All about NIDS
What is NIDS?
It is software and hardware that resides in one or more systems connected to a network.
The purpose of a NIDS?
It examines the network traffic by scanning and utilizing network adapters (running in promiscuous mode) to monitor and analyze the data packets that travel over the network. It can do this in real-time!
In addition to being capable of detecting attacks from the sensors, NIDS also identify attacks by using one of two techniques:
1. Anomaly Detection (Profile-based intrusion detection): it depends on statistical analysis and works by comparing the observed behavior of the network with models of "normal" behaviors
2. Misuse Detection (signature-based or pattern matching detection): generates alarms when the detect intrusions by matching observed activity with known signatures of intrusions or vulnerabilities.
How to Setup a NIDS?
NIDS are easy to deploy and setup. Normally, it is a dedicated workstation that is connected to the network; but, it can also be a device that has the software embedded in it and is then connected to the network.
A NIDS is either connected to a hub, a network switch to be configured for port mirroring, or is placed as a network tap. It works as a “packet-sniffer."
Example of NIDS are Snort (freeware) and Sax2. Other network-based IDSs include: Shadow, Dragon, NFR, RealSecure, and NetProwler.