1 / 17

Bypass Switches

Bypass Switches. Intelligent Access and Monitoring Architecture Solutions. Network Security Trends. The Security Monitoring Access Challenge. IPS DLP WAF DAM APM NGF. Deploy today’s sophisticated security and compliance monitoring tools in-line in the network

benjamin-hyde
Download Presentation

Bypass Switches

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Bypass Switches Intelligent Access and Monitoring Architecture Solutions

  2. Network Security Trends

  3. The Security Monitoring Access Challenge IPS DLP WAF DAM APM NGF • Deploy today’s sophisticated • security and compliance monitoring tools in-line in the network • while minimizing the risk of downtime

  4. The Bypass Switch Solution Bypass switches provide fail-safe ports for in-line security devices. When security devices fail, the Bypass switch can automatically restore connectivity by bypassing the security devices. Normal Operation (Bypass Off) • Provides peace of mind when deploying new technology in-line • Protects against power, link, and application failure • Flexibility for testing, upgrades, and moves • Fully passive –when Bypass Switch loses power, the link is still up

  5. Key Features • Supports speeds from 10Mbps to 10Gbps • Bypass switch configurations: • Basic - 4 Ports • High Density – up to 32 Ports • Heartbeat and Link Fault detection • Identify application failure • Identify device failure • Detect link anomalies • RMON statistics • Remote management via CLI and Web GUI (on select models)

  6. Bypass Switch Interface 10GigaBit iBypass Switch

  7. Bypass Function Triggers • Loss of link between Bypass Switch and tool • Tool maintenance or redeployment • Power loss to the Bypass Switch • Heartbeat failure • Power loss to the tool • Tool dropping packets due to oversubscription • Tool processing packets too slowly • Tool software hung • Tool hardware failure • Supports Fail Open and Fail Closed

  8. Fail Open vs. Fail Closed Bypass switches provide fail-safe ports for in-line security devices IPS Failure (Bypass On – Fail CLOSED) IPS Failure (Bypass On – Fail OPEN)

  9. The Need for High Availability Monitoring • If Bypass Switch fails OPEN to traffic, can you tolerate passing traffic without monitoring while a tool is down? • Intrusions and other attacks • Data loss • Compliance issues • If Bypass Switch fails CLOSED to traffic, can you tolerate link down while a tool is down? • Loss of mission-critical applications • Customers cannot be serviced • $$$$$ impact

  10. Tap Mode While Bypassing • Bypass Switch acts as a full-duplex breakout Tap while in Bypass ON mode (can be set via trigger or manually) – Use IPS as IDS to test new signature sets – Use as Tap when you don’t need a Bypass Switch Half-duplex mirrored traffic Fiber Copper

  11. Redundant Tools Protect Against Tool Failure

  12. Redundant Links Protect Against Link Failure

  13. Redundant Tools and Links Together

  14. iBypass HD – Redundant Links & Tools • Net Optics iBypass HD — High Density, eight Bypass Switches in a 1U appliance • Four Dual Bypass Modules (DBMs) • Configure DBM as two independent Bypass Switches • Configure DBM as a single HA Bypass Switch with Tool redundancy and/or Link redundancy • Configure as a Bypass Switch plus a Tap

  15. iBypass HD Features • Manual (forced) Bypass On mode – Take tool offline immediately in case of emergency • Acts as a Tap when traffic is bypassing the tool – Test signature set out in IDS mode • Dual Heartbeat packets check both directions of data flow • Link Fault Detection (LFD) — fault mirroring across Link • Bypass Detection — signals tool that bypass is engaged • Fail-open and fail-closed modes • Remote monitoring (RMON) traffic statistics • RADIUS and TACACS+ authentication and authorization • Dual hot-swappable AC or DC redundant power supplies Fiber Copper

  16. Summary - Bypass Switch Benefits • Protects links with IPSs and otherin-line security monitoring tools against • Power failure (IPS or bypass switch) • Tool failure (hardware, software hangs or slowdowns) • Increases solution reliability by independently checking the IPS and supporting High Availability (HA) network architectures • Provides capability to take tools offline instantly when problems occur • Provides flexibility to remove IPSs without interrupting link traffic; also flexibility to use as Taps • Increases traffic visibility with RMON traffic statistics and remote manageability 10GigaBit iBypass Switch

  17. Thank You! Net Optics, Inc. www.netoptics.com 408.737.7777

More Related