Last Updated on July 31, 2021 by Admin
Which of the following is deployed on an endpoint as an agent or standalone application?
- NIPS
- NGFW
- HIDS
- NIDS
A host-based intrusion detection system (HIDS) monitors individual workstations on a network.
A network intrusion detection system (NIDS) is a system that operated on the network and detects attacks on that network. It monitors real-time traffic over the network, captures the packets, and analyzes them either through a signature database or against the normal traffic pattern behavior to ensure that there are no intrusion attempts or malicious threats. The primary disadvantage of an NIDS is its inability to analyze encrypted information. For example, the packets that traverse through a Virtual Private Network (VPN) tunnel cannot be analyzed by the NIDS. An NIDS would most likely be used to detect, but not react to, behavior on the network.
A network intrusion prevention system (NIPS) is a system that operated on the network and detects attacks on that network while also taking actions to stop the attack. Intrusion prevention system (IPS) and intrusion detection systems (IDS) work together to complement each other. IPS systems can block activities on certain Web sites. Users may be allowed to access the sites but may be prevented from accessing certain features within the site. In other cases, the entire site may be blocked, depending on the security requirements for the organization.
A next generation firewall (NGFW) is one that monitors all layers if the OSI model. It is not deployed on a host.
Objective: Host-Based Analysis
Sub-Objective: Describe the functionality of these endpoint technologies in regards to security monitoring: Host-based intrusion detection, Antimalware and antivirus, Host-based firewall, Application-level whitelisting/blacklisting, Systems-based sandboxing (such as Chrome, Java, Adobe reader).