Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security ISSForum
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ISSForum] Network sensor and clustering

from [Stephen Cooper] Network Security [Permanent Link]
Subject: Re: [ISSForum] Network sensor and clustering
Date: Tue, 02 Nov 2004 16:02:49 +0100 
Yes, we have.

However, you will run into the following issues

1. You will use the Switches SPAN capability to IDS, the network guys may 
disconnect you to do switch debugging with sniffers

2. Congestion and packet loss on the SPAN port. You may have to consider a 
Gigabit SPAN port and a Gigabit IDS sensor.

We solved it by using ethernet  taps on every main Switch interface and drawing 
traffic down to a dedicated smaller switch, which is connected to the IDS 
sensor.

Good luck.


"Aubin,Yves" <yves.aubin@surete.qc.ca> Wednesday 27, October, 2004 16:43:46 



Hi list,

 

We are currently looking at a solution that involves putting our
firewalls 

in cluster with 2 cisco switches, one for each firewall in the cluster
to 

create some load balancing at the same time.

We want to put the switches on a spanning tree and connect the
RealSecure 

Network Sensor on only 1 of those switches.

 

Has anybody ever attempted something like this, is this feasable and if
so 

is there any issues with the sensor!!!

 

Thanks

 

_______________________________________________
ISSForum mailing list
ISSForum@iss.net 

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum 

To contact the ISSForum Moderator, send email to mod-issforum@iss.net 

The ISSForum mailing list is hosted and managed by Internet Security Systems, 
6303 Barfield Road, Atlanta, Georgia, USA 30328.



Disclaimer

This e-mail message shall not be construed as legally binding on the Bank for 
International Settlements (BIS). As internet communications are not secure, the 
BIS does not accept responsibility for the content of this message.

This message is intended only for the recipient(s) named above. Any 
unauthorized disclosure, use or dissemination, either in whole or in part, of 
this message is prohibited. If you have received this message in error, please 
inform the sender immediately by return e-mail and delete this message and any 
attachments thereto from your system. 

Thank you for your co-operation.


_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security Systems, 
6303 Barfield Road, Atlanta, Georgia, USA 30328.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Re: [ISSForum] Network sensor and clustering, Stephen Cooper <=
Previous by Date:  [ISSForum] DB SR 1.3, Sergey V Soldatov
Next by Date:  Re: [ISSForum] DB SR 1.3, Kristof Philipsen
Previous by Thread:  [ISSForum] DB SR 1.3, Sergey V Soldatov
Next by Thread:  [ISSForum] Query Regarding RSKILL Option, priyank
Indexes:  [Date] [Thread] [Top] [All Lists]