Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: MPLS IDS question

from [Dobbelaere, David [NCSBE]] Network Security [Permanent Link]
Subject: RE: MPLS IDS question
Date: Tue, 12 Apr 2005 12:55:00 +0200 
Hi Pierre,

The MPLS tunnel gets terminated at the CE (Customer Entry) router.
If you put an NIDS/NIPS between your network and the CE then you don't need
any MPLS protocol decoder on your NIDS to monitor traffic in the tunnel.
On top you can enable IOS IDS feature set on the CE to be able to monitor
the traffic towards the CE itself.
I'm not an MPLS guru myself but this is the path I would follow unless you
really need to monitor in the MPLS tunnel for some reason.

rgdz,
Chewy


-----Original Message-----
From: Pierre A. Cadieux [mailto:hobbit@theshire.com] 
Sent: Monday, April 04, 2005 6:50 PM
To: focus-ids@securityfocus.com
Subject: MPLS IDS question

Hello List,

I was wondering if anyone has yet had the pleasure of rolling out an IDS to
an MPLS environment?

At this point it looks as if MPLS is one of the networking directions being
used within my work environment, and I was hoping that someone has already
tackled or at least identified any issues that should be considered when
planning IDS deployment to monitor MPLS.

I am not an MPLS expert, so just getting started with understanding what it
is and does/does not provide as far as complexity.

Any insight is appreciated.

->Pierre A. Cadieux CISSP


--------------------------------------------------------------------------
Stop hurting your network!
 
The NeVO passive vulnerability sensor continuously finds vulnerabilities,
applications and new hosts without the need for network scanning. 
It also finds compromised systems with application-based intrusion
detection. 
Go to http://www.tenablesecurity.com/products/nevo.shtml to learn more.
--------------------------------------------------------------------------

--------------------------------------------------------------------------
Stop hurting your network!
 
The NeVO passive vulnerability sensor continuously finds vulnerabilities, 
applications and new hosts without the need for network scanning. 
It also finds compromised systems with application-based intrusion
detection. 
Go to http://www.tenablesecurity.com/products/nevo.shtml to learn more.
--------------------------------------------------------------------------




--------------------------------------------------------------------------
Stop hurting your network!
 
The NeVO passive vulnerability sensor continuously finds vulnerabilities, 
applications and new hosts without the need for network scanning. 
It also finds compromised systems with application-based intrusion detection. 
Go to http://www.tenablesecurity.com/products/nevo.shtml to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  New Honeynet Project SotM Challenge #34, Anton A. Chuvakin
Next by Date:  IDS PhD resarch query, secure knowledge
Previous by Thread:  RE: MPLS IDS question, Gary Halleen
Next by Thread:  Re: MPLS IDS question, David W. Goodrum
Indexes:  [Date] [Thread] [Top] [All Lists]