RE: Network Tappers
From: Andy Cuff (lists_at_securitywizardry.com)
Date: 10/05/04
- Previous message: James Riden: "Re: Snort"
- In reply to: Tim Hanekamp: "Network Tappers, IDS, etc."
- Next in thread: Shaw, Mark: "RE: Network Tappers, IDS, etc."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Tim Hanekamp'" <thanekamp@gmail.com>, <focus-ids@securityfocus.com> Date: Tue, 5 Oct 2004 19:10:27 +0100
Hi Tim,
There are many on the list better qualified than I to talk server specs with
you. But I have been down the same road as you regarding Taps, I have
compiled a list of every known tap including their capabilities here
http://securitywizardry.com/taps.htm
Another option to consider is to use your switches with a span/mirror port,
I've collated the syntax for configuring this in most of the popular
switches here http://securitywizardry.com/switch.htm
One very important consideration is what to do with the IDS once it is in,
how will you monitor it and react to what it throws up, I wrote an article
for Securityfocus on Deploying IDS, things have moved on since, but much of
it is still relevant http://www.securityfocus.com/infocus/1754
Regards
-andy cuff
The Talisker Network Security Portal
http://securitywizardry.com
Computer Network Defence Ltd
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
- Previous message: James Riden: "Re: Snort"
- In reply to: Tim Hanekamp: "Network Tappers, IDS, etc."
- Next in thread: Shaw, Mark: "RE: Network Tappers, IDS, etc."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
