Whats the difference between IDS and NIDS?
The concept of IDS can be divided to Two classes, this are Host IDS and Network IDS or HIDS and NIDS.
IDS
/ \
HIDS NIDS
Host IDS Network IDS
Inspecting Host Inspecting Network
For example:
There are 7 IDS. Two of its are NIDS and Five of its are HIDS.
Of-course, IDS can be designed as hybrid of NIDS and HIDS.
Can i use more than one IDS and NIDS at the same time?
As you wish.
And what's YOUR favorite IDS or NIDS (I couldn't find ANY NIDS).
My favorite NIDS - is Suricata, because it can block connection in real time with iptables.
On HIDS, I like mtree
way ( OpenBSD ). You can read man mtree
PS: Where do you install NIDS? On the router?
There are many ways to use NIDS. Inside DMOZ or outside. For example, one NIDS can be installed on the front of network, with active filtering of connections. Thereafter other NIDS can be installed right on the server / work-station.
The easiest solution, that I'm using is installing Suricata right on my work-station with active dropping of any packets that match any of rules.
Suricata User Guide ยป Suricata Rules
Means, I'm taking latest set of rules and replacing alert
to drop
everywhere.
Users of Ubuntu could easy setup Suricata by one command:
$ sudo apt-get install -y suricata