TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
Performance is part of the problem, the performance hit comes in from all
the collisions the hub adds to the equation. The main reason however is I
have scene people create some serious routing issues when then use hub, by
using one hub to patch 2 connections, and they wonder why their network
utilization skyrockets.
Brian
-----Original Message-----
From: Ray Honeycutt (HCS) [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 03, 1999 9:47 PM
To: [EMAIL PROTECTED]
Cc: Tak�cs Istv�n; [EMAIL PROTECTED]
Subject: Re: Switched network
I assume you would not recommend using a hub for performance reasons?? If
we use the
network tap approach, do you know of particular hardware vendors that are
recommended?
Brian Laing wrote:
>
> Istvan,
>
> To implement IDS into a switched environment careful attention
needs to be
> spent examining the flow of traffic, and once that is known more time
spent
> on how much of that traffic you wish to see. Once you know that where to
> place the IDS is much simpler.
> The main targets points for monitoring in a switched environment,
are
> between switches, routers and individual machines. You can use any of the
> following methods to monitor these connections. If your switch supports
> mirroring or spanning of ports you can copy the traffic from the target
port
> to your IDS on another port. Another solution is the use of network taps.
> A tap is a hardware device that can be inserted between two connections,
and
> copy the traffic off to your IDS. You could also use a Hub instead of a
tap
> in some solutions but I would not recommend it.
>
> Brian
--------------------------------------------------------
Ray Honeycutt 919.779.3055 Voice
President 919.779.3464 Fax
HCS Systems Inc. www.hcssystems.com
4470 Zacks Mill Rd. [EMAIL PROTECTED]
Angier NC 27501, USA
