eScan BlogeScan Blog    eScan WebsiteeScan Website    eScan ForumeScan Forum    eScan FeedseScan Feeds     
    
Languages:     

From eScan Wiki

(Difference between revisions)
Jump to: navigation, search
Revision as of 06:19, 8 September 2010
WikiSysop (Talk | contribs)

← Previous diff		 Revision as of 10:05, 17 September 2010
WikiSysop (Talk | contribs)

Next diff →
Line 62: Line 62:
=='''Overview'''== =='''Overview'''==
-The Host Intrusion Prevention System (HIPS) monitors all the network activities on the system. This technology helps in detecting when a rootkit, keylogger, spyware or Trojan is installed on the system. HIPS technology not only warns the user about any intrusion, but, also blocks it.+Usually, Anti-Virus and malware detection programs detect malware only after the computers on which they are running are infected. A majority of these programs use a signature-based approach for detecting malware. This implies that such programs can detect only those malware for which they have the virus definitions and signatures. This may often create problems when a new malicious program is released in the wild. In such cases, eScan’s HIPS technology proves to be highly effective.
-HIPS technology uses both signature based detection as well as advanced heuristics antivirus algorithm. You can also set policies specifying the behavior of operating systems or applications. The attacks that HIPS protect against include viruses, spam, spyware, worms, Trojans, keyloggers, bots, rootkits, and Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks.+__TOC__
 + 
 +=='''Description'''==
 + 
 +'''How HIPS Works?'''
 + 
 +The HIPS technology comes with an array of intrusion detection and prevention capabilities. It monitors processes that are running on the user’s computer, installation of software, and installation or removal of software drivers for suspicious activities. An example of a suspicious activity is the injection of code into a running process by another process. In addition, HIPS inspects the network traffic for malware.
 + 
 +HIPS monitors and verifies the behavior, state, and the stored information on a computer. It maintains a database of system objects, which contains information about the attributes of each object. It also creates a checksum database, which is a secure database that stores the checksum information for each object. In addition, it creates vtables to store information about the regions of memory that have not yet been used or modified.
 + 
 +The HIPS technology can be used at the network level to procure information about the IP address of the attacking computer and details of the attack. This may include the type and contents of the data packet used for the attack.
 + 
 +Whenever a system object changes, HIPS updates its databases. However, if the number of objects is large, HIPS monitors information such as, the file attributes, file size, and date to ensure that unusual events do not take place. When it detects a potential threat, HIPS alerts the user, blocks the suspicious activities based on user’s input, and stores the report of the activity in a log file.
 + 
 + 
 +__TOC__
 + 
 +=='''Benefits of HIPS'''==
 + 
 +'''The following are some of the benefits of the HIPS technology:'''
 + 
 +# It helps you block behavior-based attacks by malware or hackers on a real-time basis.
 +# It helps to eliminate zero-day attacks.
 +# It provides protection against buffer-overflows.
 +# It provides protection from attacks that bypass the security provided by firewall and content security programs.
 +# It protects operating system files and registry keys from modification by malware.
 +# It prevents unauthorized code from executing on the computer.
 + 
 + 
 +__TOC__
 + 
 +=='''Summary'''==
 + 
 +In this article, you learnt more about the HIPS technology. You also learnt how eScan uses it to protect computers from potential and unknown security threats.

Revision as of 10:05, 17 September 2010

  

  General

 		 

  Knowledgebase

 		 

  Support
Image:escan-g.jpg
· Articles  · FAQ  · Troubleshooting   · Technical Information - Main Page
Host Intrusion Prevention System (HIPS) Technology

Contents


Overview

Usually, Anti-Virus and malware detection programs detect malware only after the computers on which they are running are infected. A majority of these programs use a signature-based approach for detecting malware. This implies that such programs can detect only those malware for which they have the virus definitions and signatures. This may often create problems when a new malicious program is released in the wild. In such cases, eScan’s HIPS technology proves to be highly effective.


Description

How HIPS Works?

The HIPS technology comes with an array of intrusion detection and prevention capabilities. It monitors processes that are running on the user’s computer, installation of software, and installation or removal of software drivers for suspicious activities. An example of a suspicious activity is the injection of code into a running process by another process. In addition, HIPS inspects the network traffic for malware.

HIPS monitors and verifies the behavior, state, and the stored information on a computer. It maintains a database of system objects, which contains information about the attributes of each object. It also creates a checksum database, which is a secure database that stores the checksum information for each object. In addition, it creates vtables to store information about the regions of memory that have not yet been used or modified.

The HIPS technology can be used at the network level to procure information about the IP address of the attacking computer and details of the attack. This may include the type and contents of the data packet used for the attack.

Whenever a system object changes, HIPS updates its databases. However, if the number of objects is large, HIPS monitors information such as, the file attributes, file size, and date to ensure that unusual events do not take place. When it detects a potential threat, HIPS alerts the user, blocks the suspicious activities based on user’s input, and stores the report of the activity in a log file.



Benefits of HIPS

The following are some of the benefits of the HIPS technology:

  1. It helps you block behavior-based attacks by malware or hackers on a real-time basis.
  2. It helps to eliminate zero-day attacks.
  3. It provides protection against buffer-overflows.
  4. It provides protection from attacks that bypass the security provided by firewall and content security programs.
  5. It protects operating system files and registry keys from modification by malware.
  6. It prevents unauthorized code from executing on the computer.



Summary

In this article, you learnt more about the HIPS technology. You also learnt how eScan uses it to protect computers from potential and unknown security threats.

Retrieved from "https://wiki.escanav.com/wiki/index.php/Escan/english/HIPS"

eScan Copyright © 2015 MicroWorld Technologies Inc.- AntiVirus & Content Security.       Send your feedback to solutions@escanav.com eScan Wiki

    Privacy policy  About eScan Wiki  Disclaimers