IDS mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Network Tappers

From: "Andy Cuff" <lists () securitywizardry com>
Date: Tue, 5 Oct 2004 19:10:27 +0100
Hi Tim,
There are many on the list better qualified than I to talk server specs with
you.  But I have been down the same road as you regarding Taps, I have
compiled a list of every known tap including their capabilities here 
http://securitywizardry.com/taps.htm

Another option to consider is to use your switches with a span/mirror port,
I've collated the syntax for configuring this in most of the popular
switches here http://securitywizardry.com/switch.htm

One very important consideration is what to do with the IDS once it is in,
how will you monitor it and react to what it throws up, I wrote an article
for Securityfocus on Deploying IDS, things have moved on since, but much of
it is still relevant http://www.securityfocus.com/infocus/1754


   Regards
   -andy cuff
The Talisker Network Security Portal
http://securitywizardry.com

Computer Network Defence Ltd



--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: