Network Tap Technology (was: RE: Gig TAPs)

[robert.d.turner () bt com]

Hi

<Discussions about source of Intrusion tap deleted>

I must admit to being surprised at the claim that the intrusion
taps were being made by NetOptics. There are some major differences
in the Intrusion tap that make them quite a different beast from
the Shomiti/Finisar/NetOptics versions. (sorry, Peter, a tap is
not a tap is not a tap).

(Info from https://www.intrusion.com/products/downloads/TapPO_1102.pdf)

The Shomiti-style tap is a device that you insert 'into' a network
cable, and which produces two half-duplex, uni-directional, feeds
which you then need to re-merge for IDS, either in the IDS itself
or in a hub/switch arrangement. The differences between the various
vendors is the complexity of the box - is it autodetect 10/100,
fdx/hdx and which cable (straight or crossover) is required.

The Intrusion tap is, on the other hand, a device that you insert
'into' a network cable (similar so far) but which gives a single
output cable which can be used to 'reset malicious connections'.
> From my understanding of networking terminology, this makes the
tap a single-purpose switch with a dedicated span/mirror port.

> From my understanding, this means that you have the same
limitations as putting the output from a 'traditional' tap into
a 100Mbps switch and spanning the output (without the risk of
collisions). Namely, if the total traffic on the originating
cable exceeds 100Mbps (i.e. 60Mbps in one direction and 50Mbps
in the other at the same time) then you lose a proportion of
the traffic. The fact that the second cable is Full Duplex is
irrelevant - it can still only transmit 100Mbps of data in
one direction at one time.

I am happy to be proved wrong if this is incorrect!

Therefore, the Intrusion style tap is perfect for lower to mid
bandwidth situations, but I do feel that the only 'real' solution
for higher bandwidth is a device that can take two direct feeds 
from a tap or dual span device, or moving up to a Gbps solution.

Robert
(Wearing my flame-proof suit tonight, so fire away!)

--
Robert Turner GCIA
Security Solutions Designer & Analyst

BT Secure Business Services
T: +44 (0)113 244 5951  F: +44 (0)113 244 5657
Robert.D.Turner () bt com

== # include std.disclaimer =====================================

British Telecommunications plc

Registered office: 81 Newgate Street London EC1A 7AJ

Registered in England no. 1800000

This electronic message contains information from British
Telecommunications plc which may be privileged or confidential.
The information is intended to be for the use of the individual(s)
or entity named above. If you are not the intended recipient be
aware that any disclosure, copying, distribution or use of the
contents of this information is prohibited. If you have received
this electronic message in error, please notify us by telephone
or email (to the numbers or address above) immediately.

Activity and use of the British Telecommunications plc E-mail
system is monitored to secure its effective operation and for
other lawful business purposes. Communications using this system
will also be monitored and may be recorded to secure effective
operation and for other lawful business purposes.

=================================================================