Intrusion Prevention: Host based vs. network

Main

Articles

News

Links

Contacts


search this site

Host based vs. network

* HIPS can handle encrypted and unencrypted traffic equally, because it can analyze the data after it has been decrypted on the host.
* NIPS does not use processor and memory on computer hosts but uses its own CPU and memory.
* NIPS is a single point of failure, which is considered a disadvantage; however, this property also makes it simpler to maintain. However, this attribute applies to all network devices like routers and switches and can be overcome by implementing the network accordingly (failover path, etc.). A Bypass Switch can be implemented to alleviate the single point of failure disadvantage though. This also allows the NIPS appliance to moved and taken off-line for maintenance when needed.
* NIPS can detect events scattered over the network (e.g. low level event targeting many different hosts, like hostscan, worm) and can react, whereas with a HIPS, only the hosts data itself is available to take a decision, respectively it would take too much time to report it to a central decision making engine and report back to block.