Tuesday, December 20, 2005

Clustered Intruson Detection System

Ideas for creating a scalable architecture for very large enterprises.
  • Create a LINUX-based IDS appliance with clustering enabled.
  • After establishment of first node, additional nodes can be dropped in and configured directly into the cluster.
  • Added nodes will pull configurations from existing nodes and self-configure after initial node config.
  • Once finalized, nodes will form cluster and share CPU, memory, and application space. This provides drop-in scalability merely by adding more appliance units and configuring.
  • Incoming spanned traffic will have to be load balanced among promiscuous NICs.

No comments: