My Network Is Protected by a Firewall; Why Do I Need an IDS?
My kitchen has a stove to cook food, so why would I need a refrigerator? The simple answer is that they are two separate but complementary network security-related products.
To clarify the answer, I like to use an analogy to draw parallels of network security to real-world physical security that nearly everyone is familiar with.
Hardening your server is akin to making sure that your house has both doors and windows with locks that lock and shades that cover the windows. You only provide keys to trusted individuals, such as your family or your neighbor in case of emergencies. This allows them restricted access to the house, so that your plants may live while you're in the Caribbean.
Placing a firewall on your network would then be similar to erecting a fence around your property, and placing a guard with a guest list at the front gate. The guard only allows specific authorized people through, those who are on the list. The guard not only authorizes people trying to enter your house, but also the people leaving it. The guard can make sure that your little ones aren't wandering off down the street unattended, while making sure that the vacuum cleaner salesman has already set up an appointment to see you.
An IDS would then be like adding an alarm and video-monitoring system. You can place cameras on each wall of the fence and the guard shack. You can place motion sensors outside the front and back doors. And you can place contacts on each of the doors and windows. Each of these remote sensors is tied back to a central alarm console that correlates all the data and ensures that the guard is awake, and no one is scaling the fences or sneaking out late at night. Of course, for all this to be effective, someone has to be paying attention.