Hi all, I'm doing some preliminary planning for a security configuration, and I have what may be a silly question about setting up an IDS. I looked around a bit, and even asked a couple people (who laughed, but it didn't sound like it was because the question was silly, more of a 'good luck' kind of laugh..) My problem is that a couple of my networks involve switches, which, as part of the new and improved security policy, will involve VLANs. I could throw the IDS on a hub with the firewall and connect that to the switch, but that doesn't do anything for internal threats (which are what is necessitating the VLANs.) Has anyone figured out a good way to set something like this up? Ideally, some switch manufacturer would have thought of this ahead of time, and made a port on the switch that dumped all the packets, but then you're dealing with packet loss unless that one port is significantly faster than the rest of the switch. I could try to figure out some policy based configuration, but I don't want to go buy a gigabit plane for each of my switches, and it doesn't sit right with me to depend on the switch management elements for the completeness of my security data. Any responses would be appreciated. -Matt
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:32:39 PDT