Jane, a security administrator, has observed repeated attempts to break into a server. Which of the following is designed to stop an intrusion on a specific server?
Correct Answer: A
Section: Threats and Vulnerabilities
This question is asking which of the following is designed to stop an intrusion on a specific server. To stop an intrusion on a specific server, you would use a HIPS (Host Intrusion Prevention System). The difference between a HIPS and other intrusion prevention systems is that a HIPS is a software intrusion prevention systems that is installed on a ‘specific server’.
Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it.
A HIPS (Host Intrusion Prevention System) is software installed on a host which monitors the host for suspicious activity by analyzing events occurring within that host with the aim of detecting and preventing intrusion.
B: A NIDS (Network Intrusion Detection System) is typically a hardware device designed to detect intrusion attempts to the network, not a specific host.
C: A HIDS (Host Intrusion Detection System) is a host based system. However it is a ‘detection’ system not a prevention system. Therefore it will only detect intrusion attempts; it will not stop them.
D: A NIPS (Network Intrusion Prevention System) is typically a hardware device designed to prevent intrusion attempts to the network, not a specific host.