|
|
Re: High availability design of NIDS: msg#00024security.ids
OpenBSD + CARP + snort = failover NIDS >>> Jose Maria Lopez Hernandez <jkerouac@xxxxxxxxx> 2/22/2005 11:46:52 AM >>> El mar, 22-02-2005 a las 17:26 +0800, Vincent IP escribió: > Hi all, > > I am now designing an NIDS solution. In the design, I would like to > include high availability (HA) feature for my NIDS solution so that when > one of the sensor is dead, the other (resilient) sensor can take up the > monitoring job automatically. > > If the NIDS is not running in stealthy mode, I think I could use the > Cluster service of Windows to monitor the network in HA mode. (assuming > both sensors can listen to all traffics in the network). > > However, if I need to run the NIDS in stealthy mode, could I also use the > Cluster service to monitor the network in HA mode? Are there any products > already enabling HA feature? > > Thank you very much. > > Regards, > Pong I've installed two snort sensors logging to a MySQL database with internal storage, using heartbeat, drdb and some hacks, in high availability. But it runs under Linux. If you are interested, post another message and I will tell you how I did it, but you talk about Windows, so I don't know if you are interested in the information. Regards. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@xxxxxxxxx bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÑA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road" -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. -------------------------------------------------------------------------- -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. -------------------------------------------------------------------------- |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: High availability design of NIDS: 00024, Jose Maria Lopez Hernandez |
|---|---|
| Next by Date: | RE: High availability design of NIDS: 00024, Gary Halleen |
| Previous by Thread: | Re: High availability design of NIDSi: 00024, Drew Simonis |
| Next by Thread: | Re: High availability design of NIDS: 00024, Jon Hart |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |