Hello... every one , for this session I will share a few ebook or tutorial about network security, that's There are two primary kinds of IPS available: host-based IPS and network-based IPS.
Host-based IPS
Host-based IPS (HIPS) is software installed on a host to monitor and analyze suspicious activity. A significant advantage of HIPS is that it can monitor and protect operating system and critical system processes that are specific to that host. With detailed knowledge of the operating system, HIPS can monitor abnormal activity and prevent the host from executing commands that do not match typical behavior. This suspicious or malicious behavior might include unauthorized registry updates, changes to the system directory, executing installation programs, and activities that cause buffer overflows. Network traffic can also be monitored to prevent the host from participating in a denial-of-service (DoS) attack or being part of an illicit FTP session.
HIPS can be thought of as a combination of antivirus software, antimalware software, and a firewall. An example of a HIPS is Windows Defender. It provides a range of protection measures for Windows hosts. Combined with a network-based IPS, HIPS is an effective tool in providing additional protection for the host.
A disadvantage of HIPS is that it operates only at a local level. It does not have a complete view of the network, or coordinated events that might be happening across the network. To be effective in a network, HIPS must be installed on every host and have support for every operating system. The table lists the advantages and disadvantages of HIPS.
two primary kinds of IPS available:
Advantages
- Provides protection specific to a host operating system
- Provides operating system and application level protection
- Protects the host after the message is decrypted
Disadvantages
- Operating system dependent
- Must be installed on all host
A network-based IPS can be implemented using a dedicated or non-dedicated IPS device such as a router. Network-based IPS implementations are a critical component of intrusion prevention. Host-based IDS/IPS solutions must be integrated with a network-based IPS implementation to ensure a robust security architecture.
Sensors detect malicious and unauthorized activity in real time and can take action when required. As shown in the figure, sensors are deployed at designated network points. This enables security managers to monitor network activity while it is occurring, regardless of the location of the attack target.
Network-Based IPS
Network-based IPS Sensors can be implemented in several ways:
- On a Cisco Firepower appliance
- On an ASA firewall device
- On an ISR router
- As a virtual Next-Generation IPS (NGIPSv) for VMware
An example of a network-based IPS is the Cisco Firepower NGIPS. It is tuned for intrusion prevention analysis. The underlying operating system of the platform is stripped of unnecessary network services, and essential services are secured. This is known as hardening.
The hardware of all network-based sensors includes three components:
- NIC - The network-based IPS must be able to connect to any network, such as Ethernet, Fast Ethernet, and Gigabit Ethernet.
- Processor - Intrusion prevention requires CPU power to perform intrusion detection analysis and pattern matching.
- Memory - Intrusion detection analysis is memory-intensive. Memory directly affects the ability of a network-based IPS to efficiently and accurately detect an attack.
Network-based IPS gives security managers real-time security insight into their networks regardless of growth. Additional hosts can be added to protected networks without requiring more sensors. Additional sensors are only required when their rated traffic capacity is exceeded, when their performance does not meet current needs, or when a revision in security policy or network design requires additional sensors to help enforce security boundaries. When new networks are added, additional sensors are easy to deploy.
0 comments:
Post a Comment