RE: Use of Taps for IDS
From: Clement-Evans, Rhys (Rhys.Clement-Evans@swisslife.co.uk)Date: 12/20/01
- Previous message: renqun@netstd.com: "IDS&firewall"
- Maybe in reply to: rob@puparoo.org: "Use of Taps for IDS"
- Next in thread: Jonkman, Matthew A.: "RE: Use of Taps for IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Clement-Evans, Rhys" <Rhys.Clement-Evans@swisslife.co.uk> To: Date: Thu, 20 Dec 2001 10:18:12 -0000
When I was investigating securing my IDS system by use of taps, I considered
making a read-only cable for the simplest solution (well ok, the simplest
solution would have been to not bind any protocols to the IDS interface).
Investigation showed that there was the potential for the intermediate
hub/switch to deactivate the port used, as the relevant 'incoming' wires
would be disconnected. I suspect that this is more something to be aware of
with the higher end hubs and switches, but can anyone advise whether this is
a real concern or just clever marketing on the part of tap manufacturers?
Regards,
Rhys
-----Original Message-----
From: Frank Knobbe [mailto:FKnobbe@KnobbeITS.com]
Sent: 20 December 2001 06:48
To: 'Scott C. Kennedy'
Cc: rob@puparoo.org; focus-ids@securityfocus.com
Subject: RE: Use of Taps for IDS
A cheap 4 port NetGear hub makes a good tap. For larger settings,
where you'd want to combine several segments, a professional
tap/switch would be better. But for one or two segments (with two
hubs and two NICs in the IDS), a cheap NetGear-hub-ro-cable solution
is pretty effective. I like to keep the bandwidth per sensor
manageable to prevent IDs overload and rather set up multiple IDS's
if bandwidth requires it.
Swiss Life (UK) plc
Group Risk Provider of the Year 2001 - Professional Pensions Magazine
Best Individual Income Protection Provider 2001 - Health Insurance Magazine
Best Group Critical Illness Provider 2001 - Health Insurance Magazine
Visit our Website at www.swisslife.co.uk
Swiss Life (UK) plc (Reg No 2529609), Registered Address:- Swiss Life House, 24 - 26 South Park, Sevenoaks, Kent TN13 1BG England. Swiss Life (UK) Services Ltd (Reg No 844703) and Interact Health Management Ltd (Reg No 1009752) also have their registered office at the address above. All three companies are incorporated in England. Swiss Life (UK) plc for insurance and pension products and Swiss Life (UK) Services Ltd, marketing associate, are regulated by the Financial Services Authority and are members of the Swiss Life (UK) Marketing Group.
Please note: This e-mail and any attachments are confidential. They may contain privileged information and are intended for the named addressee(s) only. They must not be distributed without our consent. If you are not the intended recipient, please notify the sender immediately and destroy this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Unless expressly stated, opinions in this e-mail are those of the individual sender, and not of Swiss Life (UK) plc. Swiss Life (UK) plc intercept and monitor incoming / outgoing e-mail and you should neither expect or intend any e-mail to be private in nature. Telephone calls may be monitored and recorded. Any attachments to this message have been checked for viruses, but please rely on your own virus checker and procedures as we do not accept responsibility for any loss or damage caused to your computer systems.
- Previous message: renqun@netstd.com: "IDS&firewall"
- Maybe in reply to: rob@puparoo.org: "Use of Taps for IDS"
- Next in thread: Jonkman, Matthew A.: "RE: Use of Taps for IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
