| Distributed Intrusion Detection System
Intrusion Detection System (IDS) technology is an important component in designing a secure environment.
Using our agents platform we have designed a distributed intrusion detection system. (DIDS).
For this purpose the monIDS monitoring module was developed. It collects and publishes the information generated by a local instrusion detection engine
(i.e SNORT,but other engines may be supported).
An specialized IDS Agent is running on the MonALISA service and in case of an alert it takes custom reactive actions (e.g. adding a blocking rule in firewall) and also broadcasts the alert in its communication group.
In this way the other services can prevent possible future attacks from the same host.
The attacking hosts are dynamically moved in a black-list based on the attacks level and the frequencies of them.
A periodical report containing the intrusion alerts is generated and sent to the farm administrator.
In order to configure MonALISA to start the IDS agent/module please refer to
Section 3.6 from the
Service User Guide.