|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: IDS on switch with multiple VLANs
From: Scott Nursten (Scott.Nursten
STREETSONLINE.CO.UK)Date: Thu Nov 02 2000 - 13:44:45 CST
- Next message: MCKILLICAN, DONALD: "Re: host ids service"
- Previous message: Todd Suiter: "Re: IDS on switch with multiple VLANs"
- In reply to: Drew Simonis: "Re: IDS on switch with multiple VLANs"
- Next in thread: Danny Rodriguez: "Re: IDS on switch with multiple VLANs"
- Next in thread: Eckert, Brian: "Re: IDS on switch with multiple VLANs"
- Reply: Scott Nursten: "Re: IDS on switch with multiple VLANs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
The Cisco Catalyst 55xx series supports "port-flooding" from multiple
VLANS to one port provided they are all within one unit - ie you need
one IDS per Cat5k OR mulitple interfaces on the IDS, so that you can
connect to the flooded ports on more then one Cat.
Rgds,
Scott
Drew Simonis wrote:
>
> "Kim R. Suszczewicz" wrote:
> >
> > I am in a similar situation as Michael. Our 8,000 node network has slowly
> > migrated to a VLAN switched network with different subnets on each switch.
> > The internal sensor traffic has dwindled to a minimal level to only traffic
> > that hits back of our firewall. So now the internal sensor doesn't 'see'
> > the VLAN to VLAN traffic or traffic within a VLAN. It would seem to be cost
> > prohibitive to try and explain to the customer that they need an IDS sensor
> > on each switch. So I too would be interested in any other VLAN technical
> > solutions or success stories.
> >
>
> Cisco makes a version of their IDS that fits into a slot on the
> Cat switch, if you are using that. It monitors traffic on the
> backplane, so there is no need for SPAN ports, and no worries
> about multiple VLANs. Other than this product, which I think presently
> only works with Cat6000s, I don't know of any other switch friendly
> IDS out there.
>
> (If you don't mind multiple IDS, I guess you could use something
> that tapped the wire instead of plugged into the port on the switch
> directly. Dragon (Security Wizards makes it, IIRC) uses an
> ethernet tap to gather data, so it works well in a switched network
> as well)
-- Scott Nursten - Systems Administrator Streets Online Ltd.Business: +44 (0) 1293 402 040 Fax: +44 (0) 1293 402 050 Email: scottn
------------------------------------------------------------------- | "Facts do not cease to exist because they are ignored." | | Aldous Huxley | -------------------------------------------------------------------
- Next message: MCKILLICAN, DONALD: "Re: host ids service"
- Previous message: Todd Suiter: "Re: IDS on switch with multiple VLANs"
- In reply to: Drew Simonis: "Re: IDS on switch with multiple VLANs"
- Next in thread: Danny Rodriguez: "Re: IDS on switch with multiple VLANs"
- Next in thread: Eckert, Brian: "Re: IDS on switch with multiple VLANs"
- Reply: Scott Nursten: "Re: IDS on switch with multiple VLANs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]