I have got at work this sensor with two interfaces only, I have been asked to
check that
IDSWORK# show version
Application Partition:
Cisco Systems Intrusion Detection Sensor, Version 4.1(1)S47
OS Version 2.4.18-5smpbigphys-4215
Platform: IDS-4215
one interface which is Ethernet 0 (not FastEthernet) connected to switch in
DMZ , and Ethernet 1 connected to switch 4005,,,,logically I have to monitor
DMZ zone not switch 4005 (since I have got only two interfaces, my
case),,,Am I right ?
That means Ethernet 0 should be for sniffing (monitoring)since it is
connected to DMZ,and interface 1 for command and control since it is
connected to 4005 switch, but according to cisco specification
http://cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a008055df7d.html#wp1051279
Table 5-2
FastEthernet0/0: Interfaces Supporting Inline VLAN Pairs (Sensing Ports)
FastEthernet0/1: Interfaces Not Supporting Inline (Command and Control Port)
Note: Cisco has mentioned FastEthernet, the one that I have got Ethernet
,,,,does make any difference ?
Since I have not done that configuration , it has been done by some one
else, do I need to change that ?
--
View this message in context:
http://www.nabble.com/IDS-4215%2C-right-place-for-a-sniffing-interface-%28DMZ-or-LAN%29-tf2718902.html#a7580962
Sent from the IDS (Intrusion Detection System) mailing list archive at
Nabble.com.
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
