Which of the following can be installed on a host to analyze and prevent malicious traffic on that host? (Select the best answer.)
- antivirus software
- a HIPS
- a personal firewall
- a proxy server
A Hostbased Intrusion Prevention System (HIPS) can be installed on a host to analyze and prevent malicious traffic on that host. An Intrusion Prevention System (IPS) can be used to actively monitor, analyze, and block malicious traffic before it infects devices. HIPS software can be installed on a host computer to protect that computer against malicious traffic. By contrast, a Networkbased IPS (NIPS) is an independent operating platform, often a standalone appliance or a hardware module installed in a chassis. A NIPS device can be installed inline on a network to monitor and prevent malicious traffic from being sent to other devices on the network. One advantage of using a NIPS over a HIPS is that a NIPS can detect lowlevel network events, such as the scanning of random hosts on the network? a HIPS can only detect scans for which it is the target. A HIPS and a NIPS can be used together to provide an additional layer of protection.
Although you could install a personal firewall to protect a host from malicious traffic, a personal firewall does not perform traffic analysis. However, a personal firewall can work in conjunction with other software, such as a HIPS or a NIPS, to protect a host from a wider array of malicious activities. For example, Cisco Advanced Malware Protection (AMP) for Endpoints can work in conjunction with a personal firewall to provide threat protection and advanced analytics.
You could not install antivirus software to analyze and prevent malicious traffic on that host. Antivirus software monitors the file system and memory space on a host for malicious code. Although the antivirus software might protect the host from malicious file execution, it would be unable to protect the host from malicious traffic. Some antivirus vendors offer integrated security suites, which feature personal firewall, HIPS, antivirus, and antimalware components.
You could not install a proxy server on a host to analyze and prevent malicious traffic on that host. A proxy server is typically an application layer gateway that provides resource caching and traffic filtering for a particular class of traffic, such as web content. Although you could install a proxy server locally on a host, it would not have a significant effect on malicious traffic directed at the host nor would it be able to analyze its content.