Intrusion Prevention and Intrusion Detection Technologies

 < Day Day Up > 

CSA is a Host Intrusion Prevention System (HIPS). The older technology, which previously attempted to prevent intrusions on network endpoints, is known as a Host Intrusion Detection System (HIDS). This discussion starts by exploring the basics of each type of system.

HIDSs evolved out of Network Intrusion Detection Systems (NIDSs). A NIDS is a security technology deployed on network infrastructures that detects and alerts based on passively identifying active attacks. NIDS is an invaluable technology credited with saving enterprises from having to endure drastic outages due to active hacking attempts or distributed denial-of-service (DDoS) attacks.

The major issue associated with running an effective NIDS is to ensure that this technology is continuously updated with the latest signature definitions such that all currently known attacks are identified and the appropriate alerts are sent. This technology is only as effective as its latest update and the ability to limit the number of false positive alerts being sent.

Combine the large number of false positives with the large number of possible real positive events logged in an ever-growing database, and many security teams find themselves buried in log data they cannot interpret in a timely fashion. Therefore, a more active endpoint technology such as HIDS can complement the NIDS in an enterprise environment to ensure real-time security as well as comprehensive forensics within the logs. HIDSs also function by utilizing signatures to identify and prevent attacks, although they perform this action to secure individual end systems based on their local signature base of known attacks.

A Host Intrusion Prevention System (HIPS) differs significantly in its approach to securing hosts. It actively monitors the behavior of applications, locally executing code and local network connections on the end system to determine whether the actions should be allowed. An obvious benefit to a behavior-based system is that it does not require signature updates to prove successful. To better understand how a behavior-based system such as CSA can be effective in preventing both known and unknown attacks from compromising end systems, it is important to understand what you, as a security expert, are trying to protect.

     < Day Day Up > 


    Cisco Security Agent
    Cisco Security Agent
    ISBN: 1587052059
    EAN: 2147483647
    Year: 2005
    Pages: 145
    Authors: Chad Sullivan

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net