What is Host Intrusion Prevention System in information security?

A host-based intrusion prevention system (HIPS) is a system or a program employed to secure critical computer systems including crucial data against viruses and some Internet malware. It is beginning from the network layer all the way up to the application layer, HIPS assure from known and unknown malicious attacks.

HIPS regularly verify the features of a single host and the various events that occur within the host for suspicious activities. HIPS can be implemented on several types of machines, such as servers, workstations, and computers.

A host-based IPS is one where the intrusion-prevention software is resident on that specific IP address, generally on a single computer. HIPS compliments traditional finger-print-based and heuristic anti-virus detection methods, because it does not need continuous upgrades to stay ahead of new malware.

Extensive need of system resources can be a disadvantage of existing HIPS, which integrate firewall, system-level action control and sandboxing into a united detection net, on top of a traditional AV product.

This extensive protection scheme can be warranted for a laptop computer frequently operating in untrusted environments (e.g., on cafe or airport Wi-Fi networks), but the heavy defenses can take their toll on battery life and clearly impair the generic responsiveness of the computer as the HIPS protective element and the traditional AV product test each file on a PC to view if it is malware against a huge blacklist.

Alternatively if HIPS is combined with an AV product using whitelisting technology then there is far less need of system resources as some applications on the PC are trusted (whitelisted). HIPS as an application then becomes a real different to traditional anti-virus products.

A HIPS needs a database of system objects monitored to recognize intrusions by analyzing system calls, software logs, and file-system modifications (binaries, password files, capability databases, and access control lists). For each object in question, the HIPS learn each object's attributes and produce a checksum for the contents. This information gets saved in a secure database for later comparison.

The system also verifies whether appropriate regions of memory have not been changed. Frequently, it does not need virus patterns to detect malicious software but rather maintains a list of trusted programs. A program that violate its permissions is blocked from carrying out unapproved actions.

A HIPS has several advantages. First and foremost, enterprise and home users have enhanced protection from unknown malicious attacks. HIPS uses a peculiar avoidance system that has a superior chance of stopping such attacks as compared to traditional protective measures. Another advantage of using such system is the need to run and handle multiple security applications to secure PCs, including antivirus, anti-spyware, and firewalls.