لطفا منتظر باشید ...
Host-Based IPS Overview
An in-depth look at the implementation of a host-based IPS is beyond the scope of this book. Furthermore, the configuration that is required to implement any host-based IPS depends on the software that is used.Figure 16-1.A host-based IPS is a host-based, real-time, intrusion-prevention and security-enforcement system that is designed to protect system resources and applications.The main installed elements of a host-based IPS are the following:
- Agents that are installed on each host you want to protect
- The console, a GUI application that lets you monitor agent and system activity and manage host-based IPSs
- A database of signatures and all other information relevant to the host sensor system
A host-based IPS provides the facility that audits log files on a server and also the file systems and other resources. It can monitor individual operating system processes and protect resources that exist only on a specific server.A simple form of a host-based IPS is event logging. However, event logging requires resource-intensive operations to analyze these logs. Current host-based IPSs run an agent on the server, which monitors and protects the resources.An added advantage of a host-based IPS is that it can analyze secured communications after the data has been decrypted (a normal NIDS cannot analyze HTTPS traffic).A console server is used for all host-based IPS agent reporting. This server must also be protected by a host-based IPS.
