Host Intrusion Prevention Limitations

Previous page
Table of content
Next page


HIPS offers many benefits and can be a valuable component in your defense-in-depth security implementation (see Chapter 4, "Security in Depth"), but it is not without its limitations. The key to using HIPS effectively is to be aware of the limitations and account for them. HIPS limitations include the following:

  • Subject to end user tampering

  • Lack of complete coverage

  • Attacks that do not target hosts

Subject to End User Tampering

HIPS products often include safeguards against user tampering, but some tampering methods cannot be mitigated by HIPS. For example, any user that has physical access to a machine also has at least some limited access to all the software installed on it. This presents an opportunity for the user to tamper with HIPS products protecting the host. The user could change the HIPS settings or even disable HIPS entirely.

For example, the Windows operating system includes a troubleshooting tool called safe mode, as shown in Figure 5-2. When safe mode is enabled, much of the software that ordinarily starts when the host is turned on is disabled. In most cases, safe mode also disables HIPS. Once it is disabled, the user can remove it entirely or disable it permanently.

Figure 5-2. Safe Mode


Safe mode is one easy way to meddle with HIPS. You have numerous other ways. A technically savvy user, for example, could physically remove the hard disk from the machine, attach it to another machine, and gain full access to any software that exists on that disk.

Lack of Complete Coverage

HIPS can protect only the hosts on which it is installed. Without help from other tools, it is very difficult to determine which hosts are connected to your network but do not have HIPS running. It is not necessary to have HIPS running on every single host to realize benefit from the tool, but even a few compromised hosts can have a negative impact on the organization as a whole.

Attacks That Do Not Target Hosts

Do not assume that all attacks target hosts. Many of them do, but numerous devices can be attacked that do not qualify as traditional hosts. Devices like IP phones, cellular phones, personal digital assistants, print servers, routers, wireless access points, and switches are all targets. Anything that uses the network is a possible target, and HIPS does not protect everything.



Previous page
Table of content
Next page
Intrusion Prevention Fundamentals
Intrusion Prevention Fundamentals
ISBN: 1587052393
EAN: 2147483647
Year: N/A
Pages: 115
Authors: Earl Carter, Jonathan Hogue
BUY ON AMAZON
Cisco IP Telephony (CIPT) (Authorized Self-Study) (2nd Edition)
The Complete Cisco VPN Configuration Guide
101 Microsoft Visual Basic .NET Applications
Service-Oriented Architecture (SOA): Concepts, Technology, and Design
What is Lean Six Sigma
Java Concurrency in Practice
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy