MonALISA Grid Monitoring
D-IDS
Menu mode: dynamic | fixed
  HOME       CLIENTS       REPOSITORIES       DOWNLOADS       LOOKING GLASS       FAST DATA TRANSFER  
Last update on:
Dec 03, 2015

Uptime: 165 days, 18h, 35m
Number of requests: 3974866
since 28 October 2005
Distributed Intrusion Detection System

Intrusion Detection System (IDS) technology is an important component in designing a secure environment.
Using our agents platform we have designed a distributed intrusion detection system. (DIDS).
For this purpose the monIDS monitoring module was developed. It collects and publishes the information generated by a local instrusion detection engine (i.e SNORT,but other engines may be supported).
An specialized IDS Agent is running on the MonALISA service and in case of an alert it takes custom reactive actions (e.g. adding a blocking rule in firewall) and also broadcasts the alert in its communication group. In this way the other services can prevent possible future attacks from the same host.
The attacking hosts are dynamically moved in a black-list based on the attacks level and the frequencies of them.
A periodical report containing the intrusion alerts is generated and sent to the farm administrator.

In order to configure MonALISA to start the IDS agent/module please refer to Section 3.6 from the Service User Guide.