Network based Intrusion Detection System

Network intrusion detection systems are placed at a strategic point or points within the network to monitor traffic to and from all devices on the network.

A NIDS reads all inbound packets and searches for any suspicious patterns.

When threats are discovered, based on its severity, the system can take action such as notifying administrators, or barring the source IP address from accessing the network

Once the attack is identified, or abnormal behavior is sensed, the alert can be sent to the administrator.

Example of the NIDS would be installing it on the subnet where firewalls are located in order to see if someone is trying to break into the firewall.

Ideally one would scan all inbound and outbound traffic but slows down a network.

A network-based intrusion detection system (NIDS) is used to monitor and analyze network traffic to protect a system from network-based threats.

differences between Network based and Host based intrusion detection

• While selecting an intrusion detection system, you have to consider both host-based and network based intrusion detection system. In such case, you should compare both the systems, and then make your pick. The main difference between the two systems are like:
• Analysis: A host-based system analyzes logs and consists of information regarding the status of your system, whereas a network-based system analyzes a network traffic directly, thus checking every network event.
• Protection: Even though both the systems provide you protection on LAN, but while you are off your LAN, only a host-based system will offer protection.
• Versatility: On comparing both HIDS and NIDS, you will find host-based systems to be more versatile.
• Affordability: When compared to network-based systems, host-based systems can be more affordable, but only if you select the right product.