I am interested in any feedback from users who use any type of
intrusion detection systems (commercial or others) on a switched
The question is this. If the network is fully switched, how effective
is any intrusion detection system (without using an shared hub)? By
switched network, I mean each network device is connected directly to
a port on a switch. The switch technology gives each port a different
virtual circuit through the switch (unlike a shared hub), that even
makes sniffing difficult (or impossible).
Some thoughts are to place the intrusion detection system near a choke
point (like a firewall), but this will still need some shared hub.
Installing any intrusion detection system on a firewall itself is out
of question (due to complexity).
Assuming the network will have ATM backbone with different VLAN's in
the network, we can think of an intrusion detection system with
multiple interfaces to each VLAN, still if the network is switched, how
effective will be the intrusion detection?
Is there any commercial (or other) system which is capable of doing a
true intrusion detection in these kind of situations?
Thanks in advance for any comments or suggestions.