In other words, Network intrusion detection system (NIDS) is a device or software application that tries to detect malicious activity such as denial of service attacks, port scans or even attempts to crack into computers by monitoring network traffic, producing reports to a Management Station.
A NIDS reads all the incoming packets and tries to find suspicious moments known as signatures or rules. If, for example, a large number of TCP connection requests to a very large number of different ports are observed, one could assume that there is someone conducting a port scan of some or all of the computer(s) in the network. Often valuable information about an ongoing intrusion can be learned from outgoing or local traffic as well. Some attacks might even be staged from the inside of the monitored network or network segment, and are therefore not regarded as incoming traffic at all.
|