RE: Use of Taps for IDS

From: Jason Baeder (jason_baeder@yahoo.com)
Date: 02/28/02


Date: Thu, 28 Feb 2002 10:43:17 -0800 (PST)
From: Jason Baeder <jason_baeder@yahoo.com>
To: focus-ids@securityfocus.com

To bring the conversation back to IDS: if the "switching-hub" operates
at Layer 3 how you gonna make it work with an IDS sensor which
traditionally has no IP on the interface that receives data (usually in
promiscuous mode)? And the analyze ports from the taps don't have IP
addresses either, for that matter.

After talking with Greg Shipley on the phone about this very same
subject nearly a year ago I began on using taps with Cisco Catalyst
2924 (now 295x). The ability to put several taps on the same switch,
each isolated to its own VLAN, each reporting data to its own sensor
(on its own monitor port) is well worth the additional expense.

Just my $.02

Jason Baeder

__________________________________________________
Do You Yahoo!?
Yahoo! Greetings - Send FREE e-cards for every occasion!
http://greetings.yahoo.com