What is a “network intrusion detection system (NIDS)”?
An intrusion is somebody (A.K.A. “hacker” or “cracker”) attempting to break into or misuse your system. The word “misuse” is broad, and can reflect something severe as stealing confidential data to something minor such as misusing your email system for spam (though for many of us, that is a major issue!). An “Intrusion Detection System (IDS)” is a system for detecting such intrusions. For the purposes of this FAQ, IDS can be broken down into the following categories: network intrusion detection systems (NIDS) monitors packets on the network wire and attempts to discover if a hacker/cracker is attempting to break into a system (or cause a denial of service attack). A typical example is a system that watches for large number of TCP connection requests (SYN) to many different ports on a target machine, thus discovering if someone is attempting a TCP port scan. A NIDS may run either on the target machine who watches its own traffic (usually integrated with the stack and services themselves
Related Questions
- I already have a firewall and a Network Intrusion Detection system (NIDS) at my perimeter. Do I still need Primary Response to protect my server-based applications?
- What is a good book to learn how to use Snort, the open source network intrusion detection system?
- What is a "network intrusion detection system (NIDS)"?
