El mar, 22-02-2005 a las 17:26 +0800, Vincent IP escribiÃ:
Hi all,
I am now designing an NIDS solution. In the design, I would like to
include high availability (HA) feature for my NIDS solution so that when
one of the sensor is dead, the other (resilient) sensor can take up the
monitoring job automatically.
If the NIDS is not running in stealthy mode, I think I could use the
Cluster service of Windows to monitor the network in HA mode. (assuming
both sensors can listen to all traffics in the network).
However, if I need to run the NIDS in stealthy mode, could I also use the
Cluster service to monitor the network in HA mode? Are there any products
already enabling HA feature?
Thank you very much.
Regards,
Pong
I've installed two snort sensors logging to a MySQL database with
internal storage, using heartbeat, drdb and some hacks, in high
availability. But it runs under Linux. If you are interested, post
another message and I will tell you how I did it, but you talk about
Windows, so I don't know if you are interested in the information.
Regards.
--
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac@bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÃA
The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the Road"
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
