Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,

Published byErik Cunningham Modified over 7 years ago

Similar presentations

Presentation on theme: "HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,"— Presentation transcript:

1 HIPS

2 Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks, at the network layer where personal firewalls operate and in the operating system.  All commercial HIPS software uses a technique called system call interception.  The HIPS software uses something called an OS shim to insert its own processes between applications, accessing resources on the host and the actual OS resources.  This way, the HIPS software has the ability to deny or permit those requests based on whether the request is identified as malicious or benign.

3 Host-Based Intrusion Prevention Systems  HIPS tools use a combination of signature analysis and anomaly analysis to identify attacks.  This is performed by monitoring traffic from network interfaces, the integrity of files, and application behavior.

4 Real-world Defense Scenarios  The best defenses in this area are from vendors that offer intrusion prevention that is not solely based on signature or rule-based analysis.  Application analysis techniques, the best-in-class vendors are able to stop attacks that have common exploit methods (such as buffer overflows) without requiring updates to the software.

5 Dynamic Rule Creation for Custom Applications  HIPS vendors are readying tools that monitor how an application operates in a learning mode, identifying what files are opened, what Registry keys are accessed, what system calls are made, and so on.  An organization using this technology would "train" the HIPS software in learning mode to recognize the traditional behavior of the production software and use the results of this training later in production to identify and stop anomalous events.  This functionality is helpful for both vendors and customers.

6 Monitoring File Integrity  HIPS software uses its operating system shim functionality to monitor any files that are opened as read/write or write-only on the operating system.  When a program or process attempts to call a function that would change the contents of a file, such as write(), fwrite(), or fsync(), or use any other file-modification system calls, the operating system checks whether the file handle corresponds to a list of files that should be monitored for change.  If the file is supposed to be monitored for change, the HIPS software then checks to determine if the user or application requesting the change is authorized to do so.

7 Monitoring Application Behavior  Application behavior monitoring is a feature of HIPS software where a manufacturer selects a supported application and records the intended functionality of the application in normal use.

8 HIPS Advantages  HIPS software includes nearly all the capabilities of HIDS software.  HIPS also have the ability to stop attacks from being successful.  HIPS can cop up with the problem zero-day exploit, an attack that occurs before the vulnerability is published.  HIPS software provides a better method of defending our perimeter when distributed throughout the enterprise than traditional tools allow.

9 HIPS Challenges  HIPS deployments have implementation and maintenance challenges that include testing updates, deploying updates, troubleshooting updates.  False positives are another major challenge.  The ability to monitor for anomalous behavior from applications is limited to those applications selected by your vendor  Hardening operating systems and secure coding practices are still good ideas for protecting custom application software.

10 More HIPS Challenges  HIPS is not a replacement for regular system patching or antivirus defenses.  With all the advantages and detection techniques offered by HIPS software comes the additional burden of processing requirements on servers and workstations.  Need for a management console to oversee HIPS software throughout the organization. need for a management console to oversee HIPS software throughout the organizationneed for a management console to oversee HIPS software throughout the organization

11 HIPS Recommendations  Document Requirements and Testing Procedures  Develop a Centrally Managed Policy for Controlling Updates  Don't Blindly Install Software Updates  Don't Rely Solely on HIPS to Protect Systems  Expect Your HIPS to Come Under Attack

12 More HIPS Challenges  HIPS is not a replacement for regular system patching or antivirus defenses.  With all the advantages and detection techniques offered by HIPS software comes the additional burden of processing requirements on servers and workstations.  Need for a management console to oversee HIPS software throughout the organization.

Download ppt "HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,"

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.

Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Intrusion Detection MIS.5213.011 ALTER 0A234 Lecture 3.

Intrusion Detection MIS ALTER 0A234 Lecture 3.
Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.

Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.
seminar on Intrusion detection system

seminar on Intrusion detection system
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)
Department Of Computer Engineering

Department Of Computer Engineering
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
Securing Legacy Software SoBeNet User group meeting 25/06/2004.

Securing Legacy Software SoBeNet User group meeting 25/06/2004.
Lesson 7 Intrusion Prevention Systems. UTSA IS 3523 ID & Incident Response Overview Definitions Differences Honeypots Defense in Depth.

Lesson 7 Intrusion Prevention Systems. UTSA IS 3523 ID & Incident Response Overview Definitions Differences Honeypots Defense in Depth.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

Similar presentations

Ads by Google