Is hips a firewall?

Discussion in 'other firewalls' started by nhamilton, Apr 15, 2009.

Thread Status:
Not open for further replies.
  1. nhamilton

    nhamilton Registered Member

    Joined:
    Jul 31, 2007
    Posts:
    61
    The term hips seems to mean many things to many people, same with the word firewall. So how I describe things people might not totally agree with. This is more just so I can get a better understanding in my own mind.
    Some points we will see if we agree on any of them

    • HIPS based software controls what an application is allowed to do and not allowed to do
    • It monitors what each application tries to do and works out if a sequence of behaviour is valid
    • Part of the monitoring is how it use the network/internet
    • To prevent an application doing something you do not wish with the

    network, you need be to able to filter and block connections/packets.
    If those 4 points are true, then wouldn’t that mean a HIPS security app needs to be a firewall as well? or is my understanding of how people refer to HIPS wrong?
     
  2. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    The names are the most confusing thing .. the problem is we need them to communicate :)
     
  3. majoMo

    majoMo Registered Member

    Joined:
    Aug 31, 2007
    Posts:
    938
    IMO not at all.

    You are sure; some confusion there are in conceptions about.

    I like to return to the source concept and notion:

    HIPS - enhance Anti Virus.

    NIPS - strengthen Firewalls.
     
  4. Mem

    Mem Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    292
    As ill-intended code needs to modify the system or other software residing on the machine to achieve its evil aims, a truly comprehensive HIPS system will notice some of the resulting changes and prevent the action by default or notify the user for permission.

    The role of an IPS in a network is often confused with access control and application-layer firewalls. There are some notable differences in these technologies. While all share similarities, how they approach network or system security is fundamentally different.


    http://en.wikipedia.org/wiki/Intrusion-prevention_system

    or the easy definitions - HIPS controls/notifies about code on the PC that is doing something suspicous internally. You can whitelist applications to not notify in the future. A firewall controls/notifies about packets at the network interface and can be just inbound or inbound/outbound with rules and/or application settings.
     
  5. TechOutsider

    TechOutsider Registered Member

    Joined:
    Sep 26, 2008
    Posts:
    549
    Some HIPS may monitor network traffic, similar to a firewall.
     
  6. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    +++ A "convential firewall" is a firewall/security-wall between the OS and the internet.

    +++ A "HIPS" is a firewall/security-wall between the OS and its kernel.
     
  7. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    I'm not sure about the 'conventional'.

    For example, the McAfee firewall is at least partly 'rooted' in the OS.

    That may be true for others also.

    FYI, McAfee has some limited HIPS features, but they are not part of the firewall.
     
  8. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Sheesh! :p :ouch: :blink:

    I was not talking about where a firewall's code is "rooted." I was referring to the areas PROTECTED by a conventional firewall, as compared to the areas protected by a classic HIPS.
     
  9. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Taken that way, you are right :D
     
Loading...
Thread Status:
Not open for further replies.