Host Intrusion Prevention
Security
  Products    Support    Partners    Press center    Useful info    Promo actions    About us  

Computer security guide

Glossary

Host Intrusion Prevention

Up-to-date Protection

Articles/Reviews/Analytics

Host Intrusion Prevention

Host IPS is a software program that resides on individual systems such as servers, workstations or notebooks. The behavior of the applications and operating system and traffic flowing into or out of that particular system is inspected and has to be examined for indications of an attack. These host system-specific programs or “agents” may protect just the operating system, or applications running on the host as well (such as web servers). When an attack is detected, the Host IPS software blocks all activities that may create damage to the system, software of data. For example, attempts to install back door programs via applications like Internet Explorer are blocked by intercepting and denying the “write file” command issued by IE or by monitoring Windows Registry.

Benefits of Host IPS

  • Software installed directly on the system protects against not just the attack, but against the results of an attack, such as blocking a program from writing a file, blocking the escalation of a users privileges etc.
  • Protects mobile systems from attack when attached outside the protected network. Roaming laptop computers are a primary vector for introducing worms into a protected network. Carrying a Network IPS with the mobile system is not a practical solution.
  • Protects against local attacks. Personnel with physical access to a system can launch local attacks by executing programs introduced via CD, Floppy disk etc. These attacks often focus on escalating the user’s privileges to “root” or “administrator” to facilitate compromise of other systems in the network.
  • Provides a “Last line of defense” against attacks that have evaded other security tools. The potential victim system itself is the last defense point available to Security personnel to guard against system compromise.
  • Prevents internal attack or misuse on devices located on the same network segment, Network IPS only provides protection for data moving between different segments. Attacks launched between systems located on the same segment can only be countered with Host IPS.
  • Protects against encrypted attacks where the encrypted data stream terminates at the system being protected. Host
    IPS examines data and/ or behavior after encrypted data has been decrypted on the host system.
  • Independent of network architecture; allows for protection of systems located on obsolete or unusual network architectures such as Token Ring, FDDI etc.

Benefits of HIPS Safe’n’Sec

Host Intrusion Prevention Software Safe’n’Sec is based at behavior control technology and following design concepts:

  1. Proactive protection – constant PC control.
  2. No matter what or who want to damage your PC, SnS will block this attempt
  3. There are many hackers and insiders, who want to invade into PC, less software and methods how to do it, and only a few ways to damage data or software. SnS controls them without additional efforts.
  4. SnS controls other software behavior and blocks any attempts to influence PC operation
  5. Hackers use both special and regular software making it act in their own interests. SnS controls software and blocks its unusual behavior depriving hackers of their tools.
  6. Hundreds of new viruses appear daily and only a few new intrusion methods a year. SnS controls methods of intrusion thus traveling user do not need daily updates.
  7. It is cheaper to prevent rather than eliminate damage. Proactive protection means preventing from damage.
  8. People can forget somthing and make mistakes, good software - never will. Just implement confidential information access rules in SnS and it will help your employees to avoid faults and protect your information.
  9. Security services control rules enforcement in life, SnS controls rules enforcement in cyberworld.

What SnS HIPS can do?

  • Any damage is a result of software or people actions
  • SnS controls all actions of any software which could bring damage
  • Depending on applied security level suspicious action will be blocked, recorded into log file or SnS will request additional information from user or system administration.
  • SnS stores information about hundreds of popular programs regular operation profiles In case of virus infection or if the program is under hacker’s control SnS will detect its abnormal activity and prevent damage
  • System administrator or company security officer can create additional rules restricting or allowing access of different corporate applications (for example e-mail agents) to confidential data files
  • System administrator or security officer can deny or allow access of definite programs to different files and folder to control removable devices usage. All operations with confidential information can be registered in a log-file for future analysis in case of information leak.

 

 

Print this page




 
From Wikipedia

Intrusion-prevention system

 

»»»  Looking  for  resellers  worldwide  «««
Safe’n’Sec  >  Useful info  >  Computer security guide  >  Host Intrusion Prevention

Site Map  |  Search  |  Contact Us  |  License Agreements © S.N.Safe&Software, 2004-2010. All rights are reserved.