AW: IDS in a loadbalanced Network

["Barthel, Frank" <Frank.Barthel () t-systems com>]

Hi Jan

have you thought about plugging in a IDSM-2 from Cisco in your Cat6509?
In an architecture you have this is the only way to do IPS on the backplane with wirespeed.

Remember:
A span-port only allows IDS and who wants to implement an ids in the year 2006?
And a span-port can only carry 1Gig. But the backplane througput of a cat6509 should be more than a gig,

Regards from Germany

Frank Barthel


> -----Ursprüngliche Nachricht-----
> Von: Scholten, Jan [mailto:jan.scholten () siemens com] 
> Gesendet: Donnerstag, 7. September 2006 12:27
> An: focus-ids () securityfocus com
> Betreff: IDS in a loadbalanced Network
>
> Hi!
>
> While searching for a matching IDS I encountered some problems.
>
> Having a network structure with lots of seperate Vlans and/or 
> DMZs networks, i am wondering what is the best way to place 
> an IDS in a redundant L3Switch/router (C6506/7300) with HSRP 
> and PortChannel Loadbalancing for Vlans. 
> Is there a bestpractice how to place an ids in a vlan, using 
> a span port on each of the devices (running in 
> active/active), or is there a better solution?
>
> Regards from Germany
> Jan Scholten 
>
>
> --------------------------------------------------------------
> ----------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world 
> attacks from CORE IMPACT.
> Go to 
> http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
> --------------------------------------------------------------
> ----------

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------