RangerIDS - Intrusion Detection System (IDS)

Host IPS (HIPS)

Network IPS (NIPS)

Gigabit IDS

Which Technology is the Best

Problems with IDS

Detection Methods

Pattern Matching

Stateful Pattern Matching

Protocol Decode

Heuristic Analysis

Anomaly Analysis

Which Detection Method is Best

Monitor-Evaluate-Modify: The Security Cycle

Host IPS (HIPS)

As with Host IDS systems, the Host IPS relies on agents installed directly on the system being protected.

It binds closely with the operating system kernel and services, monitoring and intercepting system calls to the kernel or APIs in order to prevent attacks as well as log them.

It may also monitor data streams and the environment specific to a particular application (file locations and Registry settings for a Web server, for example) in order to protect that application from generic attacks for which no “signature” yet exists.

One potential disadvantage with this approach is that, given the necessarily tight integration with the host operating system, future OS upgrades could cause problems.