Upload
osborne-casey
View
216
Download
0
Tags:
Embed Size (px)
Citation preview
Net Optics Confidential and Proprietary
1
High-Availability Security Monitoring using Bypass Switches August, 2011
Intelligent Access and Monitoring Architecture Solutions
Net Optics Confidential and Proprietary
2
Guest Speakers
Lannie Rhodes – Product ManagerLannie spent 25 years as a hardware design engineer at Intel, Tandem computers, and several start-up companies before shifting to a product management role. In her three years at Net Optics, she has been instrumental in building the control product line, making key contributions in the Director, iLink Agg, and xBalancer families.
Lannie is also a writer; her booklets "Asic Basics" and "Developing Printed Circuit Assemblies" can be found on Amazon.com and Lulu.com. Her non-technical writing is published under the pen name Lannie Rose.
Daniel Aharon – Director of Access SolutionsDaniel’s background includes 20 years of experience in Enterprise software with a focus on application and transaction performance management and system management. Daniel has held leadership roles in Product Management, Engineering, and Business Development for market leaders such as Symantec, Veritas, OpTier and BMC.
Net Optics Confidential and Proprietary
3
Agenda
• Trends and challenges
• Highly reliable security monitoring
• How a Bypass Switch works
• High Availability Bypassing Configurations
• Net Optics Bypass Solutions
• Bypass Switch Benefits
Net Optics Confidential and Proprietary
5
The Security Monitoring Access Challenge
Deploy today’s sophisticated
security and compliance monitoring tools in-line in the network
while minimizing the risk of downtime
IPSDLPWAFDAMAPM NGF
Net Optics Confidential and Proprietary
6
Bypass switches provide fail-safe ports for in-line security devices
The Bypass Switch Solution
• Provides peace of mind when deploying new technology in-line
• Protects against power, link, and application failure
• Flexibility for testing, upgrades, and moves
• Fully passive –when Bypass Switch loses power, the link is still up
Normal Operation(Bypass Off)
Net Optics Confidential and Proprietary
7
Bypass switches provide fail-safe ports for in-line security devices
The Bypass Switch Solution
• Provides peace of mind when deploying new technology in-line
• Protects against power, link, and application failure
• Flexibility for testing, upgrades, and moves
• Fully passive –when Bypass Switch loses power, the link is still up
IPS Failure(Bypass On –
Fail OPEN)
Net Optics Confidential and Proprietary
8
Bypass switches provide fail-safe ports for in-line security devices
The Bypass Switch Solution
• Provides peace of mind when deploying new technology in-line
• Protects against power, link, and application failure
• Flexibility for testing, upgrades, and moves
• Fully passive –when Bypass Switch loses power, the link is still up
Normal Operation(Bypass Off)
Net Optics Confidential and Proprietary
9
Bypass switches provide fail-safe ports for in-line security devices
The Bypass Switch Solution
• Provides peace of mind when deploying new technology in-line
• Protects against power, link, and application failure
• Flexibility for testing, upgrades, and moves
• Fully passive –when Bypass Switch loses power, the link is still up
IPS Failure(Bypass On –Fail CLOSED)
Net Optics Confidential and Proprietary
10
What is a Tool Failure?
Bypass Switch triggers on
• Loss of link between Bypass Switch
and toolo Tool maintenance or redeployment
• Power loss to the Bypass Switch
• Heartbeat failureo Power loss to the toolo Tool dropping packets due to
oversubscriptiono Tool processing packets too slowlyo Tool software hungo Tool hardware failure
Net Optics Confidential and Proprietary
11
The Need for High Availability Monitoring
• If Bypass Switch fails OPEN to traffic,
can you tolerate passing traffic without
monitoring while a tool is down?
– Intrusions and other attacks
– Data loss
– Compliance issues
• If Bypass Switch fails CLOSED to
traffic, can you tolerate link down while
a tool is down?
– Loss of mission-critical applications
– Customers cannot be serviced
– $$$$$ impact
Net Optics Confidential and Proprietary
15
iBypass HD – Redundant Links & Tools
• Net Optics iBypass HD — High Density, eight Bypass Switches in a 1U appliance
• Four Dual Bypass Modules (DBMs)
o Configure DBM as two independent Bypass Switches
o Configure DBM as a single HA Bypass Switch with Tool redundancy and/or Link redundancy
o Configure as a Bypass Switch plus a Tap
Net Optics Confidential and Proprietary
16
iBypass HD Features
• Manual (forced) Bypass On mode
– Take tool offline immediately in case of emergency• Acts as a Tap when traffic is bypassing the tool
– Test signature set out in IDS mode • Dual Heartbeat packets check both directions of data flow• Link Fault Detection (LFD) — fault mirroring across Link• Bypass Detection — signals tool that bypass is engaged• Fail-open and fail-closed modes• Remote monitoring (RMON) traffic statistics• RADIUS and TACACS+ authentication and authorization• Dual hot-swappable AC or DC redundant power supplies
Fiber Copper
Net Optics Confidential and Proprietary
17
Tap Mode While Bypassing
• Bypass Switch acts as a full-duplex breakout Tap while in Bypass ON mode
– Use IPS as IDS to test new signature sets
– Use as Tap when you don’t need a Bypass Switch
Fiber Copper
Half-duplex mirrored traffic
Net Optics Confidential and Proprietary
18
Bypass Switch Benefits
• Protects links with IPSs and otherin-line security monitoring tools against
– Power failure (IPS or bypass switch)
– Tool failure (hardware, software hangs or slowdowns)
• Increases solution reliability by independently checking the IPS and supporting High Availability (HA) network architectures
• Provides capability to take tools offline instantly when problems occur
• Provides flexibility to remove IPSs without interrupting link traffic; also flexibility to use as Taps
• Increases traffic visibility with RMON traffic statistics and remote manageability
10GigaBit iBypass Switch
Net Optics Confidential and Proprietary
20
Question & Answer
Please post questions to either the Chat or Q&A window
To receive future invitations to our webinars, please sign up for our newsletter at the following URL: http://gurl.im/c2681zX