IDS for small business

debug1022 · ‎07-10-2006

I am looking to setup an IDS for a small business ~30 workstations. I have used open source products in the past such as Snort/Acid/Sguil. I just need to have a port on the router/switch to receive all the packets on a certain network segment. I don't think that i need a $2000 device just to use port monitoring on a switch. Are there any economical product recommendations for a switch or a firewall/vpn with a "monitoring port"?

thanks.

thomas.chen · ‎07-14-2006

These links will help in configuring port monitoring in switches.

http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a008015c612.shtml

http://www.cisco.com/en/US/products/hw/switches/ps663/products_configuration_guide_chapter09186a008012236b.html

mahellma · ‎07-17-2006

Is there a way to set up a similar setup without wasting a switch to this. We currently run all our traffic through a Cisco 3600 and and then out through the firewall. So is it possible to set a port on the router to do the same as the switch monitoring port or do we have to get a switch in between the router and the firewall.

rhermes · ‎07-17-2006

If you're looking to get by with the least expense possible, you could use a plain old 10BaseT Broadcast Hub between your router and firewall. I assume that your internet access is DSL speeds or less, so the hub will not be a bottleneck. I havn't seen a good or easy way of using a router to copy traffic.

mahellma · ‎07-17-2006

Well the line is a 10Mbit and behind it is about 1500 workstations so I would not stick an old hub out there. But ok thanks you answered the questions. So I'll order a new switch.

The problem is the rackmounts are getting really crowded and the AC in the server room is working very hard during the summer so I was hoping I could avoid throwing another heat source and space taker in there.

Thanks anyway for the fast answer.