Download - Cloud Security Alliance
Download - Cloud Security Alliance
Download - Cloud Security Alliance
- No tags were found...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
CLOUD SECURITY ALLIANCE SecaaS Implementation Guidance, Category 6: Intrusion ManagementHigh loads on the sniffer may have less impact on virtual machines or the host when compared to theabove virtual appliance approachDisadvantages:Not all vSwitches support mirror portsDedicated sniffer hardware and precious physical NIC requiredPotential scalability issuesFigure 3: Physical In-line IPS DeploymentTraditional IPS appliances can handle multiple physical network segments and VLANs. The deployment in Figure3 trunks out all VM traffic to a physical switch. An external IPS appliance inspects and bridges all networksegments.Advantages:IDS independent from hypervisorHigh loads on the sniffer may have less impact on virtual machines or the host when compared to thevirtual appliance approachAutomatic “Fail-Close” mechanism available© Copyright 2012, <strong>Cloud</strong> <strong>Security</strong> <strong>Alliance</strong>. All rights reserved. 24