Re: Avoiding VLAN bridge with N-IDS?

[Rodrigo Barbosa <rodrigob () suespammers org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, Aug 09, 2004 at 07:31:54PM +0000, Chris Conacher wrote:
> My understanding is that the deployment of N-IDS in a VLANd environment 
> where the switch is spanned to enable a single N-IDS to sniff all VLAN 
> traffic creates the risk that the IDS sensor can form a bridge to where 
> someone can compromise the N-IDS machine and then use that to sniff all 
> traffic or else move from VLAN to VLAN.
>
> Is there information on deploying N-IDS in switched and VLANd environments 
> that do not require one N-IDS per VLAN and avoid the above risk if it does 
> exist?

My suggestion would be use a "listen only" ethernet cable connection
the N-IDS to the Switch, supposing that your network is ethernet based.

[]s

- -- 
Rodrigo Barbosa <rodrigob () suespammers org>
"Quid quid Latine dictum sit, altum viditur"
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFBF9kHpdyWzQ5b5ckRAm4xAJ0eG4anI+0jb5V1sjfjXjxiZe2Q7gCfSxkj
EvTFXQjvP9ao+EGJyg6V7JI=
=Raqt
-----END PGP SIGNATURE-----

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------