The DAN or Data Access Network is a newly emerging "best practice" for passive monitoring of mission critical networks that solves real access problems, improves network performance and uptime, and saves capital, operation and maintenance costs. A DAN is a combination of out-of-band data access switching plus passive monitoring instrumentation to enable required security, compliance, forensics review, application performance, VoIP QoS, uptime and other network management tasks. Data is acquired from multiple SPAN ports or taps and multicast to multiple tools, aggregated to a few consolidated tools, and filtered or divided across many instances of the same tools. The DAN may be thought of as a Òdata socketÓ providing immediate access for ad hoc tool deployment without impact to the production network and outside of the scope of configuration management policies.
2. What’s a DAN?
out-of-band passive monitoring network
Includes passive tools like:
Security IDS Sensors,
Application Performance Monitors,
Troubleshooting Protocol Analyzers,
VoIP QoS Probes,
Proprietary & Confidential
Forensic Recorders,
and Data Access Switching
3. DAN provides “Data Sockets”
Part of a Flexible Network Infrastructure
• Plug-in multiple out-of-band tools – ANY data to ANY tool
• Unobtrusive 24x7 tool connections – never touch the network
• Aggregate, Replicate, Filter and load balance data streams
• Use legacy 1Gig tools to monitor new 10Gig networks
Proprietary & Confidential
3
4. Why are DANs Needed Now?
Things Have Changed
Enron and 9/11 spawned SOX auditing, increased security
and lawful intercept requirement
PLUS technology and business developments:
Web site e-commerce and internet applications demand support
VoIP and media convergence make the network more strategic
Proprietary & Confidential
Green networking demands smaller Data Center footprint
Network is how business gets done. Downtime is unacceptable
5. Proliferation of Tools
New SOX compliance transaction monitors
Keep your boss out of jail!
IDS Sensors detect external attacks
From hackers
NAC appliance protects networks from inside
From your own people!
CALEA lawful intercept and Forensic Recorders
Configuration monitoring tools watch over network
Proprietary & Confidential
resources
Application and Network troubleshooting
6. Proliferation Causes Contention
for Span Ports
Security and IT
Engineers seen
here
Proprietary & Confidential
“Negotiating” Over
a SPAN Port
7. An Analogy:
Using a DAN is like using a power strip.
Proprietary & Confidential
8. Too Many Power Tools?
Not Enough Sockets?
?
? ?
?
Proprietary & Confidential
12. What Other Problems do DANs
solve?
Distributed Monitoring burning the budget?
Consolidate tools; $ave money on capital and operational budgets
Unsecure monitor or tap ports risk data leakage?
DAN can secure all access point to prevent snooping
Too much traffic for one tool?
Reduce and balance load over multiple units to match tool capacity
Proprietary & Confidential
Restrictive Configuration Management Policies?
Deploy tools and make changes on your own schedule
14. Old Solution: Lots of Distributed Tools,
Deploy one tool per span port/switch
Proprietary & Confidential
Lots of hardware…very expensive!
15. Better: Distribute Connections with a DAN
Consolidate Tools; Save CapEx $$$
Proprietary & Confidential
Aggregate and balance flows to Consolidated Tools
16. DAN is “Best Practice” for Network
Infrastructure Design
Totally flexible solution to many problems
Facilitates unobtrusive instrumentation of a network
Solves requirement for multiple tool access
Gives tools the view of the total network
Secures monitor and tap ports
Proprietary & Confidential
Improves monitor coverage, saves time and money.
17. DAN Solves Access Problems By
• Aggregating many links to any tool
• Multicasting any link to many tools
• Filtering data to map packets to tools
• Saving $$ Cap Ex and Op Ex budget$
Proprietary & Confidential
Any to Any Many to Any Any to Many Bit-Mask Filtering