IDS 4215, right place for a sniffing interface (DMZ or LAN)

[zillah <saadelias () hotmail com>]

I have got at work this sensor with two interfaces only, I have been asked to
check that

IDSWORK# show version
Application Partition:
Cisco Systems Intrusion Detection Sensor, Version 4.1(1)S47

OS Version 2.4.18-5smpbigphys-4215
Platform: IDS-4215

one interface which is Ethernet 0 (not FastEthernet) connected to switch in
DMZ , and Ethernet 1 connected to switch 4005,,,,logically I have to monitor
DMZ zone not switch 4005 (since I have got only two interfaces, my
case),,,Am I right ?

That means Ethernet 0 should be for sniffing (monitoring)since it is
connected to DMZ,and interface 1 for command and control since it is
connected to 4005 switch, but according to cisco specification

http://cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a008055df7d.html#wp1051279


Table 5-2

FastEthernet0/0: Interfaces Supporting Inline VLAN Pairs (Sensing Ports)

FastEthernet0/1: Interfaces Not Supporting Inline (Command and Control Port)

Note: Cisco has mentioned FastEthernet, the one that I have got Ethernet
,,,,does make any difference ?

Since I have not done that configuration , it has been done by some one
else, do I need to change that ?
-- 
View this message in context: 
http://www.nabble.com/IDS-4215%2C-right-place-for-a-sniffing-interface-%28DMZ-or-LAN%29-tf2718902.html#a7580962
Sent from the IDS (Intrusion Detection System) mailing list archive at Nabble.com.


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------