Which is a more secure data access technology: SPAN or TAP?

When monitoring traffic on a network, which is the best tool to use? Network security expert Mike Chapple gives advice.

University of Notre Dame

What is a more secure data access technology: SPAN or TAP?

First, let's take a brief detour and explain these two technologies. Both are options for monitoring traffic on a network. Test access ports, or TAPs, are devices that are placed on a network segment, and they allow a passive device to connect to it. The TAP contains three ports: two for traffic and one for monitoring. When network data arrives on either of the traffic ports, the TAP provides a copy of it to both the other traffic port and the monitoring port. The arrangement allows users to connect a network sniffer or other monitoring device to the network, but without the downtime associated with creating an inline connection for it.

Switched port analyzer (SPAN) ports provide similar functionality, but occur at the switch and do not require additional...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

hardware. The network administrator simply configures one port on the switch to serve as a SPAN port, and the switch then delivers copies of all traffic from any port on the switch to the SPAN port, allowing for the connection of a monitoring device. From a security perspective, there's not much difference between a TAP and a SPAN port. Both are useful for monitoring network traffic (albeit at different points in the network) and provide the same basic functionality.

More information:

Lock down IM by monitoring traffic over the network.
Is it possible to monitor and block port-scanning activity? Learn more.

This was last published in April 2008

Dig Deeper on Network device security: Appliances, firewalls and switches

All
News
Get Started
Evaluate
Manage
Problem Solve

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Information Security experts

View all Information Security questions and answers

Dig Deeper on Network device security: Appliances, firewalls and switches

Related Q&A from Mike Chapple

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.