IDS and Network Taps - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: IDS and Network Taps

  1. #11
    Junior Member
    Join Date
    Jun 2005
    Posts
    16
    http://www.netoptics.com/products/pr...mily.asp?cid=1 All these are good, get the 10 GigaBit SR to LR Tap and tell us it's tiny and cheap looking Seriously don't be fooled by looks at all, they work as advertised. In hardcore installs I still prefer mirroring the ports to an IDS as has been mentioned previously.
    sudo

  2. #12
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    What kind of performance hit do you see on your core routers when you turn on mirror ports?
    Hardly noticable.

    Also, I think network taps are actually a better choice over this suggestion:

    Quote:
    At least with mirror ports, if your IDS starts dropping packets (because it can't keep up) you're not going to impact business operations and you're not going to impact connection speed.
    For me spanning ports are better because I don't like adding additional hardware when I can meet the requirement with existing gear. Less stuff added means less stuff breaks which means less stuff to support. Also, the impact is not significant so it makes no sense for me to buy yet another appliance.

    A tap would perform better than a span port because of the performance hit (I'd like your opinion) which "wouldn't effect operations". Taps being layer 1, no processing is involved.
    This is a *huge* generalization. Many variables contribute to resources used, even at layer 1. Things like, how many ports you're spanning, which IOS/firmware rev you have, the amount of traffic, etc.

    In my case, I span a single port that all traffic must route through. Given my device, IOS and through put, the impact is not significant.

    Now all that is to question is the physical reliability of network taps, which yes, scares the **** out of me. But the benefits of them seem to outweigh the downsides. And, I will have trouble upgrading core routers.
    Again, requirements drive your choices. In my case, buying a tap makes no sense at all.

    --Th13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  3. #13
    Senior Member
    Join Date
    Jul 2001
    Posts
    343
    This will work and will not cost an arm and a leg like gas...

    www.ipcop.org
    Franklin Werren at www.bagpipes.net
    Yes I do play the Bagpipes!

    And learning to Play the Bugle

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides