Topic
3 replies Latest Post - ‏2013-01-31T22:01:41Z by seroyer
SystemAdmin
SystemAdmin
1744 Posts
ACCEPTED ANSWER

Pinned topic Network IDS for PowerVM ?

‏2013-01-31T15:53:31Z |
I would like to know if there's a network IDS (Intrusion Detection System) solution for PowerVM, i.e. to monitor the ethernet communication between the VMs inside the same host ?

With VMware, there are "virtual appliances" that you can install inside the host that can interact with the hypervisor.

I'm wondering if there's such a solution for PowerVM.

Thanks.
Updated on 2013-01-31T22:01:41Z at 2013-01-31T22:01:41Z by seroyer
  • k0da
    k0da
    3 Posts
    ACCEPTED ANSWER

    Re: Network IDS for PowerVM ?

    ‏2013-01-31T16:35:04Z  in response to SystemAdmin
    You can try to compile "Snort" for example.
    • SystemAdmin
      SystemAdmin
      1744 Posts
      ACCEPTED ANSWER

      Re: Network IDS for PowerVM ?

      ‏2013-01-31T20:48:56Z  in response to k0da
      I know I can compile "snort" but after that, I need to redirect all the ethernet communications from other VMs to the one that has snort. I don't want to change the ethernet configuration from other VMs.

      I was wondering if there's a product that can interact directly to the hypervisor or the virtual switch ? Or there's a way to configure port mirroring or switched port analyzer (SPAN)on the virtual switch ?
      • seroyer
        seroyer
        352 Posts
        ACCEPTED ANSWER

        Re: Network IDS for PowerVM ?

        ‏2013-01-31T22:01:41Z  in response to SystemAdmin
        There is no such solution today. Direct LPAR to LPAR communication cannot be intercepted by any third party. If you can force all traffic to flow out through an SEA to a physical network, then you could trace it there. You would have to use tricks like ensuring no client LPARs are on the same subnet and their gateways are external to physical system.

        Steve