Topology for servers high availability with Intrusion Detection System

Abstract

Currently most businesses are relying on Information & Communication Technology, hence internet became more popular. When concerning internet, it’s in nature of Client/Server architecture. By the name “Client/Server” Servers are serving for client queries, So Servers need to be up and running every second to serve clients all over the world.

As new technologies like e-Commerce, e-Money, e-Wallet invented and internet grows, Business value of data on network increases. As a hobby or purposely people develop malicious programs and try to breach client server communication to make benefits. First computer virus “brain” found in Asian country Pakistan in 1986. Since two decades 150,000 viruses are found in the world & malicious programmers still developing virus programs. As a result of those malicious activities internet security concerns developed.

SNORT is an intrusion detection system as well as prevention system. It works in four modes. Inline mode which is the prevention mode that requires iptables support instead of libpcap. NIDS is another mode which alert for intrusions, but it doesn’t prevent from intrusions.

This project aims for developing an intrusion avoiding system instead of prevention system by use of the SNORT NIDS mode which uses libpcap and avoid overhead of iptables. In this topology servers are open to the world to serve clients in higher data rates, but avoiding intrusion. This is gained by changing ipadress of servers’ Ethernet interface, as well as changing configuration files accordingly when intrusion occurs.