2. What is NIDS?
NIDS stands for Network-based Intrusion
Detection System.
A Network-based Intrusion Detection System
(NIDS) is used to monitor and analyze network
traffic to protect a system from network-based
threats.
A NIDS reads all inbound packets and searches
for any suspicious patterns. When threats are
discovered, based on its severity, the system can
take action such as notifying administrators, or
barring the source IP address from accessing the
network.
4. Explanation of NIDS
A NIDS monitors traffic on a network looking
for suspicious activity, which could be an
attack or unauthorized activity.
A large NIDS server can be set up on a
backbone network, to monitor all traffic; or
smaller systems can be set up to monitor
traffic for a particular server, switch, gateway,
or router.
5. Explanation of NIDS
In addition to monitoring incoming and
outgoing network traffic, a NIDS server can
also scan system files looking for unauthorized
activity and to maintain data and file integrity.
The NIDS server can also detect changes in
the server core components.
In addition to traffic monitoring, a NIDS server
can also scan server log files and look for
suspicious traffic or usage patterns that match
a typical network compromise or a remote
hacking attempt.