Copper Network TAP Field Book by Garland Technology Marketing

Copper Network TAP Field Book

Introduction With so much of the world’s communications and IT / OT networking systems still relying on Copper at the physical layer, it is critical In case of loss, please return to:

that network, cybersecurity, and solutions engineers understand how to best TAP them. Without visibility or access to network traffic, NetOps and SecOps Teams cannot effectively manage, optimize, and secure the network or the applications they support. What is the best TAP for Copper Networks? Garland Technology has the largest Copper TAP portfolio in the industry and has designed this Field Book to help you identify the ideal Copper TAP for your project. Turn to page 4 and get started tapping your Copper Network.

Start Here

I need to connect a security or monitoring tool to one (1) Copper link in my network. Tool has two (2) open physical ports to observe the mirrored network traffic. Use a Breakout TAP to send copies of each side of traffic out separate monitoring ports. Breakout TAP is ideal when: ◼ (1) connected out-of-band network tool ◼ Utilization is very high ◼ Packet loss is not an option

PORTABLE TAPs ◼ Engineered for single-purpose use.

◼ Smaller size to fit in remote or constrained

network locations.

◼ Can be used for quick-connect and

permanent installations.

◼ Can be set up on a desk, shelf, or added to a rack

or DIN Rail.

PART NUMBERS P1GCCB (10/100/1000M DC power)

What do you need to do?

P1GCCBV2 (10/100/1000M DC power)

PT100 (10/100M Passive)

Continue to next page

I need to also connect another monitoring tool (e.g., Wireshark) that needs copies of that same traffic. Use an Aggregator TAP to merge copies of each side of traffic out one monitoring port.

I need to address oversubscription because it is a possibility. Use a Filtering TAP to send only the copies of traffic the connected tool(s) need to receive and avoid sending unwanted traffic.

◼ (2) connected out-of-band network tools ◼ Need to keep utilization under 50% ◼ Need copies of full duplex in both directions

Aggregator TAP is ideal when:

Filtering TAP is ideal when: ◼ Need to keep traffic to tools below 1G ◼ Tools risk being oversubscribed ◼ There is traffic that tool(s) is not interested in (e.g., camera or VoIP traffic)

PART NUMBERS P1GCCAS (10/100/1000M)

PART NUMBERS P1GCCFE (10/100/1000M)

P100CCA (1000M)

Actually, my connected security or monitoring tool(s) is placed inline.

MODULAR TAPs

Use a Bypass TAP to deploy between the network and the connected tool. Bypass TAP is ideal when:

◼ Prevent inline tool from becoming single point of failure ◼ Avoid network downtime ◼ Eliminate maintenance windows ◼ Engineered for scalability.

◼ Individual TAP modules are hot swappable,

fully configurable, and interchangeable.

◼ Offer tremendous flexibility for network

needs both today and in the future.

◼ Designed for deployment in a rack via a

1U or 2U chassis.

PART NUMBERS P1GCCBP (100/1000M)

P1GCCBPPOE+ (100/1000M)

I have more than one link to TAP in the same rack and I require a solution that offers more flexibility and density than the Portable options. Continue to next page

What do you need to do? Continue to next page

PART NUMBERS M100CCB (10/100M)

M1GCCB (10/100/1000M)

I need to also connect another monitoring tool (e.g., Wireshark) that needs copies of that same traffic Use an Aggregator TAP to merge copies of each side of traffic out one monitoring port. Aggregator TAP is ideal when: ◼ (2) connected out-of-band network tools ◼ Need to keep utilization under 50% ◼Need copies of full duplex in both directions

PART NUMBERS M1GCCF (10/100/1000M)

M100CCA (10/100/1000M)

I need to address oversubscription because it is a possibility. Use a Filtering TAP to send only the copies of traffic the connected tool(s) need to receive and avoid sending unwanted traffic. Filtering TAP is ideal when: ◼ Need to keep traffic to tools below 1G ◼ Tools risk being oversubscribed ◼ There is traffic that tool(s) is not interested in (e.g., camera or VoIP traffic)

Actually, my connected security or monitoring tool(s) is placed inline. Use a Bypass TAP to deploy between the network and the connected tool. Bypass TAP is ideal when: ◼ Prevent inline tool from becoming single point of failure ◼ Avoid network downtime ◼ Eliminate maintenance windows

PART NUMBERS M1GCCBP (10/100/1000M) PART NUMBERS M1GCCF (10/100/1000M)

These are great but I need a TAP solution that meets very unique network requirements. Continue to next page

Specialized TAPs

I need to see copies of network traffic on my laptop while out in the field.

Engineered for networks with unique requirements like: ◼ On-the-go technicians ◼ Environments with heat and vibration ◼ Installations inside existing Server ◼ Military-grade standards ◼ OT networks

Use the USB 3.0 port on a FieldTAP to connect to a network tool and see copies of network traffic on a laptop.

P1GCUA_mini

FieldTAP is idea when: ◼ Need a handheld TAP ◼ Have Wireshark on a laptop ◼ Need to troubleshoot on-the-go

What do you need to do? Continue to next page

PART NUMBERS P1GCUA_mini (10/100/1000M)

P1GCUA (10/100/1000M) *portable, rack-mounted version

I need to TAP a network segment that encounters extreme temperature variations like -40oC to +85oC / -40oF to +185oF.

I need to easily integrate a network TAP into an existing network appliance or a PC to gain packet-level visibility.

Use a PCIe TAP to insert into a open PCIe x4 slot on a server or PC and receive out-of-band copies of packets from the network via the PICe TAP. Use a Copper OT TAP in areas prone to heat, vibration, and DC power. Copper OT TAP is ideal when: ◼ Space is limited: portable size ◼ DIN Rail mounting required ◼ (1) connected tool with (2) open ports

PART NUMBERS P1GCCB-OT (10/100/1000M DC power)

PCIe TAP is ideal when:

◼ A single link will be used to access packets from

the network

◼ Ingress traffic from both network ports will

be aggregated

◼ Power is provided by the network appliance or PC

PART NUMBERS PCIE1GCA (10/100/1000M)

PCIE1GCUA (10/100/1000M) *USB 3.0 monitoring port

I need to install a Network TAP on a military vehicle like a Humvee, tank, or aircraft. Is that even possible?

Yes! Use a Military-grade Industrial TAP to connect to rugged, moving vehicle and copy full duplex traffic. Might Mouse connectors on network and monitoring ports hold Copper connections in place. Military-grade Industrial TAP is ideal when:

◼ (1) connected tool with (2) open ports ◼ Environments prone to shaking and bouncing ◼ DC power PART NUMBERS M100CCBm (10/100M)

M1GCCBm (10/100/1000M)

I need to secure SPAN link(s) with hardware enforced unidirectional traffic.

Use a Hardware Data Diode to eliminate bidirectional traffic flow ensuring that no data is passed back into the Switch Mirror port. Hardware Data Diode is ideal when: ◼ The use of SPAN ports is still needed for visibility in a network ◼ Affordable pricing required (when compared to software-based data diodes) ◼ Need help meeting NERC CIP v5

PART NUMBERS CTAP-P1GCCREG (10/100/1000M) *2 SPAN input

P1GCCAS-Custom (10/100/1000M) *1 SPAN input

I need to send more traffic to my OT / ICS security sensors. Use an Aggregator TAP or SPAN Aggregator. Aggregator TAP is ideal when: ◼ Copper network with 10/100/1000M speed ◼ TAP up to (4) network links and aggregate ◼ 1 or 2 sensors require exact copies of traffic

Benefits of Garland Technology’s Copper TAPs Garland Technology engineers and manufactures its Copper TAP portfolio in the USA. Benefits of deploying Garland’s Copper TAPs include: ◼ Pass everything, even Physical Layer Errors.

◼ Support Jumbo frames: support for larger packets

means greater network speeds can be achieved.

◼ Durable, metal chassis: Garland Technology’s

PART NUMBERS INT1G10CSA

Network TAPs are built with metal construction providing durability during installation and throughout the life of deployment. Longer life than plastic TAPs.

SPAN Aggregator is ideal when:

◼ Copper network with 10/100/1000M speed ◼ TAP up to (8) SPAN links and aggregate ◼ 1 or 2 sensors require exact copies of traffic

DURABLE METAL CHASSIS

PART NUMBERS INT1G10CSASP

Continue to the next pages for additional benefits.

Failsafe

◼ The Failsafe feature in Copper TAPs recognizes

power outages and then automatically closes the relay circuitry in less than 8 milliseconds reconnecting the two network devices connected to ports A and B.

◼ Furthermore, a TAP losing power is a very

infrequent occurrence.

◼ Typically, lost power affects the entire

◼ Thus, if power is lost to either device connected

to the TAP then it makes no difference if the TAP remains powered on or not because there is no destination to send the traffic.

◼ That said, to ensure Garland Technology’s

Copper TAPs do not become a single point of failure, Garland’s Copper TAPs have built-in " Failsafe " circuitry.

network rack.

Note: All Part #s included in the booklet have the Failsafe

◼ In most cases, the TAP is plugged into a power

(these are passive).

source from either the device connected to port A of the TAP or to port B.

feature except PT100, P100CCA, M100CCB, and M100CCA

Unidirectional Data Diodes

◼ Data Diode TAPs are engineered to allow raw

data to travel in only one direction and ensure the out-of-band traffic does not return to the network. Packet injection becomes impossible.

◼ Using hardware Data Diodes eliminates

bidirectional traffic flow, ensuring no data is passed back into the Switch Mirror port.

◼ Different from standard software-based

◼ Hardware Data Diodes and Data Diode TAPs

are useful and cost-effective solutions to help provide an additional layer of security in OT and IT networks.

Data Diode gateways in the industry, these are hardware-based. This means there is no complicated software to configure or the added risk of software failure.

◼ There are situations where SPAN/Mirror ports

◼ Network traffic control is enforced at the

are still needed for visibility in an OT network.

physical hardware level

◼ In these instances, it is best practice to connect

Note: All Part #s included in the booklet have the

the SPAN/Mirror port to a hardware Data Diode to pass the mirrored data onto the monitoring and security sensors. 24

Data Diode feature.

Link Failure Propagation (LFP) Solution ◼ Link failure propagation (LFP) is essential for

◼ In a non-HA environment, the link is turned off by

◼ This feature is imperative in high availability

◼ Essential for ensuring 100% network uptime

situations with 1G copper network TAPs.

when network elements fail.

◼ Copper gigabit networks differ because copper

◼ Without LFP in Copper 1G environments, if a

ensuring 100% network uptime when network elements fail.

gigabit requires that each network port negotiate with the network TAP individually (i.e., the switch to the TAP, the TAP to the router).

◼ Without LFP in a copper gigabit environment, if

a network element link goes down, there’s nothing to tell the corresponding network element that there’s an issue.

the TAP and it is up to diagnostic tools to alert the maintenance folks that there is a problem.

network element link goes down, there’s nothing to tell the corresponding network element there’s an issue.

◼ The functional element continues to send

packets and you start to lose visibility. LFP ensures an instant switch to the secondary link to maintain 100% uptime.

◼ The functional network element continues to

send packets and you start to lose visibility as a result.

◼ LFP is designed to shut down the link attached to

the TAP if one side or the other fails.

No battery back-ups in Garland Technology’s TAPs

Mounting / rackings solutions for Part #s included in this booklet RMP-1U

RMP-1U

◼ Garland Technology has never included a

1U Rack Mount Kit - holds up to 4 portable TAPs

lithium ion battery in its Network TAPs.

Note: Garland Technology’s Copper TAPs do NOT contain battery back-ups.

M1G1ACE is 1U and holds up to 4 modular TAPs M1G2ACE is 2U and holds up to 12 modular TAPs

◼ Garland Technology does not recognize

lithium ion batteries as an acceptable power source for a Network TAP. ◼ Network TAPs with batteries should never be installed in a data center, network application, or critical infrastructure deployment. ◼ Issues with battery power include: - Rupture/fire hazard - Added maintenance - Insurance liability ◼ The best practice is to avoid Network TAPs with batteries and use Network TAPs that have power failsafe or a back-up power source.

M1G1ACE & M1G2ACE

P1GCCB P1GCCBV2 PT100 P1GCCAS P100CCA P1GCCFE P1GCCBP P1GCCBPPE+ P1GCCB_OT P1GCUA CTAP-P1GCCREG P1GCCAS-Custom

M100CCB M1GCCB M1GCCF M1GCCBP M100CCA

M1GP1G-DC Two slot Chassis Holds up to 2 Military-grade Industrial TAPs

M100CCBm M1GCCBm

Notes

Date

GarlandTechnology.com

Scan QR code for all datasheets in booklet.