Antivirus protection in the era of Windows 10 - hardening part 3

The next technology that I want to devote a few words to is the IPS (Intrusion Prevention System). This is an intrusion prevention system . HIPS operates on the host (operating system) by analyzing events using system heuristics and signatures from system logs, file system (integrity) and local network interfaces. In most cases, these are Linux systems, and one of the Windows clients is OSSEC . Only on Linux systems is it possible to install an agent without a server (localhost). In the case of Windows systems, before installing the client, one should install the OSSEC server on some Linux distribution or use ready-made security distributions that have much more to offer than just an OSSEC server, e.g. OSSIM .

The OSSEC agent may, in addition to the standard Windows logs monitoring option (recommended), monitor the IIS web server logs and check the integrity of files, and transfer the results to the OSSEC server with encrypted SSH communication.

NIDS (Network Intrusion Prevention System) is a network intrusion detection system. Also, most of them are Linux systems, and the two most popular representatives are Snort and Suricata. Both have Windows installers. Snort installs without WinPcap libraries, so after installation you need to install it and download the rules.

Then run it in Network Intrusion Detection System Mode.

The Suricata installer installs the WinPcap package and also requires downloading rules to analyze network traffic.

If we choose one of the ready security distributions: OSSIM or Security Onion, then in both we will find Snort and Suricata, and in addition we will get other tools to improve the security level of our network and monitored systems.

The HIDS technology is mentioned among the 10 main rules of the strategy to minimize IAD security threats in addition to the EMEt and " white lists " described earlier.



Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.