Network intrusion detection system
|A network intrusion
detection system (NIDS) is an intrusion detection system
that tries to detect malicious activity such as denial
of service attacks, port scans or even attempts to crack
into computers by monitoring network traffic.
The NIDS does this by reading all the incoming packets
and trying to find suspicious patterns. If, for example,
a large number of TCP connection requests to a very
large number of different ports are observed, one could
assume that there is someone committing a "port scan" at
some of the computer(s) in the network. It also (mostly)
tries to detect incoming shellcodes in the same manner
that an ordinary intrusion detection systems does.
A NIDS is not limited to inspecting incoming network
traffic only. Often valuable information about an
ongoing intrusion can be learned from outgoing or local
traffic as well. Some attacks might even be staged from
the inside of the monitored network or network segment,
and are therefore not regarded as incoming traffic at
Often, network intrusion detection systems work with
other systems as well. They can for example update some
firewalls' blacklist with the IP addresses of computers
used by (suspected) crackers.
Certain DISA documentation, such as the Network STIG,
uses the term NID to distinguish an internal IDS
instance from its outward-facing counterpart.