IDS mailing list archives
Re: Avoiding VLAN bridge with N-IDS?
From: Rodrigo Barbosa <rodrigob () suespammers org>
Date: Mon, 9 Aug 2004 17:05:27 -0300
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, Aug 09, 2004 at 07:31:54PM +0000, Chris Conacher wrote:
My understanding is that the deployment of N-IDS in a VLANd environment where the switch is spanned to enable a single N-IDS to sniff all VLAN traffic creates the risk that the IDS sensor can form a bridge to where someone can compromise the N-IDS machine and then use that to sniff all traffic or else move from VLAN to VLAN. Is there information on deploying N-IDS in switched and VLANd environments that do not require one N-IDS per VLAN and avoid the above risk if it does exist?
My suggestion would be use a "listen only" ethernet cable connection the N-IDS to the Switch, supposing that your network is ethernet based. []s - -- Rodrigo Barbosa <rodrigob () suespammers org> "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFBF9kHpdyWzQ5b5ckRAm4xAJ0eG4anI+0jb5V1sjfjXjxiZe2Q7gCfSxkj EvTFXQjvP9ao+EGJyg6V7JI= =Raqt -----END PGP SIGNATURE----- -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Avoiding VLAN bridge with N-IDS? Chris Conacher (Aug 09)
- Re: Avoiding VLAN bridge with N-IDS? Rodrigo Barbosa (Aug 09)
- Re: Avoiding VLAN bridge with N-IDS? ADT (Aug 10)
- Re: Avoiding VLAN bridge with N-IDS? Mike Frantzen (Aug 11)