Security is, of course, always a concern. It is vital to protect sensitive information, proprietary data and communications in an organization to avoid having one’s objectives compromised either by competitors or those who would seek to harm you simply for sport. There are many methods available to make sure your computer systems and networks are secure and you can scale the sophistication of your security features accordingly. One of the more advanced security measures you can take is to employ a host based IDS on each computer on your network.
A host based IDS is a host based “intrusion detection system.” This is a relatively sophisticated method of detecting potential threats. NIDS, or “Network Based Intrusion Detection Systems” are much more common. They are usually deployed in conjunction with a firewall. Firewalls limit the traffic allowed into a given network or system by refusing connections that fail to address themselves to specific, prearranged ports. The software on user’s computers behind the firewall are configured to make use of the relevant ports.
An NIDS works by filtering other types of uncommon, irregular or otherwise suspicious data flow. It a sense, a NIDS can be described using the crude analogy to an e-mail filter. It scans packets of information (rather than e-mail) being transmitted and compares it to a databank of patterns that reflect certain types of attacks or illicit activities, whether that be a connection polling many different ports or specific kind of connections accessing a port that such connections are not usually directed toward, even if that port is technically open according to a firewall. Such systems will often work in conjunction with a firewall, potentially updating their respective detection rules.
A host based intrusion detection system works on a given machine and looks for irregular patterns in the way established programs access information and system resources. Just as a NIDS works in conjunction with a firewall, a good analogue may be that an HIDS works in conjunction with antivirus software in that it also sets out to monitor the behavior of code and applications on a given machine. The difference is that it will check established programs, like a spreadsheet application, that is recognized by your antivirus software as benign for strange activity like accessing hardware that it would normally have no reason to access or making changes to registry settings that is should not need to access under normal circumstances.
The goal is to make sure that none of your legitimate software can be hijacked by external users and used as a backend to get into your personal data, corrupt files or compromise your system or network. An HIDS can also help track which users, on a shared system, are accessing what data. If they attempt to access information or system for which they do not have authorization the activity can be flagged accordingly.
A host based IDS cannot protect your system all by itself, but it may significantly bolster you network and server security by checking for strange behavior that may have bypassed your other detection methods.
Related posts:
- Improving Security with Host Hardening Host Hardening is exactly what it sounds like: the systematic...
- Uses of a Host Based Firewall Any machine, whether a personal computer or a server, opens...
- Information Security and OpenSSH Server The basic premise of the information age is that information...
- What is a Dynamic Virtual Host? The term “dynamic virtual host” is a fairly simple...
- Fun with a Ventrilo Dedicated Server Ventrilo is a VoIP program. VoIP stand for “Voice...
Related posts brought to you by Yet Another Related Posts Plugin.
{ 0 comments… add one now }