What is a Network Intrusion Detection System?

In computing, a network intrusion detection system (NIDS) is a special cyber security device that monitors incoming network traffic. This software reads message packets that are sent through the network and determine if they are malicious or harmful. Many companies and other organizations need these systems to keep their computer networks safe.

The network intrusion detection system is often considered the first line of defense for a computer network. This system can filter incoming network traffic based on predefined cyber security threat rules. The NIDS can monitor a network for many types of cyber threats. These include denial of service attacks, viruses, worms, and harmful spam.

Most intrusion detection systems monitor a company's inbound and outbound network traffic. This security software reads the message packets that are transmitted throughout the company, looking for malicious activity. When a suspicious message is detected, it is typically logged and blocked from the network.

A network intrusion detection system can also learn based on the threats it discovers. As messages are blocked from the network, they are added to the response tree of future potential threats. This ensures new viruses are quickly added to the detection system, thereby blocking malicious activity.

A protocol-based network intrusion detection system is a special form of detection that searches for specific types of messages based on protocol. This security software looks for messages based on the protocol in place. Some examples of protocols reviewed include hypertext transfer protocol (HTTP), hypertext transfer protocol secure (HTTPS), and simple mail transfer protocol (SMTP).

Some security software can filter malicious activity based on specific IP addresses. This type of network intrusion detection system is considered a less sophisticated tool because many cyber security hackers spoof the IP address in an effort the hide from security software. IP address filtering is similar to a do-not-call registry. The system looks for requests from specific IP addresses and denies access to the network when a suspicious address is found.

A bypass switch is typically included in an intrusion detection system. This switch is a hardware device that provides a gateway for monitoring software to review packets on a network. The bypass switch resides on the entry point of the network to ensure malicious message filtering occurs.

Many sophisticated intrusion detection systems can monitor and trap cyber criminals. These systems set internal alarms and provide a method of trapping and logging the malicious activity. By monitoring devices in this manner, security professionals can locate and shut down cyber hackers.