IDS on Switched Networks

From: Paul W. Stoecker, Ph.D. (
Date: 12/05/01

Date: Tue, 04 Dec 2001 20:55:55 -0500
From: "Paul W. Stoecker, Ph.D." <>


If you are on a switched network, do you have to place your NIDS sensor
in a location that can capture everything. For instance, my firewall is
connected into a router which contains all of my switches and acts as a
switch itself.

Do I have to put the sensor in the critical path? Does that mean that I
have to put a sensor on the Firewall, use another machine that is a
router, or do I need a hub for the sensor and firewall to share?

Your help is greatly appreciated.


Paul W. Stoecker, Ph.D
Network and Information Systems Manager
Checkpoint Certified Security Administrator
Panasonic Technologies Company
Two Research Way
Princeton, NJ  08540
Phone:  (609) 734-7584
FAX:	(609) 987-8827