|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: IDS on switch with multiple VLANs
From: North, Jason (jnorth
SCCX.COM)Date: Thu Nov 02 2000 - 10:51:30 CST
- Next message: Todd Suiter: "Re: IDS on switch with multiple VLANs"
- Previous message: Drew Simonis: "Re: IDS on switch with multiple VLANs"
- Maybe in reply to: Michael Young: "IDS on switch with multiple VLANs"
- Next in thread: Steve England: "Re: IDS on switch with multiple VLANs"
- Maybe reply: North, Jason: "Re: IDS on switch with multiple VLANs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
My organization has had a pretty high degree of success with Shomiti taps.
You insert them on the crossover cable between two switches or network
infrastructure devices, and run cables to your sensor. This catches nearly
all traffic that passes between the devices (I would say all, but I have an
aversion to speaking in absolutes...). The sensors talk over a private
network to a master server which processes all the data, which makes the IDS
system largely invisible, with a high degree of accuracy....
JCN
-----Original Message-----
From: Kim R. Suszczewicz [mailto:kimzzzPLANETZIGZAG.COM]
Sent: Wednesday, November 01, 2000 9:40 PM
To: FOCUS-IDSSECURITYFOCUS.COM
Subject: Re: IDS on switch with multiple VLANs
I am in a similar situation as Michael. Our 8,000 node network has slowly
migrated to a VLAN switched network with different subnets on each switch.
The internal sensor traffic has dwindled to a minimal level to only traffic
that hits back of our firewall. So now the internal sensor doesn't 'see'
the VLAN to VLAN traffic or traffic within a VLAN. It would seem to be cost
prohibitive to try and explain to the customer that they need an IDS sensor
on each switch. So I too would be interested in any other VLAN technical
solutions or success stories.
Regards,
Kimzzz
-----Original Message-----
From: Focus on Intrusion Detection Systems
[mailto:FOCUS-IDSSECURITYFOCUS.COM]On Behalf Of Michael Young
Sent: Wednesday, November 01, 2000 7:14 PM
To: FOCUS-IDSSECURITYFOCUS.COM
Subject: IDS on switch with multiple VLANs
I'm currently faced with the problem of implementing an IDS in an
environment where multiple VLANs from different subnets exist on a single
switch. Spanning port technology won't help, as you can only have 1
spanning port per switch, so only one VLAN gets the IDS. I've considered
agent-based network IDS, but wonder if the cost per host becomes
prohibitive at around 17,000 machines.
Is there a simple solution I'm missing?
- Next message: Todd Suiter: "Re: IDS on switch with multiple VLANs"
- Previous message: Drew Simonis: "Re: IDS on switch with multiple VLANs"
- Maybe in reply to: Michael Young: "IDS on switch with multiple VLANs"
- Next in thread: Steve England: "Re: IDS on switch with multiple VLANs"
- Maybe reply: North, Jason: "Re: IDS on switch with multiple VLANs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]