From eScan Wiki
Revision as of 06:19, 8 September 2010 WikiSysop (Talk | contribs) ← Previous diff |
Current revision WikiSysop (Talk | contribs) |
||
Line 1: | Line 1: | ||
{| class="wikitable" border="0" | {| class="wikitable" border="0" | ||
- | + | |- | |
- | {| id="mp-topbanner" style="width:100%; background:#fcfcfc; margin-top:1.2em; border:1px solid #ccc;" | + | |
- | | style="width:56%; color:#000;" | | + | |
- | {| style="width:280px; border:none; background:none;" | + | |
- | | [[Image:Escan_wikipedia.jpg|left|<!--We add confidence to computing-->]] | + | |
- | |} | + | |
- | |width="1000pt" style="width:11%; font-size:95%;" white-space:nowrap;| | + | |
- | <B><p> General</p></B> | + | |
- | * [[Main Page|<font color="blue">Home</font>]] | + | |
- | * [[Marketing|<font color="blue">Marketing</font>]] | + | |
- | * [[Events|<font color="blue">Events</font>]] | + | |
- | * [[Marketing/Advertisement|<font color="blue">Advertisement</font>]] | + | |
- | * [[Escan/english/Security_Awareness|<font color="blue">Security Awareness</font>]] | + | |
- | |width="1000pt" style="width:11%; font-size:95%; white-space:nowrap;" | | + | |
- | <B><p> Knowledgebase</p></B> | + | |
- | * [[Technical Info|<font color="blue">Technical Information</font>]] | + | |
- | * [[Beta Testing|<font color="blue">Beta Testing</font>]] | + | |
- | * [[Release Candidate|<font color="blue">Release Candidate</font>]] | + | |
- | * [[User Guide|<font color="blue">User Guides</font>]] | + | |
- | * [[Escan/english/Technologies|<font color="blue">Technologies</font>]] | + | |
- | |width="1000pt" style="width:11%; font-size:95%;white-space:nowrap;" | | + | |
- | <B><p> Support</p></B> | + | |
- | * [[EMail|<font color="blue">eMail</font>]] | + | |
- | * [[Online Chat|<font color="blue">Online Chat</font>]] | + | |
- | * [[Telephonic Support|<font color="blue">Telephone</font>]] | + | |
- | * [[Remote Support|<font color="blue">Remote Support</font>]] | + | |
- | * [[Forums|<font color="blue">Forums</font>]] | + | |
- | |} | + | |
- | {| class="wikitable" border="0" | + | |
- | |} | + | |
- | + | ||
{| id="mp-topbanner" style="width:100%; background:#fcfcfc; margin-top:1.2em; border:1px solid #ccc;" | {| id="mp-topbanner" style="width:100%; background:#fcfcfc; margin-top:1.2em; border:1px solid #ccc;" | ||
| style="width:10%; color:#000;" | | | style="width:10%; color:#000;" | | ||
Line 36: | Line 6: | ||
| [[Image:escan-g.jpg]] | | [[Image:escan-g.jpg]] | ||
|} | |} | ||
- | |style="text-align:left;"|'''·''' [[Escan/english/eScan-Articles|<font size=1.5 color="blue" align="left">Articles</font>]] '''·''' [[Escan/english/eScan-FAQ|<font size=1.5 color="blue">FAQ</font>]] '''·''' [[Escan/english/eScan-Troubleshooting|<font size=1.5 color="blue">Troubleshooting</font>]] | + | |style="text-align:left;"|'''·''' [[Escan/english/FAQ-eScan|<font size=1.5 color="blue" |
- | |style="text-align:right;"| '''·''' [[Technical Info|<font size=1.5 color="blue">Technical Information - Main Page</font>]] | + | |
+ | align="left">eScan</font>]] '''·''' [[Escan/english/MailScan-AFT|<font size=1.5 | ||
+ | |||
+ | color="blue">MailScan</font>]] '''·''' [[Escan/english/Technologies|<font size=1.5 | ||
+ | |||
+ | color="blue">Technologies</font>]] | ||
+ | |style="text-align:right;"| '''·''' [[Technical Info|<font size=1.5 color="blue">Technical | ||
+ | |||
+ | Info</font>]] '''·''' [[Escan/english/Security_Awareness|<font size=1.5 color="blue">Security | ||
+ | |||
+ | Awareness</font>]] '''·''' [[User_Guides|<font size=1.5 color="blue">User Guides</font>]] | ||
|} | |} | ||
Line 62: | Line 42: | ||
=='''Overview'''== | =='''Overview'''== | ||
- | The Host Intrusion Prevention System (HIPS) monitors all the network activities on the system. This technology helps in detecting when a rootkit, keylogger, spyware or Trojan is installed on the system. HIPS technology not only warns the user about any intrusion, but, also blocks it. | + | Usually, Anti-Virus and malware detection programs detect malware only after the computers on which they are running are infected. A majority of these programs use a signature-based approach for detecting malware. This implies that such programs can detect only those malware for which they have the virus definitions and signatures. This may often create problems when a new malicious program is released in the wild. In such cases, eScan’s HIPS technology proves to be highly effective. |
+ | |||
+ | __TOC__ | ||
+ | |||
+ | =='''Description'''== | ||
+ | |||
+ | '''How HIPS Works?''' | ||
+ | |||
+ | The HIPS technology comes with an array of intrusion detection and prevention capabilities. It monitors processes that are running on the user’s computer, installation of software, and installation or removal of software drivers for suspicious activities. An example of a suspicious activity is the injection of code into a running process by another process. In addition, HIPS inspects the network traffic for malware. | ||
+ | |||
+ | HIPS monitors and verifies the behavior, state, and the stored information on a computer. It maintains a database of system objects, which contains information about the attributes of each object. It also creates a checksum database, which is a secure database that stores the checksum information for each object. In addition, it creates vtables to store information about the regions of memory that have not yet been used or modified. | ||
+ | |||
+ | The HIPS technology can be used at the network level to procure information about the IP address of the attacking computer and details of the attack. This may include the type and contents of the data packet used for the attack. | ||
+ | |||
+ | Whenever a system object changes, HIPS updates its databases. However, if the number of objects is large, HIPS monitors information such as, the file attributes, file size, and date to ensure that unusual events do not take place. When it detects a potential threat, HIPS alerts the user, blocks the suspicious activities based on user’s input, and stores the report of the activity in a log file. | ||
+ | |||
+ | __TOC__ | ||
+ | |||
+ | =='''Benefits of HIPS'''== | ||
+ | |||
+ | '''The following are some of the benefits of the HIPS technology:''' | ||
+ | |||
+ | # It helps you block behavior-based attacks by malware or hackers on a real-time basis. | ||
+ | # It helps to eliminate zero-day attacks. | ||
+ | # It provides protection against buffer-overflows. | ||
+ | # It provides protection from attacks that bypass the security provided by firewall and content security programs. | ||
+ | # It protects operating system files and registry keys from modification by malware. | ||
+ | # It prevents unauthorized code from executing on the computer. | ||
+ | |||
+ | __TOC__ | ||
+ | |||
+ | =='''Summary'''== | ||
+ | |||
+ | In this article, you learnt more about the HIPS technology. You also learnt how eScan uses it to protect computers from potential and unknown security threats. | ||
+ | |||
- | HIPS technology uses both signature based detection as well as advanced heuristics antivirus algorithm. You can also set policies specifying the behavior of operating systems or applications. The attacks that HIPS protect against include viruses, spam, spyware, worms, Trojans, keyloggers, bots, rootkits, and Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks. | + | Return to [[Escan/english/Technologies| <font color="blue">Technologies]] |
Current revision
| · eScan · MailScan · Technologies | · Technical Info · Security Awareness · User Guides |
Host Intrusion Prevention System (HIPS) Technology |
|
[edit] OverviewUsually, Anti-Virus and malware detection programs detect malware only after the computers on which they are running are infected. A majority of these programs use a signature-based approach for detecting malware. This implies that such programs can detect only those malware for which they have the virus definitions and signatures. This may often create problems when a new malicious program is released in the wild. In such cases, eScan’s HIPS technology proves to be highly effective.
[edit] DescriptionHow HIPS Works? The HIPS technology comes with an array of intrusion detection and prevention capabilities. It monitors processes that are running on the user’s computer, installation of software, and installation or removal of software drivers for suspicious activities. An example of a suspicious activity is the injection of code into a running process by another process. In addition, HIPS inspects the network traffic for malware. HIPS monitors and verifies the behavior, state, and the stored information on a computer. It maintains a database of system objects, which contains information about the attributes of each object. It also creates a checksum database, which is a secure database that stores the checksum information for each object. In addition, it creates vtables to store information about the regions of memory that have not yet been used or modified. The HIPS technology can be used at the network level to procure information about the IP address of the attacking computer and details of the attack. This may include the type and contents of the data packet used for the attack. Whenever a system object changes, HIPS updates its databases. However, if the number of objects is large, HIPS monitors information such as, the file attributes, file size, and date to ensure that unusual events do not take place. When it detects a potential threat, HIPS alerts the user, blocks the suspicious activities based on user’s input, and stores the report of the activity in a log file.
[edit] Benefits of HIPSThe following are some of the benefits of the HIPS technology:
[edit] SummaryIn this article, you learnt more about the HIPS technology. You also learnt how eScan uses it to protect computers from potential and unknown security threats.
|