During a company-wide initiative to harden network security, it is discovered that end users who have
laptops cannot be removed from the local administrator group. Which of the following could be used to
help mitigate the risk of these machines becoming compromised?
A.
Security log auditing
B.
Firewalls
C.
HIPS
D.
IDS
It is indeed an interesting question. First let’s eliminate the wrong answers which are:
A- Security log auditing
This will do nothing to avoid these machines becoming compromised in the first place. It may be of help later on.
D- IDS – Intrusion detection system. It would “detect” an intrusion, but we are after something that would “prevent” the intrusion altogether
So we have a tossup between “B- Firewalls” and “C-HIPS”
Going back to the requirements, the question is “Which of the following could be used to
help mitigate the risk of these machines becoming compromised?”
The answers is: Both B and C!
The ambiguity in here is in “could be used”.
As a rule, laptops have the Windows Firewall (assuming we are talking about windows) ENABLED BY DEFAULT.
So Firewall is ALREADY in use. And if it is not, then we should fire the administrators.
So to my mind, the best answer is “C- HIPS”
What is Host Intrusion Prevention System (HIPS) and how does it work?
Malware today is so numerous and diverse that security professionals have known for some time that signature based solutions would no longer be able to cut it alone. Not only are there too many new malware files each day, some of them are able to change their shape and signature as they go along. But,if you can’t recognize something by its looks, you might be able to categorize it by its behavior. This is where methods like HIPS (Host Intrusion Prevention System) come into play.
By definition HIPS is an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host. In other words a Host Intrusion Prevention System (HIPS) aims to stop malware by monitoring the behavior of code. This makes it possible to help keep your system secure without depending on a specific threat to be added to a detection update.
Historically HIPS and firewalls are closely related. Where a firewall regulates the traffic to and from your computer based on a rule set, HIPS do more or less the same, but for the major changes made on your computer.
0
0