Concept: “An Intrusion Detection System is required to detect all types of malicious network traffic and computer usage that can't be detected by a conventional firewall. This includes network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, unauthorized logins and access to sensitive files, and malware (viruses, trojan horses, and worms).”
- Sensors which generate security events
- Console to monitor events and alerts and control the sensors
- Engine that records events logged by the sensors in a database and uses a system of rules to generate alerts from security events received.