Announcement

Collapse
No announcement yet.

Does anybody actually use the "port-mirroring" feature on switches?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Does anybody actually use the "port-mirroring" feature on switches?

    Does anybody actually use the "port-mirroring" feature on switches? It's meant to be some sort of security feature right?

  • #2
    Yes, it's used when troubleshooting network related problems.

    Comment


    • #3
      ok thanks. So it's used for troubleshooting. It is used as a security feature?

      Comment


      • #4
        It's useful in any scenario where you need to inspect traffic flowing between other ports on the same switch, such as when you install an IDS.

        So yes, it's commonly used as a security feature in the sense that it can be part of a monitoring system.

        Comment


        • #5
          But is an IDS not a thing of the past now with modern firewalls?

          Comment


          • #6
            Absolutely not. IDS stands for 'intrusion detection system', and does just what it says. Any hardware or software created by one person to control access in or out of a network can eventually be cracked/broken by someone else (with a lot of computing power helping, of course!) You use the IDS to help you identify any attempts or successes at bypassing the firewall security. If the firewall itself is breached, it's own IDS reporting is now suspect since it's all in the same device. The better security models never rely on just 1 piece of kit or software package for their protection--the more varied plans you use, the more difficult it is to defeat. As the old saying goes-never put all of your eggs in one basket. Rely on one security measure, and when it fails you're totally exposed. Obviously there are trade-offs between risk and cost and complexity when planning how you protect your resources, but that's what management gets paid for--to take make those decisions and take the heat when they're wrong.
            *RicklesP*
            MSCA (2003/XP), Security+, CCNA

            ** Remember: credit where credit is due, and reputation points as appropriate **

            Comment


            • #7
              Originally posted by RicklesP View Post
              Absolutely not. IDS stands for 'intrusion detection system', and does just what it says. Any hardware or software created by one person to control access in or out of a network can eventually be cracked/broken by someone else (with a lot of computing power helping, of course!) You use the IDS to help you identify any attempts or successes at bypassing the firewall security. If the firewall itself is breached, it's own IDS reporting is now suspect since it's all in the same device. The better security models never rely on just 1 piece of kit or software package for their protection--the more varied plans you use, the more difficult it is to defeat. As the old saying goes-never put all of your eggs in one basket. Rely on one security measure, and when it fails you're totally exposed. Obviously there are trade-offs between risk and cost and complexity when planning how you protect your resources, but that's what management gets paid for--to take make those decisions and take the heat when they're wrong.
              Ok thanks Rickles. What would be an example of an IDS product?

              Comment


              • #8
                Free ones listed here, discovered via the magic of
                A recent poll suggests that 6 out of 7 dwarfs are not happy

                Comment

                Working...
                X