1
00:00:00,790 --> 00:00:07,270
There are multiple ways that network traffic can be monitored or blocked by security sensors.

2
00:00:07,270 --> 00:00:11,350
The most effective way is in line at this technique.

3
00:00:11,350 --> 00:00:19,000
Traffic flows directly through security devices allowing it to inspect and block malicious traffic.

4
00:00:19,000 --> 00:00:25,510
The only downside to online mode is that data throughput is impacted significantly since each packet

5
00:00:25,510 --> 00:00:28,800
is inspected before being forwarded.

6
00:00:29,530 --> 00:00:33,760
A less aggressive way to gain network visibility is tap mode.

7
00:00:34,910 --> 00:00:42,050
In tap mode only copies of traffic are redirected to security devices so malicious traffic can be monitored

8
00:00:42,260 --> 00:00:43,330
but not blocked.

9
00:00:45,380 --> 00:00:53,450
To redirect traffic to a tap port Port mirroring is used with span spans sweats pore analyzer can be

10
00:00:53,450 --> 00:00:59,520
configured on switches to instruct the switch to send copies of traffic from certain source villans

11
00:00:59,570 --> 00:01:09,290
or interfaces to a span destination port connected to a tap a fairly new way of gaining visibility for

12
00:01:09,290 --> 00:01:17,360
security appliances is with net flow net flow is a network protocol developed by Cisco for collecting

13
00:01:17,390 --> 00:01:25,730
IP traffic information and monitoring network traffic traffic learned by nut flow can be sent to remote

14
00:01:25,730 --> 00:01:32,910
monitoring devices for collection with UDP packets by analyzing flow data.

15
00:01:32,990 --> 00:01:39,770
A picture of network traffic flow in volume can be built with this kind of rich data security monitoring

16
00:01:39,770 --> 00:01:44,270
systems can get a full spectrum of network and security issues.