Great Circle Associates Firewalls
(December 1997)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Intrusion Detection - Switched Network
From: Paul Alukal <pva @ bluerose . tju . edu>
Date: Tue, 30 Dec 1997 11:02:24 -0500
To: firewalls @ GreatCircle . COM

Hello everyone,

I am interested in any feedback from users who use any type of
intrusion detection systems (commercial or others) on a switched
network.

The question is this. If the network is fully switched, how effective
is any intrusion detection system (without using an shared hub)? By
switched network, I mean each network device  is connected directly to
a port on a switch. The switch technology gives each port a different
virtual circuit through the switch (unlike a shared hub), that even
makes sniffing difficult (or impossible).

Some thoughts are to place the intrusion detection system near a choke
point (like a firewall), but this will still need some shared hub.
Installing any intrusion detection system on a firewall itself is out
of question (due to complexity).

Assuming the network will have ATM backbone with different VLAN's in
the network, we can think of an intrusion detection system with
multiple interfaces to each VLAN, still if the network is switched, how
effective will be the intrusion detection?

Is there any commercial (or other) system which is capable of doing a
true intrusion detection in these kind of situations?

Thanks in advance for any comments or suggestions.

Paul Alukal


Follow-Ups:
Indexed By Date Previous: Multicast forwarding
From: "Oleg V. Kozedub" <olegk @ vdo . net>
Next: Re: Intrusion Detection - Switched Network
From: "Paul D. Robertson" <proberts @ clark . net>
Indexed By Thread Previous: Multicast forwarding
From: "Oleg V. Kozedub" <olegk @ vdo . net>
Next: Re: Intrusion Detection - Switched Network
From: "Paul D. Robertson" <proberts @ clark . net>

Google
 
Search Internet Search www.greatcircle.com