Network Intrusion Detection Systems
Network Intrusion Detection System (NIDS) monitors the traffic on its network segment “for suspicious activity and alerts the system or network administrator” (Bradley 1). NIDS are used to detect certain types of malicious activity that can compromise the security of a computer system. Such activity includes network attacks against vulnerable services, attacks aimed at privilege escalation, unauthorized access to important files, as well as the actions of malware (viruses, Trojans and worms).
Packet sniffing
Packet sniffing, or packet analysis, “is the process of capturing any data passed over the local network and looking for any information that may be useful” (Hannah 1). Data inside the network is transferred in packets, mostly TCP. TCP (transmission control protocol) is one of the main data transmission protocols. One of its main features is establishing a network connection before the transmission. This gives more control over the data exchange process.
Every TCP packet has a header and the actual data. Header contains different service information, like source and destination address, number, header length, checksum etc. Packets are broadcasted inside the network. Every computer or switch receives every packet and, if its address matches the destination address in the header, it accepts the packet, otherwise node ignores it.
Packet sniffing is a passive technique. Depending on a configuration of network switches, packet sniffers can see traffic on an entire network or just a certain segment of it. After the data is captured, it is analyzed by the packet sniffing software and presented in a readable form. Most of the information you send and receive can be captured with a packet sniffer if it is transmitted through an unencrypted connection. Thus, it is very dangerous to type important and confidential data on an unsecured Web page.
Protocol hierarchy
In the early 80's a number of international standardization organizations have developed a model called OSI (Open System Interconnection) – a model of interaction of open systems. In the OSI model the interaction means are divided into seven layers: physical layer, data link layer, network layer, transport layer, session layer, presentation layer, application layer. To ensure the necessary compatibility at every level of the computer network architecture special standard protocols are used, that formalize the rules governing the sequence and format of the messages exchanged between network components, which lie on the same level, but in different nodes of the network.
Based on the TCP / IP protocol integrity management is carried out in order to avoid losses, and two-time transaction processing. TCP protocol uses different protocols of the Internet services: PTP, HTTP, POP / SMTP, Usenet, Telnet, DNS. It is characterized as a protocol, that is connection-oriented, reliable, divides the flow of messages into segments, collects messages at the destination, resends all packets not correctly passed, collects outcoming segment messages.
UDP is used for a variety of Internet services: TFTP, SHMP, DHCP, DNS (Domain Name System). This protocol has the disadvantage in terms of safety, as it does not provide the software check of the parent segment. Its specificity is …