Description of the Difference Between HIDs & NIDs

By Vivek Saxena

Host Intrusion Detection Systems and Network Intrusion Detection Systems, or HIDs and NIDs, are computer network security systems used to protect from viruses, spyware, malware and other malicious file types. The difference is that HIDs are installed only on certain intersection points, such as servers and routers, while NIDs are installed on every host machine.


Due to the rapid increase of network attacks, HIDs and NIDs have become commonplace. While firewalls and anti-malware suites are fine for individual computers, they lack the intelligence necessary to defend a corporate network. As an example, HIDs and NIDs collect information from a network and compare that information to predefined patterns to discover attacks and vulnerabilities. They also create normal-behavior databases.

Core Functions

HIDs examine specific host-based actions, such as what applications are being used, what files are being accessed and what information resides in the kernel logs. NIDs analyze the flow of information between computers, i.e., network traffic. They essentially "sniff" the network for suspicious behavior. Thus, NIDs can detect a hacker before he's able to make an unauthorized intrusion, whereas HIDs won't know anything is wrong until the hacker has already breached the system.

HIDs Benefits

Though HIDs may seem like a poor solution at first, they do have several benefits. For one, they can prevent attacks from resulting in any damage. For instance, if a malicious file attempts to rewrite a file, the HID can cut off its privileges and quarantine it. HIDs can keep laptops protected when they're taken off a network and into the field. Ultimately, HIDs are a "last line of defense" tool used to ward off attacks missed by the NID.

NIDs Benefits

Where NIDs excel is their ability to protect hundreds of computer systems from one network location. This makes a NID less expensive -- not to mention easier to deploy. NIDs also provide a broader examination of a corporate network via scans and probes. More important, NIDs allow administrators to protect non-computer devices, such as firewalls, print servers, VPN concentrators and routers. Additional benefits include flexibility with multiple operating systems and devices, and protection against bandwidth floods and DoS attacks.

Optimal Solution

Ideally, a corporate network should feature both a HID and a NID. The former will protect local machines and act as a last line of defense, while the NID will keep the actual network safe and secure. Both are capable of providing more security than any single firewall or anti-virus suite, but each lacks certain capabilities that the other contains. Thus, combining the two is the only way to create a truly robust defensive network.