most complicated but most familiar level isthe application layer, which contains thetraffic used by programs. Application layertraffic includes the Web (hypertext transferprotocol [
file transfer protocol
Most NIDSs detectunwanted traffic at each layer, but concentratemostly on the application layer.
Two main component types comprise aNIDS: appliance and software only. A NIDSappliance is a piece of dedicated hardware: itsonly function is to be an IDS. The operatingsystem (OS), software, and the network interface cards (NIC) are included in theappliance. The second component type,software only, contains all the IDS softwareand sometimes the OS; however, the userprovides the hardware. Software-only NIDSsare often less expensive than appliance-basedNIDS because they do not provide thehardware; however, more configuration isrequired, and hardware compatibility issuesmay arise.With an IDS, the “system” component is vitalto efficiency. Often a NIDS is not comprisedof one device but of several physicallyseparated components. Even in a lesscomplicated NIDS, all components may bepresent but may be contained in onedevice.but more specifically, the physicalcomponents usually include the sensor,management sever, database server, andconsole—
—The sensor or agent is theNIDS component that sees network traffic and can make decisionsregarding whether the traffic ismalicious. Multiple sensors areusually placed at specific pointsaround a network, and the location of the sensors is important. Connectionsto the network could be at firewalls,switches, routers, or other places atwhich the network divides.
—As theanalyzer, a management server is acentral location for all sensors to sendtheir results. Management serversoften connect to sensors
amanagement network; for securityreasons, they often separate from theremainder of the network. Themanagement server will makedecisions based on what the sensorreports. It can also correlateinformation from several sensors andmake decisions based on specifictraffic in different locations on thenetwork.
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 10, No. 7, July 201252http://sites.google.com/site/ijcsis/ISSN 1947-5500