Introduce: Personal software firewalls
* Personal firewalls are applications that protect an individual computer from unwanted Internet traffic. Exampls: windows firewall, zone-alarm, ipfirewall (Mac OS). Personal firewall:
+ promp the user for permission to enable particular applications to access the Internet.
+ have the capability to detect intrusion to a computer an block that intrusion.
Host-based intrusion detection system (HIDS) is loaded on an individual computer, it analyzes and monitors what happens inside that computer. A HIDS is installed directly within an operating system. One of advantages of using a HIDS is that it can interpret encrypted traffic. Disadvantages include price, and resource-intensive, and by default the HIDS object database is stored locally, if something happen to the computer the database will unavailable.
– Network intrusion detection system (NIDS) can be be loaded on the computer, or can be a standalone appliance, but it checks all the packets that pass through the netwrok interfaces. Advantaged include: it is less expensive and less resource intensive, and entire network can be scanned for malicious activity as oppesed to just one computer. Disadvantages is that a NIDS cannot monitor for things that happen within an OS.
+ Signature-based- Network traffic is analyzed for predetermined attack patterns, which are known as signatures. These signatures are stored in a database that must be update regularly to have affect.
+ False negative- If the IPS does not have a particular attack’s signatures in tis database, and lets that attack run its course thinking it is legitimate.