RE: Network Tappers

From: Andy Cuff (lists_at_securitywizardry.com)
Date: 10/05/04

  • Next message: SecurIT Informatique Inc.: "Update : SIDTk 1.1"
    To: "'Tim Hanekamp'" <thanekamp@gmail.com>, <focus-ids@securityfocus.com>
    Date: Tue, 5 Oct 2004 19:10:27 +0100
    
    

    Hi Tim,
    There are many on the list better qualified than I to talk server specs with
    you. But I have been down the same road as you regarding Taps, I have
    compiled a list of every known tap including their capabilities here
    http://securitywizardry.com/taps.htm

    Another option to consider is to use your switches with a span/mirror port,
    I've collated the syntax for configuring this in most of the popular
    switches here http://securitywizardry.com/switch.htm

    One very important consideration is what to do with the IDS once it is in,
    how will you monitor it and react to what it throws up, I wrote an article
    for Securityfocus on Deploying IDS, things have moved on since, but much of
    it is still relevant http://www.securityfocus.com/infocus/1754

       Regards
       -andy cuff
    The Talisker Network Security Portal
    http://securitywizardry.com

    Computer Network Defence Ltd

    --------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
    --------------------------------------------------------------------------


  • Next message: SecurIT Informatique Inc.: "Update : SIDTk 1.1"