IDS mailing list archives
Avoiding VLAN bridge with N-IDS?
From: "Chris Conacher" <chris_conacher () hotmail com>
Date: Mon, 09 Aug 2004 19:31:54 +0000
My understanding is that the deployment of N-IDS in a VLANd environment where the switch is spanned to enable a single N-IDS to sniff all VLAN traffic creates the risk that the IDS sensor can form a bridge to where someone can compromise the N-IDS machine and then use that to sniff all traffic or else move from VLAN to VLAN.
Is there information on deploying N-IDS in switched and VLANd environments that do not require one N-IDS per VLAN and avoid the above risk if it does exist?
Thanks Chris _________________________________________________________________Want to block unwanted pop-ups? Download the free MSN Toolbar now! http://toolbar.msn.co.uk/
-------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Avoiding VLAN bridge with N-IDS? Chris Conacher (Aug 09)
- Re: Avoiding VLAN bridge with N-IDS? Rodrigo Barbosa (Aug 09)
- Re: Avoiding VLAN bridge with N-IDS? ADT (Aug 10)
- Re: Avoiding VLAN bridge with N-IDS? Mike Frantzen (Aug 11)