IDS mailing list archives
Features of a Network IDS Tap
From: "Andy Cuff [Talisker]" <lists () securitywizardry com>
Date: Sun, 18 Jan 2004 19:49:08 -0000
Hi Folks, I'm currently working on updating all the network Taps on our site. I can't possibly list every product so I'm building a matrix for each vendor. As I see it the matrix should include 10/100/1000 Fiber and Copper but to add value I want to add features Do many members monitor DS3/E3/T3 ATM, Frame Relay etc for IDS? Those that I have this far are: In built full duplex traffic aggregation, where the output is already aggregated. Multiple aggregated outputs, multiple identical outputs allowing you to monitor with multiple IDS and/or protocol analyzers. Reset Injection inband. Allowing the IDS to inject resets into the network through the Tap Reset Injection Outband. A specific port from the Tap allowing you to send resets to another part of the network, I'm sure I read that one of the vendors was doing this. IPS Taps. Allowing traffic to be blocked by the IPS Fail Closed. When the Tap loses power or the IPS fails the network closes to allow traffic through Fail Open. When the Tap loses power or the IPS fails the network remains open. Can anybody think of any other useful features that I'm missing?? Vendors I have this far are Intrusion Network Critical Finisar formerly Shomiti Net Optics Datacom Systems http://www.securitywizardry.com/taps.htm Anyway, I hope the page will be of use to those of you looking to buy some taps this year take care -andy Talisker Security Tools Directory http://www.securitywizardry.com --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- Features of a Network IDS Tap Andy Cuff [Talisker] (Jan 19)