OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: David Hawley (david.hawley_at_atssi.biz)
Date: Thu Aug 15 2002 - 13:06:32 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
    majordomoiss.net Contact issforum-owneriss.net for help with any problems!
    ----------------------------------------------------------------------------

    Chan,

    Look into switch configurations. I think you can setup the switch so
    that you can moniter traffic in
    A way that won't slow things down.

    David

    David Hawley, CISSP
    drh123netsecurity.com
    www.123netsecurity.com

    -----Original Message-----
    From: Chan Kien Eng [mailto:engessasia.net]
    Sent: Tuesday, August 13, 2002 8:42 PM
    To: issforumiss.net
    Subject: Realsecure NS 7.0 Gigabit

    TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message
    to majordomoiss.net Contact issforum-owneriss.net for help with any
    problems!
    ------------------------------------------------------------------------ 

    ----

    Hi all,

    Need advice here....

    Lets say I have a scenario where all the servers in DMZ that are
connected to a gigabit switch. The GE switch is connected to a Firewall
GE port. I want to monitor the traffic between goes to the DMZ. So
placing a GE NS7.0 will be the solutions. 

    But, I'm not sure how the deployment will be. First, I don't think Port
mirror a GE switch will work since the traffic will be extremely high.
Placing a HUB between the Firewall and GE switch won't solve the issue
also because the I don't think the HUB can handle so huge traffic flows.

    So, the other solution that I can think of is to use the GE network Taps
to taps the traffic.

    Now the questions, if using Taps, is that mean need to have 2 GE NIC on
the NS for monitoring the TX and RX, I 100Mbs NIC to connect to the
secure LAN where the console is and 1 more GE NIC to send the kill.

    Will this idea work? May be some of u guy has better idea?

    Thanks....

    *******************************************
 Chan Kien Eng
 Security Consultant 
 Evolution Security Solutions Sdn. Bhd.
 15.09 Signature Office
 The Boulevard, Mid Valley City
 59200 Kuala Lumpur.
 Email: engessasia.net
 Tel:   603-22879939 Ext 110
 Fax:  603-22879929
 "Make it works, make it better"
********************************************