Network TAPs (Test Access Ports) are used for secure and reliable access to network data. TAPs are looped into the network line to be monitored and direct all data traffic without interruption and without packet loss while maintaining the data integrity.
TAPs are generally used to forward network traffic to an IPS, IDS, WAF, NDR, network packet broker, analysis system or security tool. The often used and already existing SPAN / mirror port on network switches, on the other hand, is unsuitable for professional purposes. Since it is not immune to compromise, it cannot guarantee unadulterated data export without packet loss. A fact that attackers can easily take advantage of.
How secure are network TAPs?
PacketRaven TAPs are among the most secure network devices on the market. A safety factor of the NEOX TAPs is the fact that they work on OSI Layer 1 and therefore do not have an IP or MAC address. As a result, they cannot be easily tracked down and compromised in the network.
In addition, many NEOX TAPs have a so-called data diode function. This makes it technically impossible to access the tapped, active network via the monitoring port or to manipulate the network data there. As a result, network TAPs from NEOX Networks, even in the standard version, are among the network components that exclude an attack vector.
Very safe becomes extremely safe
Specially hardened TAP version for network protection in the KRITIS area (Image: NEOX Networks).
For high security areas according to IEC 62443 and critical infrastructures (KRITIS), however, even this is sometimes not enough, which is why NEOX Networks now also offers a specially hardened version of its TAPs. These TAPs are delivered preconfigured and do not allow any subsequent configuration changes. In addition, they are protected against unwanted or unnoticed opening by special screws and security seals.
And to top it off, these NEOX TAPs also have specially secured and encrypted firmware. Every time the TAP is started, Secureboot checks whether the firmware to be executed has a valid signature and an authorized public key. If this is not the case, the TAP cannot be put into operation.
BSI law for KRITIS could increase demand
Timur Özcan, Managing Director of NEOX NETWORKS: “The demand for TAPs will grow strongly in the next few months. On the one hand, this is due to the general increase in security threats. But also through paragraph 8a in the BSI law that states that the information technology of critical infrastructures must take organizational and technical precautions from May 2023 to ensure the use of attack detection systems. And to make this possible, TAPs are required to access the data and to be able to provide the recognition systems with the necessary data ”.
More at Neox-Networks.com
About NEOX NETWORKS
NEOX NETWORKS GmbH, based in Langen near Frankfurt am Main, is an innovative solution provider specializing in the areas of network visibility, monitoring and security. The company, which was founded in 2013, has grown continuously in the double-digit percentage range in the last few financial years and has now established itself as a reliable and professional partner not only as a Value Added Distributor (VAD) but also as a manufacturer of IT monitoring products for leading IT companies.