Which of the following can be installed on a host to analyze and prevent malicious traffic on that host? (Select the best answer.)
- a HIDS
- a HIPS
- a NIPS
- a NIDS
A Hostbased Intrusion Prevention System (HIPS) can be installed on a host to analyze and prevent malicious traffic on that host. An Intrusion Prevention System (IPS) can be used to actively monitor, analyze, and block malicious traffic before it infects devices. Typically, an IPS is configured to block only traffic that has been definitively marked as malicious. Traffic that is suspect but has not been confirmed as malicious is referred to as gray area trafficand is not discarded by an IPS.
HIPS software can be installed on a host computer in conjunction with a hostbased firewall to protect the computer and the data it holds against malicious traffic. Because HIPS software is installed on a host computer, it can directly access the host operating system (OS) as well as encrypted traffic on the host. By contrast, a Networkbased IPS (NIPS) device is a standalone platform that can be installed in conjunction with networkbased firewalls to monitor and prevent malicious traffic from being sent to any device on the network.
An Intrusion Detection System (IDS) is similar to an IPS, but IDS devices do not sit inline with traffic. Thus IDS devices are primarily used for monitoring traffic and hosts rather than actively preventing attacks. If malicious activity is discovered, an IDS device can send an alert to a management station. However, because the IDS does not sit inline with traffic, the traffic will have already affected the network or host by the time the alert is sent. A Hostbased IDS (HIDS) can be used to monitor activity on a single host? a HIDS can monitor traffic being sent to and from a host and can monitor OS files for suspicious changes. By contrast, a Networkbased IDS (NIDS) can be used to monitor all network traffic.