Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



IDS: Re: Distributed IDS

Re: Distributed IDS

From: Yoann Vandoorselaere <yoann_at_prelude-ids.org>
Date: Thu, 09 Oct 2003 13:34:20 +0200

On Sun, 2003-10-05 at 16:12, Gaurav wrote:
> Hi ,
>
> I would like to have suggestions about the Implementations of an
> Distributed Intrusion Detection System:
>
> 1. What Architectures can be deployed for distributed architecture?

Prelude is a distributed Hybrid IDS. It's available under the GPL
license and currently has a lot of sensors like Prelude NIDS, Prelude
LML (Host based IDS) & external program that were modified to make them
able to report to the Prelude system like Honeyd, Systrace, Snort,
Nessus, Hogwash, and more.

You can check it out on http://www.prelude-ids.org

> 2. From Research Point of view what limitations does current IDS have
> and what new could be done.

Pattern matching make it hard for NIDS to catch up with very high
networking speed. Algorithm improvement and hardware support might help.
Also NIDS won't help in analyzing cyphered protocols. An host based IDS
might help here.

> 3. How to write scalable Module driven projects?

Having a modular architecture sound very important so that you can
dynamically plug in or out part of the system. Prelude implement that.

> 4. Any source code available to develop mobile agents in c/c++?

The Prelude library provide you with the necessary API to make your
agent communicate with the whole Prelude system. The whole Prelude suite
is written in C. Moreover, in future Prelude version, Perl API binding
will be available, allowing you to create Perl agents. 

-- 
Yoann Vandoorselaere <yoann_at_prelude-ids.org>
---------------------------------------------------------------------------
Captus Networks IPS 4000
Intrusion Prevention and Traffic Shaping Technology to: 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Precisely Define and Implement Network Security & Performance Policies
FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo 
http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
---------------------------------------------------------------------------
Received on Oct 10 2003
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos