NIDS in switched environments

[counter.spy () gmx de]

Alright, since it's one of my favorate topics, and since I have found that
questions regarding this topic are being asked with rising frequency, the
following might be of interest for many of you :)

Simon Edwards of Toplayer Networks has published an excellent paper on
toplayer.com:
"Vulnerabilities of Network Intrusion Detection Systems: Realizing and
Overcoming the Risks"
See www.toplayer.com in the "whitepapers" section.

(note: I am in no way affiliated with or sponsored by Toplayer Networks ;-)
)

In this paper Mr. Edwards adresses most of the problems that security staff
will 
encounter when deploying NIDS in highly switched environments, e.g. switch
port mirroring drawbacks, split up datastreams (they call it flows) when using
network taps etc...

Those topics will also be covered by my technical paper which will come out
by September.

Regarding network taps, Jeff Nathan's nifty tapping diagrams are available
for download on the snort.org website.

Greetings,
Detmar

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net


_______________________________________________________________
Hundreds of nodes, one monster rendering program.
Now that's a super model! Visit http://clustering.foundries.sf.net/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users