domain is known as the high side, and the less secure domain is the low side. Depending on the application, the
|
|
- Douglas Nash
- 8 years ago
- Views:
Transcription
1 Data diodes refer to unidirectional network links used in some high-security network architectures. This paper explains how data diodes are used to secure information and protect against intrusions; it also shows that Net Optics Taps and other monitoring access and control devices are, in fact, data diodes. The Highs and Lows of a Secure Environment When the highest possible data security is needed, an air gap is maintained between the secure domain and the rest of the world. The secure network domain simply has no physical connection to the outside world, so nothing can enter or leave by wire or wireless, only by sneaker net. ( Sneaker net means a person carrying a removable domain is known as the high side, and the less secure domain is the low side. Depending on the application, the not the other.) goal is to keep information secure within the high side. Figure 1 illustrates this type of application. In this case, leaving the defense contractor s network, satisfying the security requirement. However, the data diode does allow data from outside to move into the defense contractor s network so the contractor can receive important information from partners and suppliers. Traffic can flow in this direction data can be sent to the Defense Contractor High Side (More secure) Defense Contractor Internet Low Side (Less secure) Data Diode Traffic can NOT flow in this direction Defense Contractor s data is secure Figure 1: July
2 is to prevent intrusions and infections, but allow sharing of information from the high side. Figure 2 illustrates this type of application. In this case, a voting machine is connected through a data diode to the Internet, enabling the machine to send its vote count results to vote counting headquarters and to Web sites, while being completely secure from intruders hacking into the voting machine. Traffic can flow in this direction the Voting Machine can send vote counts to headquarters High Side (More secure) Voting Machine Internet Low Side (Less secure) Data Diode Traffic can NOT flow in this direction Intruders cannot hack into the Voting Machine Figure 2: How a Data Diode Works Full duplex fiber cable each direction of traffic flow has a dedicated fiber Return fiber broken. There is no path for data to flow from the switch to the router. Figure 3: July
3 If it is that easy to create a data diode, what are data diode vendors providing? It turns out that, in practice, protocols depend on two-way communication to establish and maintain connections. To take an example, you cannot get any data from to the Web site. For another example, if a TCP request does not receive an acknowledgement, the TCP connection terminates and no data is transferred. In order to make one-way communication work, a sophisticated data diode terminates the full duplex connection the proxy servers. This arrangement is illustrated in Figure 4. Data Diode Server Proxy Proxy Figure 4: Network Monitoring Taps Are Data Diodes (but Span ports are not!) Network monitoring applications use unidirectional communications intrinsically, because mirrored copies of network Network Taps are natural data diodes, and the most secure way to connect a monitoring tool to the network. Note Therefore, Span ports not suitable for high-security installations. Full Duplex Traffic Flow Net Optics Span Port Fiber Tap Mirrored Copy of Traffic One Way Traffic Flow Bidirectional Connection! Figure 5: Network taps are natural data diodes; switch Span ports are not! July
4 handshakes are expected from the monitoring tool. Therefore, proxy servers are not needed, and the simple data carry data from the tool to the Tap are completely absent. This can be seen in Figure 6. Fiber Tap Optical Splitter Optical Splitter No path for data to flow into the network link Monitoring Breakout Cable Figure 6: Network taps are natural data diodes The Fiber Tap is a device that consumes no power and needs no electricity. It is simply two optical splitters in a small chassis. Each splitter takes the signal being received at each network port and splits it in two, sending part of the signal down its usual path on the network, and the other part to the monitoring tool. To save space, the Fiber Tap provides a special monitoring breakout cable to break these two signals out to two standard duplex connectors which the network. The physics of the optical splitter guarantees that the signal will propagate towards the transmitting end July
5 Copper Taps Are Data Diodes Network Taps for copper media follow essentially the same topology as the Fiber Tap, as shown in Figure 7. Copper Tap No path for data to flow into the network link Figure 7: Network taps are natural data diodes Ethernet Physical Interfaces (s) negotiate which pins will be used for transmitting data and which for receiving Data Monitoring es and Network Controller es Are Data Diodes tool (or from the device s management interface, or from the device itself) to the inline network link. A sampling of Director TM ilink Agg TM Regeneration Taps TM itap TM July
6 Summary This paper has explained why data diodes are essential for creating completely secure network connections that access and control. Span ports, on the other hand, are n visibility including errors and malformed packets, totally passive behavior even when power fails, and never dropping topology, make Network Taps from Net Optics the best way to Tap into your Network. Sometimes Taps Are NOT Data Diodes As a rule, all Net Optics monitoring access and control devices are data diodes. But they say that rules are made to be broken, and the exception proves the rule. In this case, the exception is the Active Response Tap. This special type of Tap was created to meet the following customer requirement: When a monitoring Intrusion Detection System (IDS) detects certain types of illegal or unwanted network behavior, the IDS needs to be able to issue a TCP reset to the network to terminate the connection. The TCP reset is a normal set in the TCP header. In other words, the monitoring tool the IDS needs to be able to inject a packet onto the network. To meet this requirement, Net Optics developed the Active Response Tap, which is a copper Tap that has the and the connected. Active Response Taps are not data diodes, and therefore the possible security impacts should be evaluated carefully when choosing to use Active Response. But Active Response may not be the end of the story when it comes to Taps that are not data diodes. New applications are being invented that break the data diode model for monitoring access. One such invention is Link Layer Discovery Protocol (LLDP), which requires that every device, including monitoring access and control devices, must announce itself on the network to support auto-discovery of the network topology by network management systems. Like the Active Response case, LLDP requires that a small amount of traf- - rection into the network instead monitoring devices such as Intrusion Prevention Systems (IPSs) is another example where the data diode model is not appropriate. Therefore, Net Optics Bypass es, which create fail-safe ports for inline tools, are not data diodes. It will be interesting to see how the data diode model for monitoring access holds up as innovative new protocols and monitoring tools become part of the networking landscape. For further information about Network Taps and other data diode solutions: Net Optics, Inc Betsy Ross Drive Santa Clara, CA (408) info@netoptics.com Distributed by: Network Performance Channel GmbH Ohmstr Langen Germany T: netoptics@np-channel.com July
Efficient Network Monitoring Access
Abstract Organizations that rely on the reliability, security, and performance of their networks can no longer afford to wait for outages or security breaches to occur before installing test access points.
More informationNet Optics Learning Center Presents The Fundamentals of Passive Monitoring Access
Net Optics Learning Center Presents The Fundamentals of Passive Monitoring Access 1 The Fundamentals of Passiv e Monitoring Access Copy right 2006 Net Optics, Inc. Agenda Goal: Present an overview of Tap
More informationNet Optics and Cisco NAM
When Cisco decided to break its Network Analysis Module (NAM) out of the box and into a stand-alone appliance, they turned to Net Optics for monitoring access connectivity. Cisco NAM 2200 Series Cisco
More informationFail-Safe IPS Integration with Bypass Technology
Summary Threats that require the installation, redeployment or upgrade of in-line IPS appliances often affect uptime on business critical links. Organizations are demanding solutions that prevent disruptive
More informationNetwork Performance Channel
Network Performance Channel Net Optics Products Overview MIHAJLO PRERAD, Network Performance Channel GmbH Who we are Network Performance Channel GmbH Leading global value added distributor specialized
More informationInstallation Guide for. 10/100 to Triple-speed Port Aggregator. Model TPA-CU. 800-0045-001 Doc. PUBTPACUU Rev. 1, 12/08. In-Line
Installation Guide for 10/100 to Triple-speed Port Aggregator Model TPA-CU In-Line 800-0045-001 Doc. PUBTPACUU Rev. 1, 12/08 Contents Introduction.....................................................
More informationMonitoring Load Balancing in the 10G Arena: Strategies and Requirements for Solving Performance Challenges
2011 is the year of the 10 Gigabit network rollout. These pipes as well as those of existing Gigabit networks, and even faster 40 and 100 Gbps networks are under growing pressure to carry skyrocketing
More informationHow To Monitor A Network With A Network Probe
Network Monitoring and Analysis Techniques Using Taps and SPAN Switches Networks have evolved into complex structures supporting critical business processes and communications. As this complexity has increased,
More informationTable of Contents. Network Critical NA LLC Tel: 716-558-7280 37 Franklin Street, Suite 100 Email: sales-us@networkcritical.com
Product Catalog Table of Contents Breakout TAPs...1-3 Fixed Aggregating Portable TAP...4-5 V-Line TM (Bypass) Portable TAPS...6 Breakout Portable TAP...7 V-Line (Bypass) TAPs...8-9 Smart Network Access
More informationInstallation Guide for. 10/100BaseT Port Aggregator Tap with Active Response. Models PA-CU-AR, PAD-CU-AR. Doc. PUBPACUARU Rev.
Installation Guide for /0BaseT Port Aggregator Tap with Active Response Models PA-CU-AR, PAD-CU-AR Doc. PUBPACUARU Rev. 1, 06/06 /0 Port Aggregator Tap Contents Introduction.....................................................
More informationHIGH-PERFORMANCE SOLUTIONS FOR MONITORING AND SECURING YOUR NETWORK A Next-Generation Intelligent Network Access Guide OPEN UP TO THE OPPORTUNITIES
HIGH-PERFORMANCE SOLUTIONS FOR MONITORING AND SECURING YOUR NETWORK A Next-Generation Intelligent Network Access Guide OPEN UP TO THE OPPORTUNITIES Net Optics solutions dramatically increase reliability,
More informationInstallation Guide for GigaBit Fiber Port Aggregator Tap with SFP Monitor Ports
Installation Guide for GigaBit Fiber Port Aggregator Tap with SFP Monitor Ports (800-0037) Doc. PUBTPASXSFPU Rev., 07/08 Contents Introduction.... Key Features... Unpacking and Inspection....3 Product
More informationImplementing VoIP monitoring solutions. Deployment note
Implementing VoIP monitoring solutions Deployment note Introduction With VoIP being an integral part of modern day business communications, enterprises are placing greater emphasis on the monitoring and
More informationTaps vs. SPAN The Forest AND the Trees: Full Visibility into Today's Networks
WHITE PAPER Taps vs. SPAN The Forest AND the Trees: Full Visibility into Today's Networks www.ixiacom.com 915-3534-01 Rev. A, September 2015 2 Table of Contents The First Line of Defense: Access... 5 Problem
More informationDesigning Reliable IP/MPLS Core Transport Networks
Designing Reliable IP/MPLS Core Transport Networks Matthias Ermel Workshop ITG FG 5.2.1 14. November 2008 München Content 1. Introduction 2. Protection Mechanisms 3. Failure Detection Page 1 Architecture
More informationWHITE PAPER. Tap Technology Enables Healthcare s Digital Future
WHITE PAPER Tap Technology Enables Healthcare s Digital Future www.ixiacom.com 915-6912-01 Rev. A, July 2014 2 Table of Contents Executive Overview... 4 Introduction... 4 HIT s foundation... 5 Keeping
More informationHow To Use A Network Instrument Ntap
ntap Product Family Provides monitoring and security devices with complete visibility into full-duplex networks Network Instruments ntaps let you monitor and analyze full-duplex links. ntaps are critical
More informationInstallation Guide for Gig Zero Delay Tap and 10/100/1000BaseT Tap
Installation Guide for Gig Zero Delay Tap and 10/100/1000BaseT Tap 800-0150-001 Rev. F PUBTPCU3ZDU 8/10 Gig Zero Delay Tap PLEASE READ THESE LEGAL NOTICES CAREFULLY. By using a Net Optics Tap you agree
More informationHow To Use An Iboss For Free On A Network With A Network (Networking) On A Pc Or Mac Or Ipod On A Server (For A Pnet) On An Ipon (For Free) On Your Ipon On A
ently identify the user using their Active Directory credentials. Transparent Inline Filter (Recommended) Figure 1 FailSafe Bypass Interfaces are available. (Optional FailSafe and Fiber available) Figure
More informationtap into your network product brochure
tap into your network product brochure Leadership Net Optics is dedicated to helping customers obtain the highest efficiency from their networks. Our products help Network IT and security professionals
More informationSimplifying Data Center Network Architecture: Collapsing the Tiers
Simplifying Data Center Network Architecture: Collapsing the Tiers Abstract: This paper outlines some of the impacts of the adoption of virtualization and blade switches and how Extreme Networks can address
More informationNetwork Instruments white paper
Network Instruments white paper ANALYZING FULL-DUPLEX NETWORKS There are a number ways to access full-duplex traffic on a network for analysis: SPAN or mirror ports, aggregation TAPs (Test Access Ports),
More informationWHITE PAPER. Monitoring Load Balancing in the 10G Arena: Strategies and Requirements for Solving Performance Challenges
WHITE PAPER Monitoring Load Balancing in the 10G Arena: Strategies and Requirements for Solving Performance Challenges www.ixiacom.com 915-6914-01 Rev. A, July 2014 2 Table of Contents Load Balancing A
More informationAnalyzing Full-Duplex Networks
Analyzing Full-Duplex Networks There are a number ways to access full-duplex traffic on a network for analysis: SPAN or mirror ports, aggregation TAPs (Test Access Ports), or full-duplex TAPs are the three
More informationWhite Paper: Deploying Network Taps with Intrusion Detection Systems
Executive Summary Network Security is a large and growing area of concern for corporations. CERT Coordination Center records show 294,037 incidents reported between 2000 and 2003, with 137,529 incidents
More informationQuestion: 3 When using Application Intelligence, Server Time may be defined as.
1 Network General - 1T6-521 Application Performance Analysis and Troubleshooting Question: 1 One component in an application turn is. A. Server response time B. Network process time C. Application response
More informationSECURE WEB GATEWAY DEPLOYMENT METHODOLOGIES
WHITEPAPER In today s complex network architectures it seems there are limitless ways to deploy networking equipment. This may be the case for some networking gear, but for web gateways there are only
More informationStatic Load Balancers Implemented with Filters
www.netoptics.com 2 1 This application note explains the concept of static load balancing and illustrates how to create them using filters. ackground The purpose of load balancing in a network traffic
More informationDeploying Network Taps for improved security
DATACOM SYSTEMS INC Deploying Network Taps for improved security A guide to improving security visibility A DATACOM SYSTEMS WHITE PAPER Improve Visibility A network security detection and prevention scheme
More information13 Ways Through A Firewall
Industrial Control Systems Joint Working Group 2012 Fall Meeting 13 Ways Through A Firewall Andrew Ginter Director of Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright
More informationCriticalConneX. 10/100 CriticalTAP User Guide
Network Critical CriticalConneX 10/100 CriticalTAP User Guide CC1100: CriticalConneX TAP Module CC1100-P: CriticalConneX Portable TAP Models with Packet Injection permanently disabled: CC1100-S: CriticalConneX
More informationREMOTE MONITORING MATRIX
802.1ag/Y.1731 BASIC ADVANCED 802.3ah Link 802.1ag/Y.1731 RFC 2544 REMOTE MONITORING MATRIX Featuring a matrix of different features that will help you identify and select which Transition products best
More informationA-7: SPAN Out of the Box Wednesday June 16, 2010 1:15 pm 2:45 pm
A-7: SPAN Out of the Box Wednesday June 16, 2010 1:15 pm 2:45 pm John HE, Hardware Engineer Founder Dualcomm Technology, Inc. SHARKFEST 10 Stanford University June 14-17, 2010 Outline This presentation
More informationLife of a Packet CS 640, 2015-01-22
Life of a Packet CS 640, 2015-01-22 Outline Recap: building blocks Application to application communication Process to process communication Host to host communication Announcements Syllabus Should have
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationSecure Access Complete Visibility
PACKET CAPTURE APPLIANCE PACKET CAPTURE APPLIANCE PACKET CAPTURE APPLIANCE PACKET CAPTURE APPLIANCE Intrusion Detection Switch TAP Data Recorder VoIP Analyzer Switch Secure Access Complete Visibility Web
More informationUsing ODVA Common Industrial Protocol to Enhance Performance White Paper
Monitor & Control Multiple Groups Using ODVA Common Industrial Protocol to Enhance Performance White Paper Monitor & Control Multiple Groups Using ODVA Common Industrial Protocol to Enhance Performance
More informationLab VI Capturing and monitoring the network traffic
Lab VI Capturing and monitoring the network traffic 1. Goals To gain general knowledge about the network analyzers and to understand their utility To learn how to use network traffic analyzer tools (Wireshark)
More informationNetworking and High Availability
TECHNICAL BRIEF Networking and High Availability Deployment Note Imperva appliances support a broad array of deployment options, enabling seamless integration into any data center environment. can be configured
More informationNet Optics xbalancer and McAfee Network Security Platform Integration
Under the McAfee SIA Partner Program, Net Optics is integrating its xbalancer with the McAfee Network Security Platform (NSP). This partnership will enable mutual customers to realize the benefits of load
More informationHow To Create An Intelligent Infrastructure Solution
SYSTIMAX Solutions Intelligent Infrastructure & Security Using an Internet Protocol Architecture for Security Applications White Paper July 2009 www.commscope.com Contents I. Intelligent Building Infrastructure
More informationNetworking Devices. Lesson 6
Networking Devices Lesson 6 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Network Interface Cards Modems Media Converters Repeaters and Hubs Bridges and
More informationSave Budget Dollars using Smart Data Access Technology
Save Budget Dollars using Smart Data Access Technology Data Centers can benefit from Smart Data Access Technology Fall 2011 Copyright 2011. Network Critical NA LLC. All Rights Reserved. 1. The data center
More informationWHITE PAPER. Network Traffic Port Aggregation: Improved Visibility, Security, and Efficiency
WHITE PAPER Network Traffic Port Aggregation: Improved Visibility, Security, and Efficiency www.ixiacom.com 915-6893-01 Rev. A, July 2014 2 Table of Contents Summary... 4 Introduction... 4 Differing Goals
More informationTen top problems network techs encounter
Ten top problems network techs encounter Networks today have evolved quickly to include business critical applications and services, relied on heavily by users in the organization. In this environment,
More informationRegion 10 Videoconference Network (R10VN)
Region 10 Videoconference Network (R10VN) Network Considerations & Guidelines 1 What Causes A Poor Video Call? There are several factors that can affect a videoconference call. The two biggest culprits
More informationBIG-IP ASM plus ibypass Switch
White Pap er ibypass Switch maximizes application uptime. by F5 Networks and Net Optics Contents Introduction 3 How it works 4 Bypass Off 4 Bypass On 4 Heartbeat TM Packet 5 ibypass TM Switch 6 Media conversion
More informationSSVP SIP School VoIP Professional Certification
SSVP SIP School VoIP Professional Certification Exam Objectives The SSVP exam is designed to test your skills and knowledge on the basics of Networking and Voice over IP. Everything that you need to cover
More informationSTAR-GATE TM. Annex: Intercepting Packet Data Compliance with CALEA and ETSI Delivery and Administration Standards.
STAR-GATE TM Annex: Intercepting Packet Data Compliance with CALEA and ETSI Delivery and Administration Standards. In this document USA Tel: +1-703-818-2130 Fax: +1-703-818-2131 E-mail: marketing.citi@cominfosys.com
More informationThe OSI and TCP/IP Models. Lesson 2
The OSI and TCP/IP Models Lesson 2 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Introduction to the OSI Model Compare the layers of the OSI and TCP/IP
More informationDesign Guide. SYSTIMAX InstaPATCH 360 Traffic Access Point (TAP) Solution. www.commscope.com
Design Guide SYSTIMAX InstaPATCH 360 Traffic Access Point (TAP) Solution www.commscope.com Contents Introduction 3 How Does a TAP Work? 3 The TAP Ecosystem 4 InstaPATCH 360 TAP Module Family 4 InstaPATCH
More informationTechnical Note. ForeScout CounterACT: Virtual Firewall
ForeScout CounterACT: Contents Introduction... 3 What is the vfw?.... 3 Technically, How Does vfw Work?.... 4 How Does vfw Compare to a Real Firewall?.... 4 How Does vfw Compare to other Blocking Methods?...
More informationNetworking and High Availability
yeah SecureSphere Deployment Note Networking and High Availability Imperva SecureSphere appliances support a broad array of deployment options, enabling seamless integration into any data center environment.
More information13 Ways Through A Firewall What you don t know will hurt you
Scientech 2013 Symposium: Managing Fleet Assets and Performance 13 Ways Through A Firewall What you don t know will hurt you Andrew Ginter VP Industrial Security Waterfall Security Solutions andrew. ginter
More information3.1 TELECOMMUNICATIONS, NETWORKS AND THE INTERNET
3.1 TELECOMMUNICATIONS, NETWORKS AND THE INTERNET The Business Value of Telecommunications and Networking Business value impacts of the telecommunications and Networking are: Declining transaction costs
More informationIntroduction to computer networks and Cloud Computing
Introduction to computer networks and Cloud Computing Aniel Nieves-González Fall 2015 Computer Netwoks A computer network is a set of independent computer systems that are connected by a communication
More information100-101: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1)
100-101: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1) Course Overview This course provides students with the knowledge and skills to implement and support a small switched and routed network.
More informationForeScout CounterACT. Device Host and Detection Methods. Technology Brief
ForeScout CounterACT Device Host and Detection Methods Technology Brief Contents Introduction... 3 The ForeScout Approach... 3 Discovery Methodologies... 4 Passive Monitoring... 4 Passive Authentication...
More informationNetwork Design. Yiannos Mylonas
Network Design Yiannos Mylonas Physical Topologies There are two parts to the topology definition: the physical topology, which is the actual layout of the wire (media), and the logical topology, which
More informationArchitecture Overview
Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and
More informationINTELLIGENT ACCESS AND MONITORING ARCHITECTURE PRODUCT BROCHURE
INTELLIGENT ACCESS AND MONITORING ARCHITECTURE PRODUCT BROCHURE Innovation Our engineering team is dedicated to creating innovative products that help our customers achieve Intelligent Access and Monitoring
More informationInstallation Guide for GigaBit Fiber Port Aggregator Tap with SFP Monitor Ports
Installation Guide for Gigait Fiber Port ggregator Tap with SFP Monitor Ports Doc. PUPDSXSFPU Rev., 08/06 Gigait Fiber Port ggregator Tap Contents Introduction.....................................................
More informationEBOOK. The Network Comes of Age: Access and Monitoring at the Application Level
EBOOK The Network Comes of Age: Access and Monitoring at the Application Level www.ixiacom.com 915-6948-01 Rev. A, January 2014 2 Table of Contents How Flow Analysis Grows Into Total Application Intelligence...
More informationCriticalConneX. 100/1000 CriticalTAP User Guide
Network Critical CriticalConneX 100/1000 CriticalTAP User Guide CC1220, CC1225 & CC1230: CriticalConneX TAP Module CC1220-P, CC1225-P & CC1230-P: CriticalConneX Portable TAP Rev D - August 2007. Copyright
More informationPower over Ethernet technology for industrial Ethernet networks
Power over Ethernet technology for industrial Ethernet networks Introduction Ethernet networking has grown beyond office and home usage to become a very successful protocol suite used in many industrial
More informationCriticalConneX. 100/1000 CriticalTAP User Guide. CC1220-V: CriticalConneX TAP Module CC1220-VP: CriticalConneX Portable TAP
Network Critical CriticalConneX 100/1000 CriticalTAP User Guide CC1220-V: CriticalConneX TAP Module CC1220-VP: CriticalConneX Portable TAP CC1225-V: CriticalConneX TAP Module CC1225-VP: CriticalConneX
More informationLocal-Area Network -LAN
Computer Networks A group of two or more computer systems linked together. There are many [types] of computer networks: Peer To Peer (workgroups) The computers are connected by a network, however, there
More informationComputer Networks. Definition of LAN. Connection of Network. Key Points of LAN. Lecture 06 Connecting Networks
Computer Networks Lecture 06 Connecting Networks Kuang-hua Chen Department of Library and Information Science National Taiwan University Local Area Networks (LAN) 5 kilometer IEEE 802.3 Ethernet IEEE 802.4
More informationCSE 3461 / 5461: Computer Networking & Internet Technologies
Autumn Semester 2014 CSE 3461 / 5461: Computer Networking & Internet Technologies Instructor: Prof. Kannan Srinivasan 08/28/2014 Announcement Drop before Friday evening! k. srinivasan Presentation A 2
More informationR2. The word protocol is often used to describe diplomatic relations. How does Wikipedia describe diplomatic protocol?
Chapter 1 Review Questions R1. What is the difference between a host and an end system? List several different types of end systems. Is a Web server an end system? 1. There is no difference. Throughout
More informationActive Visibility for Multi-Tiered Security // Solutions Overview
Introduction Cyber threats are becoming ever more sophisticated and prevalent. Traditional security approaches such as firewalls and anti-virus protection are not equipped to mitigate and manage modern
More informationCTS2134 Introduction to Networking. Module 07: Wide Area Networks
CTS2134 Introduction to Networking Module 07: Wide Area Networks WAN cloud Central Office (CO) Local loop WAN components Demarcation point (demarc) Consumer Premises Equipment (CPE) Channel Service Unit/Data
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network
More informationCarrier Ethernet: New Game Plan for Media Converters
Introduction IEEE Std. 802.3ah, also referred to as Ethernet in the First Mile (EFM) standard, has a well established name within the industry today. It lays out ground rules for implementing Ethernet
More informationWeb Traffic Capture. 5401 Butler Street, Suite 200 Pittsburgh, PA 15201 +1 (412) 408 3167 www.metronomelabs.com
Web Traffic Capture Capture your web traffic, filtered and transformed, ready for your applications without web logs or page tags and keep all your data inside your firewall. 5401 Butler Street, Suite
More informationIntrusion Detection & SNORT. Fakrul Alam fakrul@bdhbu.com
Intrusion Detection & SNORT Fakrul Alam fakrul@bdhbu.com Sometimes, Defenses Fail Our defenses aren t perfect Patches weren t applied promptly enough Antivirus signatures not up to date 0- days get through
More informationFiber Distributed Data Interface
CHPTER 8 Chapter Goals Provide background information about FDDI technology. Explain how FDDI works. Describe the differences between FDDI and Copper Distributed Data Interface (CDDI). Describe how CDDI
More informationAruba Mobility Access Switch and Arista 7050S INTEROPERABILITY TEST RESULTS:
Aruba and INTEROPERABILITY TEST RESULTS: Aruba and Aruba and Table of Contents Executive summary 3 Scope and methodology 3 Interface connectivity 4 Port channels and link aggregation control protocol (LACP)
More informationSummitStack in the Data Center
SummitStack in the Data Center Abstract: This white paper describes the challenges in the virtualized server environment and the solution Extreme Networks offers a highly virtualized, centrally manageable
More informationAny-to-any switching with aggregation and filtering reduces monitoring costs
Any-to-any switching with aggregation and filtering reduces monitoring costs Summary Physical Layer Switches can filter and forward packet data to one or many monitoring devices. With intuitive graphical
More informationNETWORKING TECHNOLOGIES
NETWORKING TECHNOLOGIES (October 19, 2015) BUS3500 - Abdou Illia, Fall 2015 1 LEARNING GOALS Identify the major hardware components in networks. Identify and explain the various types of computer networks.
More informationCOMMAND YOUR DATA CENTER
Best Practices Guide I Data Center COMMAND YOUR DATA CENTER How to Thrive In the Changing Landscape The demands to virtualize, scale, and implement new applications while conducting security, forensics,
More informationBased on Computer Networking, 4 th Edition by Kurose and Ross
Computer Networks Ethernet Hubs and Switches Based on Computer Networking, 4 th Edition by Kurose and Ross Ethernet dominant wired LAN technology: cheap $20 for NIC first widely used LAN technology Simpler,
More informationObserver Probe Family
Observer Probe Family Distributed analysis for local and remote networks Monitor and troubleshoot vital network links in real time from any location Network Instruments offers a complete line of software
More informationChoosing Tap or SPAN for Data Center Monitoring
Choosing Tap or SPAN for Data Center Monitoring Technical Brief Key Points Taps are passive, silent, and deliver a perfect record of link traffic, but require additional hardware and create a point of
More informationCompTIA Network+ (Exam N10-005)
CompTIA Network+ (Exam N10-005) Length: Location: Language(s): Audience(s): Level: Vendor: Type: Delivery Method: 5 Days 182, Broadway, Newmarket, Auckland English, Entry Level IT Professionals Intermediate
More informationCS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013
CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access
More informationIP Link Best Practices for Network Integration and Security. Introduction...2. Passwords...4 ACL...5 VLAN...6. Protocols...6. Conclusion...
IP Link Best Practices for Network Integration and Security Table of Contents Introduction...2 Passwords...4 ACL...5 VLAN...6 Protocols...6 Conclusion...9 Abstract Extron IP Link technology enables A/V
More informationSummitStack in the Data Center
SummitStack in the Data Center Abstract: This white paper describes the challenges in the virtualized server environment and the solution that Extreme Networks offers a highly virtualized, centrally manageable
More informationSecurity Design. thm@informatik.uni-rostock.de http://wwwiuk.informatik.uni-rostock.de/
Security Design thm@informatik.uni-rostock.de http://wwwiuk.informatik.uni-rostock.de/ Content Security Design Analysing Design Requirements Resource Separation a Security Zones VLANs Tuning Load Balancing
More informationFlow Analysis Versus Packet Analysis. What Should You Choose?
Flow Analysis Versus Packet Analysis. What Should You Choose? www.netfort.com Flow analysis can help to determine traffic statistics overall, but it falls short when you need to analyse a specific conversation
More informationChapter 8: Computer Networking. AIMS The aim of this chapter is to give a brief introduction to computer networking.
Chapter 8: Computer Networking AIMS The aim of this chapter is to give a brief introduction to computer networking. OBJECTIVES At the end of this chapter you should be able to: Explain the following terms:
More informationNetwork Instruments white paper
Network Instruments white paper USING A NETWORK ANALYZER AS A SECURITY TOOL Network Analyzers are designed to watch the network, identify issues and alert administrators of problem scenarios. These features
More informationDHS ICSJWG Fall Conference 2011. Maintaining Necessary Information Paths Over Unidirectional Gateways
DHS ICSJWG Fall Conference 2011 Maintaining Necessary Information Paths Over Unidirectional Gateways Mohan Ramanathan Solutions Architect for Critical Infrastructure NitroSecurity Andrew Ginter Director
More informationEnhanced Visibility, Improved ROI
Abstract Enhanced Visibility, Improved ROI The IT Security/Network Infrastructure Management departments within an organization have access to some of the richest and most useful enterprise data. Because
More informationSECURITY FOR TODAY S PHYSICAL NETWORK AND DATA TRAFFIC
SECURITY FOR TODAY S PHYSICAL NETWORK AND DATA TRAFFIC End-to-end Infrastructure Protection for Institutions In the last few years, the demand for classified information experienced by many government
More informationLab Testing Summary Report
Key findings and conclusions: Lab Testing Summary Report March 2012 Report SR120222B AR s Access and Interconnection Vendor Tested: Dual 3G uplinks provide fully redundant WAN connectivity Interoperability
More informationChapter 7 Configuring Trunk Groups and Dynamic Link Aggregation
Chapter 7 Configuring Trunk Groups and Dynamic Link Aggregation This chapter describes how to configure trunk groups and 802.3ad link aggregation. Trunk groups are manually-configured aggregate links containing
More informationSSVVP SIP School VVoIP Professional Certification
SSVVP SIP School VVoIP Professional Certification Exam Objectives The SSVVP exam is designed to test your skills and knowledge on the basics of Networking, Voice over IP and Video over IP. Everything that
More information1.264 Lecture 37. Telecom: Enterprise networks, VPN
1.264 Lecture 37 Telecom: Enterprise networks, VPN 1 Enterprise networks Connections within enterprise External connections Remote offices Employees Customers Business partners, supply chain partners Patients
More information