Now that we’ve gone over some reasons why you want to utilize network TAPs in your network, the next logical question that comes to mind is, Where do you TAP your network?
Some people will say you should TAP every link in your network, but I know that’s not a feasible option for many companies. Instead, you should work with your Network TAP vendor to design a strategy that will provide complete network visibility, while adhering to your budget. When designing a new network, one idea to keep in mind is that even if you aren’t planning on deploying a monitoring device in a specific part of the network today, including a TAP in the design can speed up future deployment, troubleshooting, as well as quickly pinpoint the source of any issue that may cause enterprise disruption. With that in mind, Garland Technology recommends 3 places to TAP your network: the Physical Layer, the Edge of the Network, and the Data Center Core.
The Physical Layer
Using Network TAPs in the physical layer, often called the access layer, will provide 100% visibility for your out-of-band monitoring tools like Wireshark, network analyzers, DPIs, and lawful intercept applications. Out-of-band monitoring devices aren’t effective if they don’t see 100% of the network traffic that can then be compared to your network’s normal baseline. By placing TAPs strategically throughout the physical layer, you can compare traffic to the baseline to not only help spot suspicious activity, but ensure your monitoring tools are deployed properly.
The Network’s Edge
The edge of the network is where the battle for network security takes place. By using network TAPs at the edge, you ensure 100% uptime for inline security tools (and it’s likely you have a whole stack of them). Web application firewalls for virtual platforms, next generation firewalls, data leakage prevention, packet capture, and intrusion prevention systems are just some of the tools that are active at the edge. With so many tools operating in one place it’s important to make sure that your network is designed so that each tool has the traffic needed to do its job - protecting your network.
The Data Center Core
Today’s data centers power countless applications and service delivery solutions for enterprises. It only makes sense that Network TAPs will also play a critical role within the data center. But the underlying issue is usually lack of space. The resulting solution is likely to utilize a modular network TAP chassis, feeding into purpose-built packet brokers, not only to save rack space, but to make the cabling manageable as well. With this solution you are able to TAP multiple links, and then filter, aggregate and load balance to multiple monitoring/analysis tools, ensuring no dropped packets.
So there you have it, a network TAP strategy that will ensure you have the visibility you need for your monitoring and security tools to work effectively.
Want to learn more about designing your network to ensure your monitoring and security tools are properly supported? Download Garland Technology’s whitepaper, Planned Visibility: Network Architecture Tips for Supporting Security and Monitoring Tools from the Start.