MonALISA Grid Monitoring
Menu mode: dynamic | fixed
Last update on:
Dec 03, 2015

Uptime: 174 days, 9h, 7m
Number of requests: 5643791
since 28 October 2005
Distributed Intrusion Detection System

Intrusion Detection System (IDS) technology is an important component in designing a secure environment.
Using our agents platform we have designed a distributed intrusion detection system. (DIDS).
For this purpose the monIDS monitoring module was developed. It collects and publishes the information generated by a local instrusion detection engine (i.e SNORT,but other engines may be supported).
An specialized IDS Agent is running on the MonALISA service and in case of an alert it takes custom reactive actions (e.g. adding a blocking rule in firewall) and also broadcasts the alert in its communication group. In this way the other services can prevent possible future attacks from the same host.
The attacking hosts are dynamically moved in a black-list based on the attacks level and the frequencies of them.
A periodical report containing the intrusion alerts is generated and sent to the farm administrator.

In order to configure MonALISA to start the IDS agent/module please refer to Section 3.6 from the Service User Guide.