Network Intrusion Detection System, detects attack over the network passing through NIDS. It monitors incomming, outgoing and local network traffic. NIDS analyze only copy of data. Actual traffic is not blocked. So, no delay is introduced.
NIPS, Network Intrusion Prevension System is NIDS installed in inline mode and have capability to block detected attack. NIPS introduce network delay. NIPS should be tuned before installing in production envronment.
NIDS, NIPS is part of defense in depth adding additional layer of security.
Snort can be used as NIDS/NIPS. Routers normaly have built in NIPS.
Firewall is a tool that provide security agains network based attacks. Firewall could be software based or hardware based. Apart from packet filtering, firewall in do deep packet inspection to detect other attacks.
Honeypots are deceptive systems that are used to detect attacks, monitor, log hacker activity. Honeypots are traps. Honeypots are used to lure attackers. Honeypots are placed in DMZ. Honeypots are replication of legitimate website with dummy data. honeyd is used to create larg network on single host.
Proxy server is intermiary server that send requests on behalf of clients and deliver response from server back to client. Proxy servers are used for caching resources to save bandwidth, enhance network speed by removing ads from websites. Proxy servers are also used to monitor, control web access from internal network of organization. Web server proxies do:
Protocol Analyzers are used to analyze network protocols like tcp, udp, http, smtp, telnet, ftp, to find attacks. Wireshark is open source protocol analyzer.
Penetration testing is required to find vulnerabilities, weaknesses, security wholes in network that an attacker could use to leverage to gain unauthorized access. Penetration testing could be black box, or white box or gray box.