Network intrusion detection system
|
|
A network intrusion detection system (NIDS) is a system that tries to detect malicious activity such as denial of service attacks, port-scans or even attempts to crack into computers by monitoring network traffic.
The NIDS does this by reading all the incoming packets and trying to find suspicious patterns. If, for example, a large number of TCP connection requests to a very large number of different ports is observed, one could assume that there is someone committing a "portscan" at some of the computer(s) in the network. It also (mostly) tries to detect incoming shellcodes in the same manner that an ordinary intrusion detection systems does.
A NIDS is not limited to inspecting incoming network traffic only. Oftentimes valuable information about an ongoing intrusion can be learned from outgoing or local traffic as well. Some attacks might even be staged from the inside of the monitored network or network segment, and are therefore not regarded as incoming traffic at all.
Often, network intrusion detection systems work with other systems as well. They can for example update some firewalls' blacklist with the IP addresses of computers used by (suspected) crackers.
See also
- Intrusion detection system
- Intelligent intrusion detection systems
- Host-based intrusion detection system
- Snort, an Open Source NIDS
External links
- Intrusion Detection, Honeypots and Incident Handling Resources (http://www.honeypots.net/)
- PacketDefense Network Security (http://www.packetdefense.com/)
- Sniff-em (http://www.sniff-em.com/), packet sniffer with filtered NIDS mode
- Logs scanner and malicious login attempts detector, blacklisting of attackers (http://fail2ban.sourceforge.net/)