|
| |
|
|
Two-tier
Architecture
|
eTrust Intrusion Detection's
Two-Tier Architecture
e Trust
Intrusion Detection's two-tier architecture gives you the ability to view and
manage critical network information either locally or from a remote station.
The two-tier architecture consists of an Engine component and a Viewer
component that separate data collection and analysis from viewing and
application configuration.
The Engine operates as a
service on a Windows NT/2000 machine, and performs the following tasks:
 |
Detects intrusions |
|
Logs session data and
statistics |
|
Blocks sessions |
|
Sends alerts and
notifications to the Viewers |
|
Reacts to Viewer requests |
The data collected by the
Engine is saved in a Workspace. When a Viewer connects to the Engine, the user
sees a current picture of the Workspace that is periodically updated. All
critical information, alerts, and notifications, however, appear in real-time.
The Viewer performs the
following functions:
|
Displays intrusion alerts |
|
Displays session data and
updates this information manually or automatically at predefined intervals |
|
Displays session logs on
demand from the Engine |
|
Allows Engine configuration
(dependent upon user permissions) |
A Viewer can run remotely or on
the same machine as an Engine, and one or more Viewers can simultaneously
connect to the same Engine.
|
