IDS mailing list archives
Re: Distributed IDS
From: Yoann Vandoorselaere <yoann () prelude-ids org>
Date: Thu, 09 Oct 2003 13:34:20 +0200
On Sun, 2003-10-05 at 16:12, Gaurav wrote:
Hi , I would like to have suggestions about the Implementations of an Distributed Intrusion Detection System: 1. What Architectures can be deployed for distributed architecture?
Prelude is a distributed Hybrid IDS. It's available under the GPL license and currently has a lot of sensors like Prelude NIDS, Prelude LML (Host based IDS) & external program that were modified to make them able to report to the Prelude system like Honeyd, Systrace, Snort, Nessus, Hogwash, and more. You can check it out on http://www.prelude-ids.org
2. From Research Point of view what limitations does current IDS have and what new could be done.
Pattern matching make it hard for NIDS to catch up with very high networking speed. Algorithm improvement and hardware support might help. Also NIDS won't help in analyzing cyphered protocols. An host based IDS might help here.
3. How to write scalable Module driven projects?
Having a modular architecture sound very important so that you can dynamically plug in or out part of the system. Prelude implement that.
4. Any source code available to develop mobile agents in c/c++?
The Prelude library provide you with the necessary API to make your agent communicate with the whole Prelude system. The whole Prelude suite is written in C. Moreover, in future Prelude version, Perl API binding will be available, allowing you to create Perl agents. -- Yoann Vandoorselaere <yoann () prelude-ids org> --------------------------------------------------------------------------- Captus Networks IPS 4000 Intrusion Prevention and Traffic Shaping Technology to: - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Precisely Define and Implement Network Security & Performance Policies FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101 ---------------------------------------------------------------------------
Current thread:
- Distributed IDS Gaurav (Oct 08)
- RE: Distributed IDS Mail Archive (Oct 09)
- Re: Distributed IDS Yoann Vandoorselaere (Oct 09)