Evaluation of Two Host-Based Intrusion Prevention Systems

Abstract

Host-based intrusion-prevention systems are recently popular technologies that protect computer systems from malicious attacks. Instead of merely detecting exploits, the systems attempt to prevent the exploits from succeeding on the host they protect. This research explores the threats that have led to the development of these systems and the techniques many use to counter those problems. The author then evaluates two current intrusion-prevention products (McAfee Entercept and the Cisco Security Agent) as to their success in preventing exploits. His tests used live viruses, worms, Trojan horses, and remote exploits that turned loose on an isolated two-computer network. The author then makes recommendations about deployment of the two products based on the results of this testing. Testing procedures for the remote exploit, e-mail exploit, disk exploit, and web phase exploit are appended.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jun 01, 2005
Accession Number
ADA435506

Entities

People

  • Keith G. Labbe

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Cyber
  • Energy and Power Technologies

DTIC Thesaurus Topics

  • Computer Network Security
  • Computer Networks
  • Computer Science
  • Computers
  • Cybersecurity
  • Detection
  • Detectors
  • Electronic Mail
  • Intrusion
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Network Protocols
  • Operating Systems
  • Port Scanners
  • Sensor Networks
  • Web Browsers

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Systems Analysis and Design