RE: High availability design of NIDS

["Gary Halleen" <ghalleen () cisco com>]

Cisco sensors support etherchannel load-balancing.  In this scenario, all
IDS traffic would automatically be load-balanced to your sensors.  If a
hardware or software issue caused a sensor to fail, then that sensor would
drop out of the etherchannel group and all traffic would be sent to the
remaining sensor(s).

Gary
 

-----Original Message-----
From: Vincent IP [mailto:pong () cs ust hk] 
Sent: Tuesday, February 22, 2005 1:27 AM
To: focus-ids () securityfocus com
Subject: High availability design of NIDS

Hi all,

I am now designing an NIDS solution. In the design, I would like to include
high availability (HA) feature for my NIDS solution so that when one of the
sensor is dead, the other (resilient) sensor can take up the monitoring job
automatically.

If the NIDS is not running in stealthy mode, I think I could use the Cluster
service of Windows to monitor the network in HA mode. (assuming both sensors
can listen to all traffics in the network).

However, if I need to run the NIDS in stealthy mode, could I also use the
Cluster service to monitor the network in HA mode? Are there any products
already enabling HA feature?

Thank you very much.

Regards,
Pong


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------