I believe that the issues are that:
1. With a switch the IDS cannot see the traffic on the other ports.
You can watch other hosts traffic by port monitoring or spanning.
This can be worked around on Cisco switches by spanning other
ports (CAT 5500) or monitoring ports (CAT 2900). On the 2900
you can't monitor across VLANs. So if you have three VLANs and
you want to monitor every port, you would need 3 IDS's.
I am not sure if a CAT 5500 can span across VLANs.
Some switch makers don't have a spanning or port monitoring option.
In this case you'd need a hub.
2. More dropped packets by the IDS in a switched environment.
I am fairly new to IDS implementation but these the are issues I've
had to deal with. Personally, I'd try and make it work on a
switch. Putting a hub between a router and switch is not
ideal. It could add some latency and it is another point
of failure.
My 2 cents. Hope it helps -Art
At 10:02 AM 11/15/99 +1100, you wrote:
>
>Hi,
>
>I'm just wondering Why IDS equipment must be connected to a hub and cannot
>be connected to a switch?
>
>My understanding of IDS is working at Network layer, so what's
>differences of using a hub or a switch with IDS in a FW environment?
>
>Can anyone point me to a right direction?
>
>Cheers
>
>YY
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
>
===========================================
Art Coble
Lucent - Netcare Professional Services
Senior Network Consultant
Email: [EMAIL PROTECTED]
Page: 800 INS 1 INS
=============================================
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
