If the Bypass Switch does not receive a response packet from the IPS in a timely manner, the Switch becomes enabled (Bypass Mode) and reroutes traffic away from the IPS. As a result, security engineers have greater visibility into traffic loads and are assured improved reliability in the network. All models incorporate Fast Path switching technology for minimized packet loss in the event bypass mode is enabled. Fast Path All models incorporate Fast Path switching technology for minimized packet loss in the event bypass mode is enabled. Once an ibypass Switch is placed in-line and the IPS is connected to the switch, if a link failure is detected, the switch routes traffic through the switch rather than to the non-functioning link. If an IPS device ceases to function, the ibypass Switch automatically, and without disruption, routes network traffic, effectively bypassing the monitoring device. Software Management Tools The ibypass Switch also provides a spectrum of management tools that help to view and obtain statistics and control hardware from multiple locations. Basic network statistics and functions are accessible through the command line interface (CLI). However, intelligent IP and SNMP features enhance remote management operations through the use of Web Manager, System Manager, and Management Information Base tools. Web Manager is a browser-based tool that allows for the management of singular devices. No specialized software is required to change settings, view status, or change port connections. 6

The System Manager is a centralized software management tool that can be configured to access all intelligent devices in the network enabled by simple network management protocol (SNMP). All ibypass Switches and itaps can be grouped for optimum organization and easy monitoring. System Manager allows security administrators to view all status, configuration, and traffic information in real-time, as well as to quickly make changes to any switch or tap in the network. Organizations with existing SNMP tools in place or who wish to use an industry standard SNMP management platform can integrate the Net Optics Management Information Base into their own software. These software tools allow security managers to see into their networks as well as make changes from remote locations thereby providing easy access and control to the numerous links in the network. Engineers can now monitor and troubleshoot from a central location to keep the network up and running smoothly while the enterprise operates securely and efficiently. Hardware Functionality The failsafe, in-line technology available via ibypass Switches maintains seamless traffic flow when connected to the same power source as the IPS the traffic is not interrupted in the event of power loss. The front panel display and threshold alarm LEDs provide a continuous verification that utilization levels are not exceeding capacity of the IPS or a pre-determined level, or that an event has taken place that needs to be investigated. An LED shows whether traffic is going through the IPS or bypassing the IPS through the switch. Additional LEDs show power, speed, link, and activity status. Network utilization detail is important for seamless, reliable transmission of data throughout organizations. The added functionality in Net Optics ibypass Switches makes statistics about the physical stream available on a continuous basis byte counts, individual packet characteristics, packet size, and packet collisions. Packet loss, transmission latency, and errors identified by cyclic redundancy checks (CRC) are recorded as well. Engineers can now monitor and troubleshoot from a central location to keep the network up and running smoothly while the enterprise operates securely and efficiently. Net Optics ibypass Switches are available with copper or fiber optic interfaces for highspeed (Gigabit) networks. The 10/100/100BaseT ibypass is compatible with copper-based networks and monitoring devices. The GigaBit SX ibypass Switch incorporates SX and LX fiber optics interfaces. Enhanced Information Visibility Network information available from the front panel display, CLI, Web Manager, and System Manager includes the percent of network utilization, physical layer statistics, link activity, and power status to switches. The ibypass Switches have an early warning system threshold alarms that are visible on the front panel as LEDs and sent through the network to alert managers of bypass events. When All Else Fails In today s business-critical environments, 24/7 link uptime is not an option. It is a strategic imperative. The Net Optics ibypass Switches can be used in-line to protect critical links from downtime when disruptive power, link, or application events occur. The ibypass 7

Switch provides a permanent, flexible, and secure solution to minimize threats across the network. References 1. NSS Intrusion Prevention Systems (IPS), January 2004. Retrieved April 2007 from: http://www.nss.co.uk/whitepapers/intrusion_prevention_systems.htm 2. Bejtlich, Richard, April 2007, Bypass Switches Competitive Review, www.taosecurity. com 3. NSS Gigabit Intrusion Detection Systems (IDS), January 2004. Retrieved April 2007 from http://www.nss.co.uk/whitepapers/gigabit_ids.htm 8

9

WHITE PAPER Ixia Worldwide Headquarters 26601 Agoura Rd. Calabasas, CA 91302 (Toll Free North America) 1.877.367.4942 (Outside North America) +1.818.871.1800 (Fax) 818.871.1805 www.ixiacom.com Ixia European Headquarters Ixia Technologies Europe Ltd Clarion House, Norreys Drive Maidenhead SL6 4FL United Kingdom Sales +44 1628 408750 (Fax) +44 1628 639916 Ixia Asia Pacific Headquarters 21 Serangoon North Avenue 5 #04-01 Singapore 554864 Sales +65.6332.0125 Fax +65.6332.0127 915-6907-01 Rev. A, July 2014

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback