IDS on Switched Networks

From: Paul W. Stoecker, Ph.D. (stoeckp@research.panasonic.com)
Date: 12/05/01


Date: Tue, 04 Dec 2001 20:55:55 -0500
From: "Paul W. Stoecker, Ph.D." <stoeckp@research.panasonic.com>
To: focus-ids@securityfocus.com

Folks,

If you are on a switched network, do you have to place your NIDS sensor
in a location that can capture everything. For instance, my firewall is
connected into a router which contains all of my switches and acts as a
switch itself.

Do I have to put the sensor in the critical path? Does that mean that I
have to put a sensor on the Firewall, use another machine that is a
router, or do I need a hub for the sensor and firewall to share?

Your help is greatly appreciated.

Paul

-- 
Paul W. Stoecker, Ph.D
Network and Information Systems Manager
Checkpoint Certified Security Administrator
Panasonic Technologies Company
Two Research Way
Princeton, NJ  08540
Phone:  (609) 734-7584
FAX:	(609) 987-8827