IDS mailing list archives
RE: Network Tappers
From: "Andy Cuff" <lists () securitywizardry com>
Date: Tue, 5 Oct 2004 19:10:27 +0100
Hi Tim, There are many on the list better qualified than I to talk server specs with you. But I have been down the same road as you regarding Taps, I have compiled a list of every known tap including their capabilities here http://securitywizardry.com/taps.htm Another option to consider is to use your switches with a span/mirror port, I've collated the syntax for configuring this in most of the popular switches here http://securitywizardry.com/switch.htm One very important consideration is what to do with the IDS once it is in, how will you monitor it and react to what it throws up, I wrote an article for Securityfocus on Deploying IDS, things have moved on since, but much of it is still relevant http://www.securityfocus.com/infocus/1754 Regards -andy cuff The Talisker Network Security Portal http://securitywizardry.com Computer Network Defence Ltd -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Network Tappers, IDS, etc. Tim Hanekamp (Oct 04)
- RE: Network Tappers Andy Cuff (Oct 05)
- <Possible follow-ups>
- RE: Network Tappers, IDS, etc. Shaw, Mark (Oct 07)