What is Network intrusion detection system

Identifying ID, IDS, IPS, and IDPS?

Intrusion Detection (ID) entails the process of monitoring and analyzing network system events for signs of incidents (e.g., violations or eminent threats).

IDSs use both hardware and software to detect intrusion by triggering alarms when something appears out of the ordinary (e.g., intruders or internal attacks) either on a network or a host. Simply put, IDSs are designed to detect attacks (not prevent them from occurring).

To prevent attacks or even block suspicious traffic, instead, an Intrusion Prevention System (IPS) is used; an IDPS (Intrusion Prevention and Detection System) is deployed for information gathering, logging, detection, and prevention.

Types of Intrusion-Detection systems

• NIDS Network-based IDS

- It is used to monitor a network & backbone networks

• HIDS Host-based IDS

- It is used to defend & monitor Operating Systems on hosts

• DIDS Distributed-based IDS

- It is used to report to a central management station

• PIDS Protocol-based IDS

- It is used to monitor and analyze the communication protocol between connected devices

• APIDS Application protocol-based IDS

- It is used to monitor and analyze the communication on application specific protocols

All about NIDS

What is NIDS?

A network intrusion detection system (NIDS) is an intrusion detection system that tries to detect malicious activity such as denial of service attacks; port scans or even attempts to crack into computers by monitoring network traffic.

The NIDS does this by reading all the incoming packets and trying to find suspicious patterns. If, for example, many of TCP connection requests to a very large number of different ports are observed, one could assume that there is someone committing a "port scan" at some of the computer(s) in the network. It also (mostly) tries to detect incoming shellcodes in the same manner that an ordinary intrusion detection systems does.

A NIDS is not limited to inspect incoming network traffic only. Often valuable information about an ongoing intrusion can be learned from outgoing or local traffic as well. Some attacks might even be staged from the inside the monitored network or network segment, and are therefore not regarded as incoming traffic at all.

Often, network intrusion detection systems work with other systems as well. They can for example update some firewalls' blacklist with the IP addresses of computers used by (suspected) crackers.

How to Setup a NIDS?

NIDS are easy to deploy and setup. Normally, it is a dedicated workstation that is connected to the network; but, it can also be a device that has the software embedded in it and is then connected to the network.

A NIDS is either connected to a hub, a network switch to be configured for port mirroring, or is placed as a network tap. It works as a "packet-sniffer."

Example of NIDS Snort (freeware) and Sax2. Other network-based IDSs include: Shadow, Dragon, NFR, RealSecure, and NetProwler.

Benefits of a NIDS
NIDS play an important role in the world of network security. They help prevented the consequences caused by undetected intrusions on the network.

Placement of a NIDS can detect

1. Unauthorized users (insiders & outsiders)
2. Abuse or overload from bandwidth and Denial of Service (DoS) attacks