|
|
Environment Security monitoring using ACARM Implementation of the Correlation Module, developed during the course of the Positif project, revealed a high level of efficiency and stability. It was therefore incorporated into the WCNS supercomputer network. The supercomputer network of WCNS is a separate segment of the second ISO/OSI layer and has a different IP address class. For monitoring purposes, a special server was chosen that provides a few virtual machines that realize dedicated tasks. Sensors location 
Figure 3 – ACARM environment IDS (Snort) is installed on the monitoring server that monitors traffic on the “span” port of the main switch. An HIDS (Prelude-LML) was installed on each computer from the supercomputer department that monitors system events using a local network socket shared with the syslog-ng daemon or using log files if the syslog-ng is not available on that particular machine (cluster). Each Prelude-LML such as the Snort IDS sensors was connected with the Prelude manager application that was installed on the monitoring computer. |