The _____ port is also known as a switched port analysis (span) port or mirror port.
Show
Make The Right Choice For Monitoring Data CaptureWWhen monitoring a data network, you need quick and easy data access. A short delay or capturing the wrong data, can cost you thousands of dollars and result in longer troubleshooting time. Keep in mind that you have choices when collecting monitoring data. Your choice of network monitoring equipment will affect the complexity and effectiveness of your monitoring strategy. The two most common ways of accessing monitoring data are through either a switched port analyzer (SPAN) port or a test access port (Tap). A tap is a purpose-built device that passively makes a copy of network data but does not alter the data. Once you install it, you are done. No programming is required. SPAN ports, also called mirror ports, are part of Layer 2 and 3 network switches. They are active devices and will require you to program them to copy the data desired. Taps are the best choice when it comes to ease of data capture, versatility of location for data capture, and programming costs. Read this white paper to get more information on how to dimension taps within your network.
There is a clear difference between taps and SPANs. Taps offer significant advantages over SPAN ports when monitoring the network. One benefit is that you can "set and forget" taps because they are a one-time intrusion to the network. SPAN ports require you to configure the switch (or switches) every time you want to change the switch data that needs to be copied. Once installed, taps and a network packet broker eliminate the need for many Change Board Review processes because you do not need to touch the live network. You just filter and analyze the readily available monitoring data to get the troubleshooting, performance, security-related, and compliance data you need. Taps are also versatile and you can deploy them anywhere across your network. This gives you the ability to tap ingress, egress, remote links, problem links, etc. with almost no restrictions, unlike the SPAN port which is tied specifically to a network switch and the switch’s physical location. Take a look at this solution brief to see the differences.
SPAN Ports Can LieKeep in mind is that network switches (and their SPAN ports) introduce mechanisms on ingress ports to eliminate corrupt packets and also packets that are below a minimum size. While this may sound beneficial, the problem with this approach is that monitoring devices for troubleshooting normally require the capture of all data within the egress segment. Key clues can be contained in this data. Switches and SPAN ports can drop Layer 1 and select Layer 2 data as well, depending on priority level. By contrast, a tap passes on all of the data on a link. This includes capturing everything needed to properly troubleshoot common physical layer problems, including bad frames that can be caused by a faulty NIC.
Cost AnalysisThe chart to the right is an attempt to perform an “apples to apples” comparison with respect to SPAN port and Tap port programming. ASSUMPTIONS
Administration costs for SPAN sessions start Day 1. In this conservative example, the average annual recurring maintenance costs ($6,890) for SPAN sessions could have been redeployed to buy an average of 10 Taps (annually). CONFIGURATION PROGRAMMING COST COMPARISON
Is Partial Coverage Good Enough?Taps offer the ability to collect data anywhere in the network, not just where the Layer 2 or Layer 3 switches are located.
Tap Vs SPAN Comparsion TableWhile SPAN ports create a mirrored copy of network data, there are a host of issues associated with them and you need to factor this into your monitoring strategy. See the adjacent table for a comparison of the two data capture methods.
Featured ResourcesThe following resources are available to help you with your research Want help or have questions? Which network monitoring method can be used to ensure that all traffic sent to any port on a switch is also sent to a device connected to the mirrored port?Essentially, a port mirroring instruction tells the switch to send a copy of traffic to a specific port. The methodology includes a range of options, enabling you to choose specific traffic originating from or traveling to given IP addresses, or choosing to copy all traffic.
What are the main features that differentiate the test access point tap from a switched port analyzer span )? Select all that apply?What are the main features that distinguish a Test Access Point (TAP) from a switched port analyzer (SPAN)? (Select all that apply.) A test access point (TAP) is a hardware device that copies signals from the physical layer and the data link layer, while SPAN (switched port analyzer) is simply ports being mirrored.
Is a series of steps or processes used by an attacker in a logical sequence?Chapter 7. Is an event that triggers alarms and causes a false positive when no actual attacks are in progress?False Attack Stimulus: An event that triggers alarms and causes a false positive when no actual attacks are in progress. Testing scenarios that evaluate the configuration of IDSs may use false attack stimuli to determine if the IDSs can distinguish between these stimuli and real attacks.
|