IDS/IPS

MicroCourse
Time
58 minutes
Difficulty
Intermediate
CEU/CPE
4

Video Description

This lesson focuses on host-based software solutions: - Host based firewalls - Anti-malware - Anti-virus - Anti-spyware - Spam filters - Host based intrusion detection/prevention systems (HIDS/HIPS) Host-based software solutions are integral in providing a good piece of layered defense in keeping a network secure.

Video Transcription

00:04
okay, so moving further. We'll talk a little bit about host based software solutions, and you'll see the first bullet point here is host based firewalls. Now when we talk about software solutions were talking about, um, software that we install on a particular system
00:22
and firewalls, or one of those things that could be hardware based or software based,
00:26
and something to keep in mind is usually with computers. We got about software solution versus hardware solution. You generally get better performance in greater reliability from a hardware solution.
00:40
You save money using a software solution, and firewalls are no exception. So with host based firewalls, you know, if you're familiar, if you've heard of Zelnorm Pro or Black Ice as matter Fact, a lot of the anti virus programs that you download today are really more along the lines of firewall systems.
01:00
There's a lot of blurred lines between them, you know, host based intrusion detection, host based intrusion prevention.
01:07
You know, really, you don't just buy a pure any virus solution today, the way you might have five years ago. Ah, lot of them are any my now where that include any virus and any spyware. But The bottom line is when you choose software solutions, this is software you install you download or
01:26
you install from a disc
01:29
and its software that runs on on your system. In a larger environment, like a network based environment, I'd have a hardware based firewall, and that would be something like Maybe Cisco's A s A. That is, ah, box that does nothing but be a firewall.
01:44
And obviously, if you've got a device that's designed to do nothing but inspect traffic,
01:49
allow it or block it based on criteria, you're gonna get very good performance and good reliability. But certainly host based solutions are very valid, and rarely is. Are they mutually exclusive? Have a hardware based firewall that's going to inspect all traffic coming into my network, But I'll have a host based system as well
02:07
for traffic that hits particular host particular client's particular servers.
02:12
So host based firewalls again, these really kind of overlap each other. If you were to buy Norton Anti Virus or Magothy Kaspersky, there are a lot of ones that are out there. Ultimately, what they're doing is they're performing many of these functions what they all
02:29
really kind of could be summed up with is a host based intrusion detection system.
02:35
Sometimes these air referred to as rappers TCP rappers with the w like wrapping presents PCP rappers Sometimes what kids are referred to because they inspect TCP I v stat.
02:49
Now, uh, one of the things to keep in mind with host based systems very different from network based ideas, thes host based systems would be used. If you want to find out who's installing applications on this server, who's modifying the registry on this server?
03:07
What traffic is accessing this network court?
03:10
This would also be good, because network based intrusion detection generally can't analyze traffic in an encrypted tunnel. So I can't see malicious activity or malicious software across the network if it's encrypted. But certainly when that traffic hits this network, or because there has to be the decryption at the Knick,
03:30
you know, once it once it hits my local machine,
03:34
then the heads or hips could defend against it. So certainly these host based software solutions present a real benefit for us and and know that this is just another part of a layer defense Software can be compromised. Of course. It can fire walls could be compromised. Of course it can.
03:52
But ultimately, when it comes right down to it,
03:54
these you're gonna provide a good piece of layer defense.

Up Next

IDS/IPS

Two common security appliances are IPS and IDS. IPS stands for Intrusion Prevention System and IDS stands for Intrusion Detection System

Instructed By

Instructor Profile Image
Leo Dregier
Instructor