Which is a more secure data access technology: SPAN or TAP?

When monitoring traffic on a network, which is the best tool to use? Network security expert Mike Chapple gives advice.

Mike Chapple, University of Notre Dame

What is a more secure data access technology: SPAN or TAP?

First, let's take a brief detour and explain these two technologies. Both are options for monitoring traffic on a network. Test access ports, or TAPs, are devices that are placed on a network segment, and they allow a passive device to connect to it. The TAP contains three ports: two for traffic and one for monitoring. When network data arrives on either of the traffic ports, the TAP provides a copy of it to both the other traffic port and the monitoring port. The arrangement allows users to connect a network sniffer or other monitoring device to the network, but without the downtime associated with creating an inline connection for it.

Switched port analyzer (SPAN) ports provide similar functionality, but occur at the switch and do not require additional...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

hardware. The network administrator simply configures one port on the switch to serve as a SPAN port, and the switch then delivers copies of all traffic from any port on the switch to the SPAN port, allowing for the connection of a monitoring device. From a security perspective, there's not much difference between a TAP and a SPAN port. Both are useful for monitoring network traffic (albeit at different points in the network) and provide the same basic functionality.

More information:

Lock down IM by monitoring traffic over the network.
Is it possible to monitor and block port-scanning activity? Learn more.

This was last published in April 2008

Dig Deeper on Network device security: Appliances, firewalls and switches

How to configure a vTAP for cloud networks A vTAP can give enterprises better visibility into their cloud networks. Expert Frank Siemons of InfoSec Institute explains how virtual network TAPs work and the available options.

Cisco telemetry data gets streamed from MDS 9700 32G modules Cisco SAN telemetry sensors capture insight on network fabrics to aid capacity and infrastructure management. The FC feature provides real-time instrumentation analytics.

Brocade unveils APIs for network packet brokers Brocade has released network packet broker technologies for mobile operators. The product family includes open APIs and a virtualized NPB.

Introduction to intrusion detection and prevention technologies Intrusion detection and preventions systems can be critical components to an enterprise's threat management strategy. Learn the history behind the technologies and why they are so important.

VSS Monitoring offers midrange network packet broker VSS Monitoring offers a low-price network packet broker to network monitoring operations in mainstream, midrange enterprises.

Ixia reveals beefy network packet broker chassis, touts architecture Ixia's first chassis-based network packet broker supports 384 10 Gb ports. It also announced a new network monitoring architecture.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Information Security experts

View all Information Security questions and answers

Please create a username to comment.

McAfee launches security tool Mvision Cloud for Containers

How to implement zero-trust cloud security

AWS Access Analyzer aims to limit S3 bucket exposures

Consider these 5 FAQs for network monitoring best practices

Cisco's Silicon One networking chip targets cloud data centers

7 factors to consider in network redundancy design

Transforming operations for successful cloud adoption

IT workforce skews younger, says analysis of US data

Top edge computing trends to watch in 2020

How to shut down and restart a remote computer

Setting up Windows 10 kiosk mode with 4 different methods

Microsoft extends Office 365 benefit to nonprofit volunteers

The future of the Kubernetes ecosystem isn't all about cloud

Evaluate general and niche cloud service use cases

Compare niche cloud services to the hyperscale offerings

Alarm bells ring, the IoT is listening

New government faces calls to urgently deliver on pre-election pledge to review IR35 reforms

Future fashion: does that dress come in digital?

Dig Deeper on Network device security: Appliances, firewalls and switches

Related Q&A from Mike Chapple

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.