Chapter 3 Sensor Deployment Modes; Flexible Deployment Options; Multi-Port Sensor Deployment; Supported Deployment Modes - McAfee M-1250 - Network Security Platform Deployment Manual

C 3
H A P T E R
Sensor Deployment Modes
This section presents suggestions for implementing McAfee
a variety of network environments.

Flexible deployment options

McAfee Network Security Platform offers unprecedented flexibility in McAfee
Security Sensor (Sensor) deployment. Sensors can be deployed in a variety of topologies
and network security applications, providing industry-leading flexibility and scalability. Most
PC-based IDS Sensors on the market today can monitor only one network segment at a
time, and only via the SPAN port on a switch. Thus, to monitor a switched environment
with multiple segments and multiple switches deployed in a high-availability environment,
you would need multiple Sensors.

Multi-port Sensor deployment

Unlike single-port Sensors, a single multi-port Sensor can monitor many network
segments (up to twelve, in the case of the I-3000 or I-4010) in any combination of
operating modes—that is, the monitoring or deployment mode for the Sensor—SPAN,
Tap, or In-line mode. Additionally, Network Security Platform's Virtual IPS (VIPS) feature
enables you to further segment a port on a Sensor into many "Virtual Sensors."
This makes deployment easy; not only can you use one Sensor to monitor multiple
network segments, but you also can configure the Sensor to run whatever mode best suits
each network segment.

Supported deployment modes

Every port on the Sensor supports the following deployment modes:

SPAN or Hub

Tap

In-line, fail-closed

In-line, fail-open
Additionally, Network Security Platform provides features vital to today's complex
networks: interface groups (also called port clustering), and high-availability.
®
13
Network Security Platform in
®
Network