• United States
Senior Editor

Host-based intrusion prevention

Sep 17, 20031 min
Intrusion Detection SoftwareNetwork SecuritySecurity

* Host-based intrusion-detection systems

Our Technology Update this week takes a look at one of the last lines of defense in the war against viruses, worms and other attacks brought to us by the ne’er-do-wells of the networked world: Host-based intrusion-detection systems.

Typically installed on servers, Host-based IDS products are expected to pick up on attempts to tamper with files, operating systems and user accounts on a server or desktop.

Our Technology Update author ( says host-based IDS agents examine various forms of data for specific known patterns of an attack.

Operating system and application log files are scanned for footprints of malicious behavior; the file system is monitored to see if sensitive files are being accessed or tampered with; and network traffic is monitored for network-based attacks.

Host-based systems also let users create specific, targeted exceptions directly to security policies. The idea is that kind of feature can ease configuration headaches and keep users in control of the system.

For more on this topic see: