Intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) are valuable tools in a network security environment. Usually thought of as additional security after antivirus software and firewalls, an Intrusion detection system is usually the best technique to detect any security breach. As useful as they can be, however, successfully using an IDS or IPS is one of the greatest challenges a security administrator can face.
An Intrusion detection system can be network based or host based: a network IDS is pointed to as a NIDS, whereas a host-based IDS is pointed to as a HIDS. In addition, a NIDS and HIDS can identify traffic of interest, or if they are also configured to stop a specific action from occurring, they are pointed to as intrusion prevention systems: NIPS and HIPS.
ID (Intrusion detection) is the process of monitoring for and recognizing specific malicious traffic. Most network admins do intrusion detection all the time without realizing it. Security administrators are regularly checking system and security log files for anything suspicious. Antivirus scanner is an intrusion detection system when it checks files and system for viruses. Intrusion detection system is just another tool that can watch host system modifications (host-based) or sniff network packets (network-based) looking for indications of malicious purpose.