TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
I assume you would not recommend using a hub for performance reasons?? If
we use the
network tap approach, do you know of particular hardware vendors that are
recommended?
Brian Laing wrote:
>
> Istvan,
>
> To implement IDS into a switched environment careful attention
needs to be
> spent examining the flow of traffic, and once that is known more time
spent
> on how much of that traffic you wish to see. Once you know that where to
> place the IDS is much simpler.
> The main targets points for monitoring in a switched environment,
are
> between switches, routers and individual machines. You can use any of the
> following methods to monitor these connections. If your switch supports
> mirroring or spanning of ports you can copy the traffic from the target
port
> to your IDS on another port. Another solution is the use of network taps.
> A tap is a hardware device that can be inserted between two connections,
and
> copy the traffic off to your IDS. You could also use a Hub instead of a
tap
> in some solutions but I would not recommend it.
>
> Brian
--------------------------------------------------------
Ray Honeycutt 919.779.3055 Voice
President 919.779.3464 Fax
HCS Systems Inc. www.hcssystems.com
4470 Zacks Mill Rd. [EMAIL PROTECTED]
Angier NC 27501, USA
