www.networkcritical.com

Welcome

Bart Pellegrom Sales Director EMEA

Howtogainsecurenetwork

access

forsecurityandmonitoring

The Need for Access

Lets imagine you have acquired your shiny new monitoring or

expensive security appliance.

The Need for Access

You have done all the hard work and you are so proud that you

have maneged to utilize all your skills to get the best solution

possible.

The Need for Access

Then the next morning you open the BOX of your

new appliance and you start wondering!

How do I get my network traffic safely in to this appliance?

All kinds of questions start running

true your brain

• Maybe I need to monitor more links with one appliance

• Maybe I need only specific information out of the traffic

• Maybe I need the same traffic for more then one monitoring

tool

• Maybe I have multiple 1GIG liks and your tool is 10GIG

• How do I keep my network up and running when my

monitoring applaince fails or need to be serviced or updated?

Confident as you are you quickly think of a

solution

The best briljant idea you got is lets use a span/mirror port of a switch to

get the data to my appliance.

Then you start thinking again - (yes, you are very smart)

Wait a second, this is wrong because a switch is made for switiching so if

the switch is to bussy the first thing it will do is drop my monitoring data.

No good data no good monitoring outcome!

I only have one or 2 dedicated ports on a switch for this

There must be a better way!!

Then you remember the story of the Dutchman

about Network TAPs and Packet Brokers

What are TAPs

The highest priority we have is always make sure your main

link is up and running. Even if we fail we make sure your

main link is uninterrupted.

We can give you all the data where you want it and how

you want it. under all circumstances, even at high utilized

links

Filtered, non filtered, aggregated, multiplied and more.

LNK LNKACT ACT

A B

LNK LNKACT ACT

C D

110100101001010

101001010010110

111010101101101

010011011010001

011001011011011

101011

Router

Switch

LNK LNKACT ACT

A B

LNK LNKACT ACT

C D

110100101001010

101001010010110

111010101101101

010011011010001

011001011011011

101011

110100101001010

101001010010110

111010101101101

010011011010001

011001011011011

101011

Router

Switch

LNK LNKACT ACT

A B

LNK LNKACT ACT

C D

Switch

110100101001010

101001010010110

111010101101101

010011011010001

011001011011011

101011

110100101001010

101001010010110

111010101101101

010011011010001

011001011011011

101011

110100101001010

101001010010110

111010101101101

010011011010001

011001011011011

101011

110100101001010

101001010010110

111010101101101

010011011010001

011001011011011

101011

How safely connect your monitoring appliances

TAP MODES

Break-Out Aggregation Regeneration

Applications That Require Access

• Network Monitoring Solutions

- Netscout (Network General) Sniffer, Astellia,

- Compuware Network Vantage, Fluke – Visual Networks

- Niksun, Agilent, Tektroniks, Tekelec etc.

• IDS/IPS Security Solutions

- ISS/IBM, McAfee, TippingPoint

- FireEye

- Enterasys Dragon

- Sourcefire, Juniper

- Computer Associates

• VOIP Monitoring

- Witness Systems

• Content Filtering

- SurfControl, Websense

• Band Width & Traffic Management

- Packeteer

Smart Network Access (SmartNA-X™)

• The Smart Network Access (SmartNA-X™) chassis and module

based system is the most flexible and customizable TAP solution

available on the market today.

• All SmartNA-X™ Chassis are built to hold any SmartNA-X™ TAP

module. This flexibility allows you to customize your TAP solution to

your exact specifications, while still leaving room for expansion.

• All TAP modules are hot-swappable, fully configurable and available

with Copper, Single mode Fiber, Multi-mode Fiber or SFP cage ports.

SmartNA-X™

• World First easy to use web UI with click-n-drag port

mappings.

• Fail-safe ports

• Traffic replication and aggregation capabilities

• Flexible port maps

• Advanced packet filtering capabilities, including ability

to filter 10G traffic to continue using 1G tools

• Ability to aggregate 1G links to a 10G port

• SSL secured management interfaces

SmartNA-X 10G Network Access is a fully configurable filtering 10G TAP device that provides the following

advanced TAP features:

• SNMP remote status monitoring and alert notifications

• Local or external authentication and authorization via

RADIUS and TACACS+

• Hot-swappable TAP modules

• Optional dual independent PSUs for redundancy protection

against single point power failure

• Three user access levels: Administrator, Operator and

Auditor

SmartNA-X Intelligent Packet Processor (IPP) Card Module

Powerful and flexible Ethernet packet slicing, header stripping and payload

masking module.

• Remove any tunneling protocol to obtain

the un-tunneled traffic for further (filtering) Processing

• Such as GRE, GTP(U/C), RTP, VN-Tag, MPLS,

VX Lan, R-SPAN, VLAN

• Modify any bit or byte in the payload of a packet

• Automatically Recalculation of CRC

Traffic flows are internal to the SmartNA-X

and maps are created to and from other ports

in the system in the usual way.

Simply use the SmartNA-X filtering modules to filter the traffic after

modification

2 x 10GIG

Module

4 x 1G

Module

Simple the best GUI in the industry

Every king of the jungle can use it!

All ports can be set as TAP or in and out

Just Drag and Drop

Easy filtering

Safe access and safely store your config

SmartNA-X-HD Family

1/10/25/40/100GIG•48 Port Advanced Platform

• Mid-span Filtering, Load-balancing, packet slicing, header stripping, Smart Fabric, Single Pane of Glass

Mgmt..

• Hardware based

• Traffic Aggregation & Distribution

• Layer 2/3/4 intelligent filtering (2304 Filters)

• Full Line rate performance

• Software Upgradeable

• Intuitive WEBGUI, and Cisco-style CLI

• TACACS+ and RADIUS Secure Access

Then the story continues

Your boss has again a briljant Idea, he needs to be able to

block the unwanted traffic so he can keep hackers out of the

door. He wants an IPS (Intrusion Prevention System).

Your the man, so again you are in charge.

You start thinking again on what you need, again you find the

your shiny new expensive security appliance.

The story continues

You are more relaxing then last time and learned your lesson.

While relaxing, You start thinking; How do I connect this device.

Then somehow you think of the Dutchman again

SmartNA-X™ V-Line

SmartNA-X™ V-Line (By-Pass) Solutions

SmartNA™ V-Line Solutions provide network uptime

and availability for proactive in-line appliances.

What are In-Line Appliances?

In-line appliances proactively monitor live network traffic. These appliances will change the traffic based

on being a security device, content filtering device, bandwidth shaper, and/or firewall.

Intrusion Prevention

SystemsCisco IPS

Enterasys Dragon

Forescout

IBM: Internet Security

Systems (ISS)

Juniper

McAfee

NitroSecurity

Radware

Reflex

Sourcefire

TippingPoint

Bandwidth / Traffic

ManagementAnagran

Packeteer

Procera

Juniper IDP

Data Leakage PreventionCode Green Networks

Fidelis Security Systems

Reconnex

Tumbleweed

Voltage

Websense: Port Authority

Content/URL Filtering8e6

Surfcontrol

Websense

Proxy ServersBlue Coat

FirewallsCisco

Juniper

Symantec

Palo Alto

• Guaranteed Network Uptime

• NO Network Interruption

• Maintenance / Upgrade without network downtime

– Software Application Upgrades

– Security Patches / Updates

– Operating System (OS) Updates & Patches

Why you should use V-Line Solutions

V-Line Mode

LNK LNKACT ACT

A B

LNK LNKACT ACT

C D

110100101001010

101001010010110

111010101101101

010011011010001

011001011011011

101011

Router

Switch

During normal operation, network traffic is directed

through the In-Line Appliance as if it were installed in-line.

The monitoring ports inject heartbeat packets in between

the 2 monitoring ports, verifying the health of the In-line

appliance. The heartbeat packets are never introduced

into the live network.

V-Line™ mode is a way of safely deploying and

maintaining inline network appliances without risk of

downtime to the Live Network.

The TAP provides extra layers of failsafe for any inline

appliance, by continually checking throughput and

availability it can seamlessly switch the appliance into or

out of the network path; with the appliance now being

“Virtually In-Line” it can be freely reconfigured and

rebooted without affecting the Live Network link

We bring it all together where you

want it and how you want it

SinglePane

EnterpriseDeploymentFabric

1/10Gbps 1/10Gbps 1/10Gbps 1/10Gbps 1/10Gbps 1/10Gbps 1/10Gbps

TAP

IDS Forensic Analyser Analyser

Management

Wide range of solutions available

UniqueandflexibleModularSystem

SmartNA™ Funcionality VersionsSmartNA™ Expansion Control Modules

SmartNA™ Chassis

SmartNA™ TAP Modules

1U chassis ,20 Gigabit Aggregating, Regeneration, Filtering, Routing Backplane

SmartNA TM

SmartNA TM equals:

• Any to any, any to many, many to any, many to many

• 10/100/1000 Mb copper, Fiber and SFP’s

• Dual power supply (-48 Vdc or 110/220 Vac)

• Remote manageable

• Security (i.e. remote enable, disable ports)

• Up to 20 GB backplane, unique filtering possibilities

• Mix and Match – Hot swappable Modules

Fibre OpticalTAPs

• Zero Latency

• No Power

• 100% Safe

• Modular, up to 16 TAPs in a 1U rack

• Breakout Mode only

• Split Ratios: 50/50, 70/30, 60/40, 90/10

• SC and LC Connections

• 850, 1310, 1550 wavelengths

• 1G, 10G, 40G & 100G, OC3 – OC192

When you need the best and smartest way to

connect safely your monitoring and security

solutions call Network Critical

So remember

The Dutch do not have only tall sales guy’s

We also have great cheese and other stuff!!

Also remember

Hvala - Thank You!

Questions?