Low Cost Gigabit TAPs and Network Surveillance Solutions for the Security Professional
The following solutions are being offered to networking professionals in need of a convenient and low cost method to monitor and capture traffic on a single network segment (See article: SPAN Out of the Box for additional information) Please contact us: support@networksecuritytoolkit.org for pricing on any other network TAP offered by Dualcomm Technology, Inc with an NST Pro License.
| Gigabit ETAP-2105 Regeneration TAP and NST Pro Single License | Gigabit ETAP-2105 Regeneration TAP and NST Pro Site License |
|---|---|
|
|
| Gigabit ETAP-3105 Regeneration TAP and NST Pro Single License | Gigabit ETAP-3105 Regeneration TAP and NST Pro Site License |
|---|---|
|
|
Use Case 1: Gigabit Network Bandwidth Monitor / Geolocation / IDS on the DMZ Side of a Firewall
The following use case depicts NST Network Interface Bandwidth Monitoring, Host Geolocation, and IDS Detection on the "DMZ" side of a Firewall. The public web services are located in the DMZ network and are being monitored by multiple NST probes providing a unique security surveillance solution. A Dualcomm Technology, Inc Gigabit Regeneration TAP (model: ETAP-2105) is placed in the DMZ network between the Firewall / Router and the Web Server Complex load balancing switch.
The ETAP-2105 Regeneration TAP replicates the full-duplex network traffic running at Gigabit rates between the two inline ports (Ports: 1 and 2) across the three monitor ports (Ports: 3, 4 and 5). This provides each NST probe server and its respective network interface with its own mirrored copy of web traffic flowing in and out of the DMZ. Separate network security monitoring systems as shown in this diagram may be a requirement for certain organizations.
Use Case 2: Full Line Rate Gigabit Network Bandwidth Monitoring
The following use case demonstrates how to setup an NST probe for Internet traffic bandwidth usage monitoring on the unfiltered (dirty) side of a Firewall. The NST Network Interface Bandwidth Monitor is used as the Network Management tool for displaying and calculating bandwidth usage. A Dualcomm Technology, Inc Gigabit Regeneration TAP (model: ETAP-3105) is placed inline between the Firewall and the DOCSIS Cable or DSL modem. The inline Internet network traffic is duplicated and separated out as two (2) non-aggregation data streams. One stream for Receive Data (RxD) and the other one for Transmit Data (TxD). Ports: 4 and 5 provide the non-aggregation traffic flow at the full line rate of 2 Gpbs to the Dual-Port Gigabit Adapter on the NST probe shown.
The ETAP-3105 Regeneration TAP also replicates the data traffic running between the two inline Ports: 1 and 2 to both the aggregation monitor Port: 3. The aggregation monitor Port: 3 is not used in this Use Case.
The two inline ports of the ETAP-3105 will fail over automatically to maintain link connectivity when the ETAP-3105 loses power. This makes the ETAP-3105 suitable for deployments where critical link paths in a network are required.
The ETAP-3105 also supports Link Fault Pass-Through (LFPT) with the two inline ports. When a link goes down on either side of these ports, the link on the other side will also go down automatically. This capability is required for high availability deployments for reducing the time it takes to activate a redundant network link path.
