Host Intrusion Prevention System (HIPS) products have two essential elements:
A software package installed on the endpoint to protect it, called a client or agent.
A management infrastructure to manage the agents.
This chapter divides the two major elements into subcomponents, describes them, and illustrates functional approaches for each. Real-world HIPS products are used as practical examples.
Imagine a guard who is assigned to secure the entrance to a building. When someone approaches a protected resource, the guard begins an access control process and stops the person and asks for some form of identification. After the necessary information has been gathered, the guard follows policy and decides whether ...