Network intrusion detection system

In computer security, a Network Intrusion Detection System (NIDS) is an intrusion detection system that attempts to discover unauthorized access to a computer network by analyzing traffic on the network for signs of malicious activity.^[1]

A NIDS reads all the incoming packets and tries to find suspicious patterns known as signatures or rules. If, for example, a large number of TCP connection requests to a very large number of different ports are observed, one could assume that there is someone conducting a port scan of some or all of the computer(s) in the network. It also (mostly) tries to detect incoming shellcodes in the same manner that an ordinary intrusion detection system does.^{[citation needed]}

A NIDS is not limited to inspecting incoming network traffic only. Often valuable information about an ongoing intrusion can be learned from outgoing or local traffic as well. Some attacks might even be staged from the inside of the monitored network or network segment, and are therefore not regarded as incoming traffic at all.^{[citation needed]}

Often network intrusion detection systems work with other systems as well. They can, for example, update some firewalls' blacklist with the IP addresses of computers used by (suspected) crackers^{[citation needed]}.

Certain DISA documentation, such as the Network STIG, uses the term NID to distinguish an internal IDS instance from its outward-facing counterpart. ^{[citation needed]}

• Application protocol-based intrusion detection system (APIDS)
• Bypass switch
• Honeypot (or Honeynet)
• Host-based intrusion detection system (HIDS)
• Intrusion prevention system (IPS)
• Protocol-based intrusion detection system (PIDS)
• Snort, an open source NIDS

This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "Network intrusion detection system" – news · newspapers · books · scholar · JSTOR (Learn how and when to remove this message)

• U.S. Defense Information Systems Agency (DISA) Information Assurance Support Environment (IASE)
• EasyIDS - Free customized CentOS install cd containing Snort, Barnyard, BASE, ntop, and more. Most of what's needed for a NIDS.
• Comprehensive List of Commercial NIDS, Mosaic Security Research

This computer networking article is a stub. You can help Wikipedia by expanding it.

• v
• t
• e

This computer security article is a stub. You can help Wikipedia by expanding it.

• v
• t
• e