Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
1Activity
0 of .
Results for:
No results containing your search query
P. 1
The Agents scrutiny at Protocol Stack in NIDS

The Agents scrutiny at Protocol Stack in NIDS

Ratings: (0)|Views: 15 |Likes:
Published by ijcsis
The Research on the betterment of IDS and IPS is an avalanche process wherein each footstep paves way for new research work. In this regard This paper is a survey sheet on my research with respect to the implementation of Agents in the NIDS, first the paper depicts the OSI, later the impact of NIDS and the implementation of Agents in NIDS and it give a overview of the role of Agents in Basic Security Model and OSI reference and TCP/IP Model
The Research on the betterment of IDS and IPS is an avalanche process wherein each footstep paves way for new research work. In this regard This paper is a survey sheet on my research with respect to the implementation of Agents in the NIDS, first the paper depicts the OSI, later the impact of NIDS and the implementation of Agents in NIDS and it give a overview of the role of Agents in Basic Security Model and OSI reference and TCP/IP Model

More info:

Published by: ijcsis on Aug 19, 2012
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

08/19/2012

pdf

text

original

 
The Agents scrutiny at Protocol Stack in NIDS
1
Mr.M.Shiva Kumar,
2
Dr.K.Krishnamoorthy
1
 Research Scholar/Dept. of CSE/Karpagam University/Coimbatore/T.N,
2
Professor & Head/Dept. of CSE/ Kuppam Engineering College/Kuppam/A.P.
email
: shivasparadise@gmail.com
Abstract
The Research on the betterment of IDS and IPS is an avalanche process wherein each footstep paves way for new research work. In thisregard This paper is a survey sheet on myresearch with respect to the implementation of  Agents in the NIDS, first the paper depicts theOSI, later the impact of NIDS and theimplementation of Agents in NIDS and it give aoverview of the role of Agents in Basic Security Model and OSI reference and TCP/IP Model
Keywords
: IDS,IPS,NIDS,TCP,IP,OSI.
1.
 
An Overview of the Open SystemsInterconnection Model
A NIDS is placed on a network to analyzetraffic in search of unwanted or maliciousevents. Network traffic is built on variouslayers; each layer delivers data from one pointto another.
Figure 1. OSI and TCP/IP Model
The OSI model and transmission controlprotocol (TCP)/IP model show how eachlayer stacks up. (See Figure 1.) Within theTCP/IP model, the lowest link layer controlshow data flows on the wire, such ascontrolling voltages and the physicaladdresses of hardware, like mandatory accesscontrol (MAC) addresses. The Internet layercontrols address routing and contains the IPstack. The transport layer controls data flowand checks data integrity. It includes the TCPand user datagram protocol (UDP). Lastly, the
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 10, No. 7, July 201251http://sites.google.com/site/ijcsis/ISSN 1947-5500
 
most complicated but most familiar level isthe application layer, which contains thetraffic used by programs. Application layertraffic includes the Web (hypertext transferprotocol [
 HTTP]),
file transfer protocol
(FTP),
email,
etc.
Most NIDSs detectunwanted traffic at each layer, but concentratemostly on the application layer.
2.
 
Component Types
Two main component types comprise aNIDS: appliance and software only. A NIDSappliance is a piece of dedicated hardware: itsonly function is to be an IDS. The operatingsystem (OS), software, and the network interface cards (NIC) are included in theappliance. The second component type,software only, contains all the IDS softwareand sometimes the OS; however, the userprovides the hardware. Software-only NIDSsare often less expensive than appliance-basedNIDS because they do not provide thehardware; however, more configuration isrequired, and hardware compatibility issuesmay arise.With an IDS, the “system” component is vitalto efficiency. Often a NIDS is not comprisedof one device but of several physicallyseparated components. Even in a lesscomplicated NIDS, all components may bepresent but may be contained in onedevice.but more specifically, the physicalcomponents usually include the sensor,management sever, database server, andconsole—
¾
 
Sensor
—The sensor or agent is theNIDS component that sees network traffic and can make decisionsregarding whether the traffic ismalicious. Multiple sensors areusually placed at specific pointsaround a network, and the location of the sensors is important. Connectionsto the network could be at firewalls,switches, routers, or other places atwhich the network divides.
¾
 
Management server
—As theanalyzer, a management server is acentral location for all sensors to sendtheir results. Management serversoften connect to sensors
via
amanagement network; for securityreasons, they often separate from theremainder of the network. Themanagement server will makedecisions based on what the sensorreports. It can also correlateinformation from several sensors andmake decisions based on specifictraffic in different locations on thenetwork.
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 10, No. 7, July 201252http://sites.google.com/site/ijcsis/ISSN 1947-5500
 
¾
 
Database server
—Database serversare the storage components of theNIDS. From these servers, eventsfrom sensors and correlated data frommanagement servers can be logged.Databases are used because of theirlarge storage space and performancequalities.
¾
 
Console
—As the user interface of theNIDS, the console is the portion of the NIDSat which the administrator can log into andconfigure the NIDS or to monitor its status.The console can be installed as either a localprogram on the administrator’s computer or asecure Web application portal. Trafficbetween the components must be secure andshould travel between each componentunchanged and unviewed. Intercepted trafficcould allow a hacker to change the way inwhich a network views an intrusion.
2.1
 
NIDS Sensor Placement
Because a sensor is the portion of the NIDSthat views network traffic, its placement isimportant for detecting proper traffic. Figure2 offers an example of how to place a NIDSsensor and other components. There areseveral ways to connect a NIDS sensor to thenetwork—
Figure 2. NIDS PLACEMENT
¾
 
Inline
—An inline NIDS sensor isplaced between two network devices, such asa router and a firewall. This means that alltraffic between the two devices must travelthrough the sensor, guaranteeing that thesensor can analyze the traffic. An inlinesensor of an IDS can be used to disallowtraffic through the sensor that has beendeemed malicious. Inline sensors are oftenplaced between the secure side of the firewalland the remainder of the internal network sothat it has less traffic to analyze.
¾
 
Passive
—A passive sensor analyzestraffic that has been copied from thenetwork versus traffic that passesthrough it. The copied traffic cancome from numerous places—
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 10, No. 7, July 201253http://sites.google.com/site/ijcsis/ISSN 1947-5500

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->