C
3
H A P T E R
Sensor Deployment Modes
This section presents suggestions for implementing McAfee
a variety of network environments.
Flexible deployment options
McAfee Network Security Platform offers unprecedented flexibility in McAfee
Security Sensor (Sensor) deployment. Sensors can be deployed in a variety of topologies
and network security applications, providing industry-leading flexibility and scalability. Most
PC-based IDS Sensors on the market today can monitor only one network segment at a
time, and only via the SPAN port on a switch. Thus, to monitor a switched environment
with multiple segments and multiple switches deployed in a high-availability environment,
you would need multiple Sensors.
Multi-port Sensor deployment
Unlike single-port Sensors, a single multi-port Sensor can monitor many network
segments (up to twelve, in the case of the I-3000 or I-4010) in any combination of
operating modes—that is, the monitoring or deployment mode for the Sensor—SPAN,
Tap, or In-line mode. Additionally, Network Security Platform's Virtual IPS (VIPS) feature
enables you to further segment a port on a Sensor into many "Virtual Sensors."
This makes deployment easy; not only can you use one Sensor to monitor multiple
network segments, but you also can configure the Sensor to run whatever mode best suits
each network segment.
Supported deployment modes
Every port on the Sensor supports the following deployment modes:
SPAN or Hub
Tap
In-line, fail-closed
In-line, fail-open
Additionally, Network Security Platform provides features vital to today's complex
networks: interface groups (also called port clustering), and high-availability.
®
13
Network Security Platform in
®
Network