OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: IDS on switch with multiple VLANs
From: Todd Suiter (toddSPACE4RENT.COM)
Date: Thu Nov 02 2000 - 13:30:54 CST

One of the things I am working on right now is spanning across our Gig distribution switches, and hanging another switch off of a spanned gig port. That way
I can add collectors to that switch, and make a "NIDS Fabric". Course, I'm
using Extreme switches, so it should work......t

On Thu, 2 Nov 2000, Drew Simonis wrote:

> "Kim R. Suszczewicz" wrote:
> >
> > I am in a similar situation as Michael. Our 8,000 node network has slowly
> > migrated to a VLAN switched network with different subnets on each switch.
> > The internal sensor traffic has dwindled to a minimal level to only traffic
> > that hits back of our firewall. So now the internal sensor doesn't 'see'
> > the VLAN to VLAN traffic or traffic within a VLAN. It would seem to be cost
> > prohibitive to try and explain to the customer that they need an IDS sensor
> > on each switch. So I too would be interested in any other VLAN technical
> > solutions or success stories.
> >
>
> Cisco makes a version of their IDS that fits into a slot on the
> Cat switch, if you are using that. It monitors traffic on the
> backplane, so there is no need for SPAN ports, and no worries
> about multiple VLANs. Other than this product, which I think presently
> only works with Cat6000s, I don't know of any other switch friendly
> IDS out there.
>
> (If you don't mind multiple IDS, I guess you could use something
> that tapped the wire instead of plugged into the port on the switch
> directly. Dragon (Security Wizards makes it, IIRC) uses an
> ethernet tap to gather data, so it works well in a switched network
> as well)
>