This document introduces network intrusion detection systems (NIDS). It discusses how to physically connect a NIDS using a network tap, switch SPAN port, or hub. It also covers different types of NIDS like pattern matching and anomaly detection. The document explains false positives, false negatives, and interoperability challenges between vendors. It concludes with a question and answer section and recommends calculating the severity of network events using the SANS rating formula.