Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Shomiti Taps, Cisco Port Mirroring and IDS

From: Roelof JT Jonkman <roel () SiliconDefense com>
Date: Fri, 04 Jan 2002 10:46:54 -0800
Don,


Original
  Router-----Firewall
After
  Router----<P 1> Century TAP <Port 2>---Firewall
                  |         |
                 <P 3>    <P 4>
The vendors advised me that for the other 2 ports, I
was told that each port mirrored out one direction
flow. Eg. Router --->Firewall for Port 3 and 
Firewall---> Router for Port 4.

 From the looks of things I would have to connect both

Port 3 and 4 to another Hub and plugging an network
IDS into that hub.


If the effective bandwidth between the router and the firewall doesn't
exceed the bandwidth of a the hub. IOW the aggregate of
the flow from the router to the firewall and the flow from the
firewall to the router can not exceed the bandwidth of the hub,
otherwise you're loosing packets in the hub.

If the aggregate exceeds the bandwidth of the hub, there are
various solutions, depending on the abilities of the IDS,
you can stick two interfaces in the IDS. And then there is
propably a variety of solutions with switches and port mirroring
that you can do. (Although those switches tend to get expensive.)



Roel Jonkman
Security Engineer
http://www.SiliconDefense.com


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: