Re: distributed IDS/sensor network

Im sure OSSIM could be what you are looking for (

Im not to sure about the hardware, im guessing a couple of normal
desktops with ethernet taps to run the sensors and a couple of
desktops with sebek or something like that for the honeypot.



On Wed, Mar 11, 2009 at 3:45 PM, Ganbold <ganbold@xxxxxxxxxxxxx> wrote:

My friend is doing small research on the design and
implementation of the distributed IDS/sensor network and security
operation center. The requirements include but not limited to:

*Distributed IDS sensor network (maybe with 20 IDS, honeynet/honeypot)
*Real-time monitoring of threats, incidents and attacks (large LCD
displays etc)
*Watch and warning system (hardware and software)
*Security alerting system (hardware and software)
*Incident report and response system (web etc)

In my opinion some existing open source software solutions like snort
might work for IDS for the first time. Or it could be either
commercial systems.
So here I have a few questions:

1. Can somebody give me some pointers to existing well known
distributed IDS/sensor networks and technologies (software/hardware
names) that they use?
2. Are there any known real-time monitoring systems around?
3. Are there any well known projects which implements
distributed IDS/sensor networks, and real-time monitoring systems?

If somebody can give me some names I can further search and
find what they are and what technologies they use.
I appreciate if somebody can give me some pointers in this regard.

thanks in advance,


A Smith & Wesson beats four aces.