Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Auto-sensing for IPS devices

from [Sap .] Network Security [Permanent Link]
Subject: Re: Auto-sensing for IPS devices
Date: Fri, 16 Sep 2005 09:14:15 -0700 
Auto-Negotiation is essential in larger networks. When you are talking
about 1000's of switch ports and PC's connecting/disconnecting
constantly (think public campus) how could you ever enforce a rule
like "OK, Set your NIC to 100/Full before you connect".

However for servers I believe it is a best practice to manually set
the ports at whatever they need to be.

Sap

On 9/15/05, McKinley, Jackson <Jackson.McKinley@team.telstra.com> wrote:

I agree with Lachlan.
Auto neg is the best bet in larger networks I find from personal
experience.  I cant count the number of times ive seen Foundry and cisco
miss-match when attempting to auto neg.  Working from past exp when a
customer plugs into your network with a "no brand" switch / device
(Think colo datacentre's) the first thing I always looked for was stupid
MTU settings and duplex miss-match.

Altho in a nice all cisco or all foundry or all
whateverotherbrandyoulike enviroment im sure auto neg would work much
better.  Ive just never had the pleasure of working in a centre like
that ;) hahaha

Cheers,

Jack.

-----Original Message-----
From: Joel M Snyder [mailto:Joel.Snyder@Opus1.COM]
Sent: Thursday, 15 September 2005 4:36 PM
To: Lachlan Bowes
Cc: focus-ids@securityfocus.com
Subject: Re: Auto-sensing for IPS devices

I disagree that it is *always* a good idea.  I think that it's
*occasionally* a good idea.  Either the standard for auto-sensing works
or it doesn't.  If you have defective hardware that doesn't work right,
then it's better to know about it than to patch around the problem---are
you going to set every single port on a flakey switch?  Or should you
get rid of the switch?

However, if you decide that it *is* a good idea, just a reminder that
you MUST set BOTH speed and duplex settings and you MUST set BOTH
settings on BOTH sides.  There is no concept in 802.3 of having only one
side autonegotiate and 'learn' what the other side wants.

If you take one side out of auto-negotiate mode and hard code a
speed/duplex setting, the other side has no way of figuring out what you
did.

I have seen people who think that they're making things more reliable
actually break their networks by only setting one side of the connection
and assuming that the other will follow along magically.

jms

--
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Phone: +1 520 324 0494 (voice)  +1 520 324 0495 (FAX)
jms@Opus1.COM    http://www.opus1.com/jms    Opus One

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------




------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Auto-sensing for IPS devices, McKinley, Jackson
Next by Date:  Re: Snort and Nessus Signature, barcajax
Previous by Thread:  RE: Auto-sensing for IPS devices, McKinley, Jackson
Next by Thread:  Re: Auto-sensing for IPS devices, djmeier
Indexes:  [Date] [Thread] [Top] [All Lists]