Is hips a firewall?

[nhamilton]

The term hips seems to mean many things to many people, same with the word firewall. So how I describe things people might not totally agree with. This is more just so I can get a better understanding in my own mind.
Some points we will see if we agree on any of them

• HIPS based software controls what an application is allowed to do and not allowed to do
• It monitors what each application tries to do and works out if a sequence of behaviour is valid
• Part of the monitoring is how it use the network/internet
• To prevent an application doing something you do not wish with the

network, you need be to able to filter and block connections/packets.
If those 4 points are true, then wouldn’t that mean a HIPS security app needs to be a firewall as well? or is my understanding of how people refer to HIPS wrong?

[alex_s]

Quote:

Originally Posted by nhamilton

The term hips seems to mean many things to many people, same with the word firewall. So how I describe things people might not totally agree with. This is more just so I can get a better understanding in my own mind.
Some points we will see if we agree on any of them

• HIPS based software controls what an application is allowed to do and not allowed to do
• It monitors what each application tries to do and works out if a sequence of behaviour is valid
• Part of the monitoring is how it use the network/internet
• To prevent an application doing something you do not wish with the

network, you need be to able to filter and block connections/packets.
If those 4 points are true, then wouldn’t that mean a HIPS security app needs to be a firewall as well? or is my understanding of how people refer to HIPS wrong?

The names are the most confusing thing .. the problem is we need them to communicate

[majoMo]

Quote:

Originally Posted by nhamilton

then wouldn’t that mean a HIPS security app needs to be a firewall as well?

IMO not at all.

You are sure; some confusion there are in conceptions about.

I like to return to the source concept and notion:

HIPS - enhance Anti Virus.

NIPS - strengthen Firewalls.

[Mem]

As ill-intended code needs to modify the system or other software residing on the machine to achieve its evil aims, a truly comprehensive HIPS system will notice some of the resulting changes and prevent the action by default or notify the user for permission.

The role of an IPS in a network is often confused with access control and application-layer firewalls. There are some notable differences in these technologies. While all share similarities, how they approach network or system security is fundamentally different.


http://en.wikipedia.org/wiki/Intrusi...vention_system

or the easy definitions - HIPS controls/notifies about code on the PC that is doing something suspicous internally. You can whitelist applications to not notify in the future. A firewall controls/notifies about packets at the network interface and can be just inbound or inbound/outbound with rules and/or application settings.

[TechOutsider]

Some HIPS may monitor network traffic, similar to a firewall.

[bellgamin]

+++ A "convential firewall" is a firewall/security-wall between the OS and the internet.

+++ A "HIPS" is a firewall/security-wall between the OS and its kernel.

[Fly]

Quote:

Originally Posted by bellgamin

+++ A "convential firewall" is a firewall/security-wall between the OS and the internet.

+++ A "HIPS" is a firewall/security-wall between the OS and its kernel.

I'm not sure about the 'conventional'.

For example, the McAfee firewall is at least partly 'rooted' in the OS.

That may be true for others also.

FYI, McAfee has some limited HIPS features, but they are not part of the firewall.

[bellgamin]

Quote:

Originally Posted by Fly

For example, the McAfee firewall is at least partly 'rooted' in the OS.

Sheesh!

I was not talking about where a firewall's code is "rooted." I was referring to the areas PROTECTED by a conventional firewall, as compared to the areas protected by a classic HIPS.

[Fly]

Quote:

Originally Posted by bellgamin

Sheesh!

I was not talking about where a firewall's code is "rooted." I was referring to the areas PROTECTED by a conventional firewall, as compared to the areas protected by a classic HIPS.

Taken that way, you are right