Net Optics Confidential and Proprietary 1 High-Availability Security Monitoring using Bypass Switches August, 2011 Intelligent Access and Monitoring Architecture

Net Optics Confidential and Proprietary

1

High-Availability Security Monitoring using Bypass Switches August, 2011

Intelligent Access and Monitoring Architecture Solutions


2

Guest Speakers

Lannie Rhodes – Product ManagerLannie spent 25 years as a hardware design engineer at Intel, Tandem computers, and several start-up companies before shifting to a product management role. In her three years at Net Optics, she has been instrumental in building the control product line, making key contributions in the Director, iLink Agg, and xBalancer families.

Lannie is also a writer; her booklets "Asic Basics" and "Developing Printed Circuit Assemblies" can be found on Amazon.com and Lulu.com. Her non-technical writing is published under the pen name Lannie Rose.

Daniel Aharon – Director of Access SolutionsDaniel’s background includes 20 years of experience in Enterprise software with a focus on application and transaction performance management and system management. Daniel has held leadership roles in Product Management, Engineering, and Business Development for market leaders such as Symantec, Veritas, OpTier and BMC.


3

Agenda

• Trends and challenges

• Highly reliable security monitoring

• How a Bypass Switch works

• High Availability Bypassing Configurations

• Net Optics Bypass Solutions

• Bypass Switch Benefits


4

Network Security Trends


5

The Security Monitoring Access Challenge

Deploy today’s sophisticated

security and compliance monitoring tools in-line in the network

while minimizing the risk of downtime

IPSDLPWAFDAMAPM NGF


6

Bypass switches provide fail-safe ports for in-line security devices

The Bypass Switch Solution

• Provides peace of mind when deploying new technology in-line

• Protects against power, link, and application failure

• Flexibility for testing, upgrades, and moves

• Fully passive –when Bypass Switch loses power, the link is still up

Normal Operation(Bypass Off)


7







IPS Failure(Bypass On –

Fail OPEN)


8







Normal Operation(Bypass Off)


9







IPS Failure(Bypass On –Fail CLOSED)


10

What is a Tool Failure?

Bypass Switch triggers on

• Loss of link between Bypass Switch

and toolo Tool maintenance or redeployment

• Power loss to the Bypass Switch

• Heartbeat failureo Power loss to the toolo Tool dropping packets due to

oversubscriptiono Tool processing packets too slowlyo Tool software hungo Tool hardware failure


11

The Need for High Availability Monitoring

• If Bypass Switch fails OPEN to traffic,

can you tolerate passing traffic without

monitoring while a tool is down?

– Intrusions and other attacks

– Data loss

– Compliance issues

• If Bypass Switch fails CLOSED to

traffic, can you tolerate link down while

a tool is down?

– Loss of mission-critical applications

– Customers cannot be serviced

– $$$$$ impact


12

Redundant Tools Protect Against Tool Failure


13

Redundant Links Protect Against Link Failure


14

Redundant Tools and Links Together


15

iBypass HD – Redundant Links & Tools

• Net Optics iBypass HD — High Density, eight Bypass Switches in a 1U appliance

• Four Dual Bypass Modules (DBMs)

o Configure DBM as two independent Bypass Switches

o Configure DBM as a single HA Bypass Switch with Tool redundancy and/or Link redundancy

o Configure as a Bypass Switch plus a Tap


16

iBypass HD Features

• Manual (forced) Bypass On mode

– Take tool offline immediately in case of emergency• Acts as a Tap when traffic is bypassing the tool

– Test signature set out in IDS mode • Dual Heartbeat packets check both directions of data flow• Link Fault Detection (LFD) — fault mirroring across Link• Bypass Detection — signals tool that bypass is engaged• Fail-open and fail-closed modes• Remote monitoring (RMON) traffic statistics• RADIUS and TACACS+ authentication and authorization• Dual hot-swappable AC or DC redundant power supplies

Fiber Copper


17

Tap Mode While Bypassing

• Bypass Switch acts as a full-duplex breakout Tap while in Bypass ON mode

– Use IPS as IDS to test new signature sets

– Use as Tap when you don’t need a Bypass Switch

Fiber Copper

Half-duplex mirrored traffic


18

Bypass Switch Benefits

• Protects links with IPSs and otherin-line security monitoring tools against

– Power failure (IPS or bypass switch)

– Tool failure (hardware, software hangs or slowdowns)

• Increases solution reliability by independently checking the IPS and supporting High Availability (HA) network architectures

• Provides capability to take tools offline instantly when problems occur

• Provides flexibility to remove IPSs without interrupting link traffic; also flexibility to use as Taps

• Increases traffic visibility with RMON traffic statistics and remote manageability

10GigaBit iBypass Switch


19

Bypass Switch Interface

10GigaBit iBypass Switch


20

Question & Answer

Please post questions to either the Chat or Q&A window

To receive future invitations to our webinars, please sign up for our newsletter at the following URL: http://gurl.im/c2681zX


21

Net Optics, Inc.www.netoptics.com408.737.7777

Thank You!

Documents

Net Optics Confidential and Proprietary 1 High-Availability Security Monitoring using Bypass Switches August, 2011 Intelligent Access and Monitoring Architecture