Re: High availability design of NIDS

From: Michael Allgeier (Michael.Allgeier_at_lcra.org)
Date: 02/22/05

  • Next message: Gary Halleen: "RE: High availability design of NIDS"
    Date: Tue, 22 Feb 2005 15:47:03 -0600
    To: <focus-ids@securityfocus.com>
    
    

    OpenBSD + CARP + snort = failover NIDS

    >>> Jose Maria Lopez Hernandez <jkerouac@bgsec.com> 2/22/2005 11:46:52 AM >>>
    El mar, 22-02-2005 a las 17:26 +0800, Vincent IP escribió:
    > Hi all,
    >
    > I am now designing an NIDS solution. In the design, I would like to
    > include high availability (HA) feature for my NIDS solution so that when
    > one of the sensor is dead, the other (resilient) sensor can take up the
    > monitoring job automatically.
    >
    > If the NIDS is not running in stealthy mode, I think I could use the
    > Cluster service of Windows to monitor the network in HA mode. (assuming
    > both sensors can listen to all traffics in the network).
    >
    > However, if I need to run the NIDS in stealthy mode, could I also use the
    > Cluster service to monitor the network in HA mode? Are there any products
    > already enabling HA feature?
    >
    > Thank you very much.
    >
    > Regards,
    > Pong

    I've installed two snort sensors logging to a MySQL database with
    internal storage, using heartbeat, drdb and some hacks, in high
    availability. But it runs under Linux. If you are interested, post
    another message and I will tell you how I did it, but you talk about
    Windows, so I don't know if you are interested in the information.

    Regards.

    -- 
    Jose Maria Lopez Hernandez
    Director Tecnico de bgSEC
    jkerouac@bgsec.com 
    bgSEC Seguridad y Consultoria de Sistemas Informaticos
    http://www.bgsec.com 
    ESPAÑA
    The only people for me are the mad ones -- the ones who are mad to live,
    mad to talk, mad to be saved, desirous of everything at the same time,
    the ones who never yawn or say a commonplace thing, but burn, burn, burn
    like fabulous yellow Roman candles.
                    -- Jack Kerouac, "On the Road"
    --------------------------------------------------------------------------
    Test Your IDS
    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from 
    CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
    to learn more.
    --------------------------------------------------------------------------
    --------------------------------------------------------------------------
    Test Your IDS
    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from 
    CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
    to learn more.
    --------------------------------------------------------------------------
    

  • Next message: Gary Halleen: "RE: High availability design of NIDS"