network intrusion detection system (NIDS)
Network Intrusion Detection System (NIDS) is an intrusion detection system( ITS) for detecting intrusions into a collision domain of a network. In this intrusion detection system( IDS), all data packets in the collision domain are intercepted at a central point or directly on the wire and examined for known or suspected attack patterns.
NIDS systems can analyze the data packets in real time, examine every active connection, and in this way can respond extremely quickly and also detect DoS attacks, just not encrypted data.
In a NIDS system, sniffers monitor traffic on the particular network segment. The systems operate on their own appliances and analyze the data packets. The current event information is displayed in the network administration. The parameters of the sniffers are also set from there. Since sniffers generally operate passively, they are undetectable to hackers. If a certain behavior pattern or irregularity occurs in the data packets that could represent an attack, an action is triggered. This could be an alert, an email or countermeasures.
Since network-based IDS systems cannot detect which target system an attack is directed against, there are Network Node-Based Intrusion Detection (NNIDS) IDS systems that are installed directly on the target systems. These NNIDS systems have the advantage that they do not examine every data packet and detect faulty attacks. However, they are detectable by the attacker because they cannot operate in Promiscuous Mode, where all traffic is captured. All data packets captured in Promisuous Mode are passed to the appliance for processing, which analyzes and evaluates them and stores certain bit patterns in a database.