Which of the following can be installed on a host to ensure that only specified inbound and outbound connections are permitted? (Select the best answer.)
- antivirus software
- a HIPS
- a personal firewall
- a proxy server
A personal firewall can be installed on a host to ensure that only specified inbound and outbound connections are permitted. A personal firewall can protect a host from malicious traffic by permitting or denying specific applications or network ports access to the host or its network interface. Typically, a personal firewall provides sufficient granularity to specify the direction of a particular flow of traffic. For example, you could permit outbound web traffic but deny inbound Internet Control Message Protocol (ICMP) messages.
A Hostbased Intrusion Prevention System (HIPS) can be installed on a host to analyze and prevent malicious traffic on that host. An Intrusion Prevention System (IPS) can be used to actively monitor, analyze, and block malicious traffic before it infects devices. HIPS software can be installed on a host computer to protect that computer against malicious traffic. By contrast, a Networkbased IPS (NIPS) is an independent operating platform, often a standalone appliance or a hardware module installed in a chassis. A NIPS device can be installed inline on a network to monitor and prevent malicious traffic from being sent to other devices on the network. One advantage of using a NIPS over a HIPS is that a NIPS can detect lowlevel network events, such as the scanning of random hosts on the network? a HIPS can only detect scans for which it is the target. HIPS and a NIPS can be used together to provide an additional layer of protection.
You could not install antivirus software to ensure that only specified inbound and outbound connections are permitted. Antivirus software monitors the file system and memory space on a host for malicious code. Although the antivirus software might protect the host from malicious file execution, it would be unable to protect the host from malicious traffic. Some antivirus vendors offer integrated security suites, which feature personal firewall, HIPS, antivirus, and antimalware components.
You could not install a proxy server on a host to ensure that only specified inbound and outbound connections are permitted. A proxy server is typically an application layer gateway that provides resource caching and traffic filtering for a particular class of traffic, such as web content. Although you could install a proxy server locally on a host and use it to process specified outbound connections, it would not be able to restrict outbound connections that were not configured to use the proxy nor would it be able to restrict inbound connections.