TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ----------------------------------------------------------------------------
Chan, Regarding the Taps - it very much depends whether you use a copper or fibre tap .. a copper one has two ports in and two ports out .. so you do need two NICS in the nIDS, which is pretty much impossible with today's sensors - esp. if your bandwidth is high (you could use one of our IDS Balancers though ;-) However if you use a fibre tap it all gets a lot easier - as a fibre tap only has one port with both RX & TX traffic down which all tapped traffic goes - so you can connect it straight to a nIDS. Regarding the kills, depending on where you decided to inject them, and how you configure your policy .. a 100MB NIC should be fine (if you are generating over 100MB per second of kills, you have something VERY wrong !), and then a forth NIC would connect you back to the Event collector Hope that helps Simon ________________________________________________ Simon Edwards Technical Evangelist Top Layer Networks US Office : + 1 508 870 1300 (x230) US Mobile : + 1 617 953 8764 UK Office : + 44 1252 748509 UK Mobile : + 44 7971 959170 www: www.TopLayer.com email: [EMAIL PROTECTED] "Perfecting the Art of Network Security" ---------------------------------------------------------------------------- -------- -----Original Message----- From: Chan Kien Eng [mailto:[EMAIL PROTECTED]] Sent: 13 August 2002 23:42 To: [EMAIL PROTECTED] Subject: Realsecure NS 7.0 Gigabit TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ---------------------------------------------------------------------------- Hi all, Need advice here.... Lets say I have a scenario where all the servers in DMZ that are connected to a gigabit switch. The GE switch is connected to a Firewall GE port. I want to monitor the traffic between goes to the DMZ. So placing a GE NS7.0 will be the solutions. But, I'm not sure how the deployment will be. First, I don't think Port mirror a GE switch will work since the traffic will be extremely high. Placing a HUB between the Firewall and GE switch won't solve the issue also because the I don't think the HUB can handle so huge traffic flows. So, the other solution that I can think of is to use the GE network Taps to taps the traffic. Now the questions, if using Taps, is that mean need to have 2 GE NIC on the NS for monitoring the TX and RX, I 100Mbs NIC to connect to the secure LAN where the console is and 1 more GE NIC to send the kill. Will this idea work? May be some of u guy has better idea? Thanks.... ******************************************* Chan Kien Eng Security Consultant Evolution Security Solutions Sdn. Bhd. 15.09 Signature Office The Boulevard, Mid Valley City 59200 Kuala Lumpur. Email: [EMAIL PROTECTED] Tel: 603-22879939 Ext 110 Fax: 603-22879929 "Make it works, make it better" ********************************************
