What are the limitations of NIDS?
Network intrusion detection systems are unreliable enough that they should be considered only as secondary systems designed to backup the primary security systems. Primary systems such as firewalls, encryption, and authentication are rock solid. Bugs or misconfiguration often lead to problems in these systems, but the underlying concepts are “provably” accurate. The underlying concepts bhind NIDS are not absolutely accurate. Intrusion detection systems suffer from the two problems whereby normal traffic causes many false positives (cry wolf), and careful hackers can evade or disable the intrusion detection systems. Indeed, there are many proofs that show how network intrusion detection systems will never be accurate. This doesn’t mean intrusion detection systems are invalid. Hacking is so pervasive on today’s networks that people are regularly astounded when they first install such systems (both inside and outside the firewall). Good intrusion detection systems can dramatically improve
