Network Intrusion Detection basically involves monitoring network interfaces, analyzing all the packets seen, and providing alerts when certain attack characteristics are seen. On Debian, the primary tool for this is Snort. Snort will be installed if you install harden-nids, mentioned previously. Other packages are also available in Debian as well.
Snort can be paired with a package called fwsnort to not only detect potential attacks, but block them dynamically via adding IPTABLES rules when attacks are detected.
One caveat is that NIDS can only analyze traffic they actually see. They will see all traffic on whatever interfaces they monitor (in fact, Snort will see it before IPTABLES does, ensuring that all traffic is analyzed). However, if your system is protected by an external firewall (for example, if it's on a perimeter network), it will only see packets that are allowed through the external firewall. Because of this, NIDS may be of limited use unless it is run on the external firewall. Nevertheless, it is still useful to detect attack attempts that manage to get through the external firewall.
