This topic is to discuss the following lesson:
Hi Rene,
I think the interfaces on your diagram are wrong on the Router RITE cause you mentioned f0/1 but there is none.
Thanks
Thanks Alfredo, just fixed the image.
Hello Rene, thanks for the explanation. The question I have is: should returned traffic be inspected or forwarded to the IDS, instead of the client’s traffic? We assume internal traffic is trusted, right?
Hi Jose,
If you want to use RITE to forward traffic to an IDS/IPS then yes, it’s probably the traffic from outside to inside that you want to forward and inspect.
We don’t always trust internal traffic 100% btw. For example, a few weeks ago I used an ASA with firepower that is used to inspect all outgoing traffic. It can be used to drop certain traffic that the hosts are not allowed to use.
Rene
Hello Rene,
Nice. Is there any option to Monitor Traffic Remotely like RSPAN on Router port ??
br//
zaman
Hello Rene ,
can we use a windows Device ( with Wireshark installed on it ) instead of IDS System in this Topology to capture and analyse the Traffic that sent from the client to Internet through RITE Router in real Time ( Live Capturing ) ?
Thanks .
Hello Mohammad
Yes, you can set up the capturing device to be a Wireshark packet sniffer instead of an IDS. You can think of RITE as simply SPAN for routers. In most cases, you would have a switch connected directly to a router, so you would be able to do your sniffing on the switch port, and thus use regular SPAN. Regular SPAN is also preferred because routers in general have fewer ports, so it is less often that you may have an unused port to use as a monitoring port with RITE.
However, in cases where you have an IDS that you want to inspect traffic, or if you have a router and you have physical access only to one of its ports, and not to the connected switch, then RITE is the preferable choice.
I hope this has been helpful!
Laz