mwlalexMAGIX.COM.SG

• Next message: Frank Knobbe: "Re: Gigabit IDS solutions"
• Previous message: Erik Engberg: "Re: Gigabit IDS solutions"
• In reply to: Eckert, Brian: "Re: IDS on switch with multiple VLANs"
• Next in thread: North, Jason: "Re: IDS on switch with multiple VLANs"
• Reply: Maddy: "Re: IDS on switch with multiple VLANs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Another more practical approach would be to firstly deploy IDS only in
sensitive VLANs and secondly monitor only the choke points in your
network. That could reduce the needs for multiple spanning ports per
switch.

Just my 2 cts worth. :)

"Eckert, Brian" wrote:
>
> You might want to look into Ethernet Taps. eTaps cost from $400 to $600
> each.
>
> thx...b
>
> Brian W. Eckert
> AT&T Wireless Services
> NDCO Security Project Manager
> (o)214.547.2191
> (c)214.213.8981
> (f)214.547.2290
> brian.eckertattws.com
>
> -----Original Message-----
> From: Michael Young [mailto:mikeutopia2.com]
> Sent: Wednesday, November 01, 2000 6:14 PM
> To: FOCUS-IDSSECURITYFOCUS.COM
> Subject: IDS on switch with multiple VLANs
>
> I'm currently faced with the problem of implementing an IDS in an
> environment where multiple VLANs from different subnets exist on a single
> switch. Spanning port technology won't help, as you can only have 1
> spanning port per switch, so only one VLAN gets the IDS. I've considered
> agent-based network IDS, but wonder if the cost per host becomes
> prohibitive at around 17,000 machines.
>
> Is there a simple solution I'm missing?

• Next message: Frank Knobbe: "Re: Gigabit IDS solutions"
• Previous message: Erik Engberg: "Re: Gigabit IDS solutions"
• In reply to: Eckert, Brian: "Re: IDS on switch with multiple VLANs"
• Next in thread: North, Jason: "Re: IDS on switch with multiple VLANs"
• Reply: Maddy: "Re: IDS on switch with multiple VLANs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]