Which is a more secure data access technology: SPAN or TAP?

First, let's take a brief detour and explain these two technologies. Both are options for monitoring traffic on a network. Test access ports, or TAPs, are devices that are placed on a network segment, and they allow a passive device to connect to it. The TAP contains three ports: two for traffic and one for monitoring. When network data arrives on either of the traffic ports, the TAP provides a copy of it to both the other traffic port and the monitoring port. The arrangement allows users to connect a network sniffer or other monitoring device to the network, but without the downtime associated with creating an inline connection for it.

Switched port analyzer (SPAN) ports provide similar functionality, but occur at the switch and do not require additional...

hardware. The network administrator simply configures one port on the switch to serve as a SPAN port, and the switch then delivers copies of all traffic from any port on the switch to the SPAN port, allowing for the connection of a monitoring device. From a security perspective, there's not much difference between a TAP and a SPAN port. Both are useful for monitoring network traffic (albeit at different points in the network) and provide the same basic functionality.

More information:

• Lock down IM by monitoring traffic over the network.
• Is it possible to monitor and block port-scanning activity? Learn more.