IDS: Features of a Network IDS Tap

["Andy Cuff [Talisker]" <lists () securitywizardry com>]

Hi Folks,
I'm currently working on updating all the network Taps on our site.  I can't
possibly list every product so I'm building a matrix for each vendor.  As I
see it the matrix should include
10/100/1000 Fiber and Copper but to add value I want to add features

Do many members monitor DS3/E3/T3 ATM, Frame Relay etc for IDS?

Those that I have this far are:

In built full duplex traffic aggregation, where the output is already
aggregated.

Multiple aggregated outputs, multiple identical outputs allowing you to
monitor with multiple IDS and/or protocol analyzers.

Reset Injection inband.  Allowing the IDS to inject resets into the network
through the Tap

Reset Injection Outband.  A specific port from the Tap allowing you to send
resets to another part of the network, I'm sure I read that one of the
vendors was doing this.

IPS Taps.  Allowing traffic to be blocked by the IPS

Fail Closed.     When the Tap loses power or the IPS fails the network
closes to allow traffic through

Fail Open.    When the Tap loses power or the IPS fails the network remains
open.

Can anybody think of any other useful features that I'm missing??

Vendors I have this far are

Intrusion

Network Critical

Finisar formerly Shomiti

Net Optics

Datacom Systems

http://www.securitywizardry.com/taps.htm

Anyway, I hope the page will be of use to those of you looking to buy some
taps this year


take care
-andy
Talisker Security Tools Directory
http://www.securitywizardry.com


---------------------------------------------------------------------------
---------------------------------------------------------------------------