Re: High availability design of NIDS

El mar, 22-02-2005 a las 17:26 +0800, Vincent IP escribió:
> Hi all,
> 
> I am now designing an NIDS solution. In the design, I would like to
> include high availability (HA) feature for my NIDS solution so that when
> one of the sensor is dead, the other (resilient) sensor can take up the
> monitoring job automatically.
> 
> If the NIDS is not running in stealthy mode, I think I could use the
> Cluster service of Windows to monitor the network in HA mode. (assuming
> both sensors can listen to all traffics in the network).
> 
> However, if I need to run the NIDS in stealthy mode, could I also use the
> Cluster service to monitor the network in HA mode? Are there any products
> already enabling HA feature?
> 
> Thank you very much.
> 
> Regards,
> Pong

I've installed two snort sensors logging to a MySQL database with
internal storage, using heartbeat, drdb and some hacks, in high
availability. But it runs under Linux. If you are interested, post 
another message and I will tell you how I did it, but you talk about 
Windows, so I don't know if you are interested in the information.

Regards.

-- 

Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac@xxxxxxxxx
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                -- Jack Kerouac, "On the Road"



--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------