Difference Between Ids And Hips?

What is the difference between IDS and HIPS?

Comments

  • Another one of your excellent questions, ONT ;) It will be interesting to see what rolls in as far as replies, for understanding that difference for myself, too.

  • Any reply would be appreciated.

  • rootkit
    rootkit ✭✭✭

    Hello :)


    Wikipedia provides the bet answer for this and I recommend you to read these articles:


    http://en.wikipedia.org/wiki/Intrusion_detection_system


    http://en.wikipedia.org/wiki/Intrusion_prevention_system


    Let me know if you have other questions related to this.


    Take care.

  • coolcool1227
    coolcool1227 ✭✭✭
    edited August 2012
    Hello :)


    Wikipedia provides the bet answer for this and I recommend you to read these articles:


    http://en.wikipedia.org/wiki/Intrusion_detection_system


    http://en.wikipedia.org/wiki/Intrusion_prevention_system


    Let me know if you have other questions related to this.


    Take care.


    1) Does HIPS is integrated in Bitdefender, works alongwith IDS in Bitdefender, or in some other way?


    2) In Bitdefender 2011, there is a separate Module "Privacy Control" which has the following components,


    a ) Identity Control


    b ) Registry Control


    c ) ****** Control


    d ) Cookie Control


    Does this Module is similar to the HIPS? And whats its alternative in the Bitdefender 2013 version, because in this version we have no control over the above components, also no logging for them?

  • rootkit
    rootkit ✭✭✭
    edited August 2012

    Hello Omer :)


    Back in Bitdefender 2013, those modules listed under Privacy Control were integrated as a HIPS.


    Now, if Bitdefender has Auto Pilot, they can not function together with it.


    Since then, we improved detection and added the cloud component to our products, so there are no longer required.


    The IDS module from Bitdefender took some of the monitoring functions and together with AVC will monitor suspicious behaviors on the system.


    In a HIPS system, the user has to take some actions and in some cases, this is pretty annoying because the novice users can block legitimate actions when installing software and this can affect the functionality of that software or the stability of the operating system.


    Take care.

  • Christian, thank you for the links in post #4 The IDS link with the Passive/Reactive and Comparison with Firewall categories was interesting. Wilders security Forum also had a nice thread on HIPS and Firewalls.


    Omer, nice follow up questions in post #5..and Christian, again, nice follow up response in the above post. Thank you for taking the time to clarify Omer's questions. Another interesting read of both your back and forth dialogue :)

  • rootkit
    rootkit ✭✭✭

    Hello :)


    Let me know if you have other questions related to this subject.


    Have a wonderful day!

  • Hello Omer :)


    Back in Bitdefender 2013, those modules listed under Privacy Control were integrated as a HIPS.


    Now, if Bitdefender has Auto Pilot, they can not function together with it.


    Since then, we improved detection and added the cloud component to our products, so there are no longer required.


    The IDS module from Bitdefender took some of the monitoring functions and together with AVC will monitor suspicious behaviors on the system.


    In a HIPS system, the user has to take some actions and in some cases, this is pretty annoying because the novice users can block legitimate actions when installing software and this can affect the functionality of that software or the stability of the operating system.


    Take care.


    Even in User Mode, we don't have much control over the produuct. It could be annoying for Novice users but what about Advanced Users? Since 2012 version, Bitdefender completely ignore that could be Advanced Users in this world also and it seems that it remain considering the same in future also. But we still hope for some good enhancement and integrations for Advanced Users.

  • Hello :)


    For that discussion we have the dedicated topic over here:


    http://forum.bitdefender.com/index.php?showtopic=35631


    Take care.

  • Hello Omer :)


    Back in Bitdefender 2013, those modules listed under Privacy Control were integrated as a HIPS.


    Now, if Bitdefender has Auto Pilot, they can not function together with it.


    Since then, we improved detection and added the cloud component to our products, so there are no longer required.


    The IDS module from Bitdefender took some of the monitoring functions and together with AVC will monitor suspicious behaviors on the system.


    In a HIPS system, the user has to take some actions and in some cases, this is pretty annoying because the novice users can block legitimate actions when installing software and this can affect the functionality of that software or the stability of the operating system.


    Take care.


    What cloud component you are talking about?


    They can function in User Mode.


    IDS + AVC ≠ HIPS, Precisely HIPS can alert on everything whatever it is malicious or not while both IDS and AVC will alert only on the suspected malicious activity and also HIPS can react faster than IDS and IDS to the action.

  • Also there are chances that malwares that are not detected by Signature Based Detections, Heuristics, Behavioral Detections (AVC), IDS etc, then the HIPS can be able to detect by monitoring the modifications that the malware try to made.

  • Any reply?

  • Any reply will be appreciated.

  • Hello Omer :)


    Back in Bitdefender 2013, those modules listed under Privacy Control were integrated as a HIPS.


    Now, if Bitdefender has Auto Pilot, they can not function together with it.


    Since then, we improved detection and added the cloud component to our products, so there are no longer required.


    The IDS module from Bitdefender took some of the monitoring functions and together with AVC will monitor suspicious behaviors on the system.


    In a HIPS system, the user has to take some actions and in some cases, this is pretty annoying because the novice users can block legitimate actions when installing software and this can affect the functionality of that software or the stability of the operating system.


    Take care.


    How does the "improved detection and the cloud component" are the alternative to HIPS?

  • Any one from the Technical Support interested to reply?

  • Georgia
    Georgia ✭✭✭

    Bumps/Topic advertisements or any other attempts to make a topic more visible without adding any new or relevant information will NOT be tolerated and the post will be DELETED.


    Kindly read the Bitdefender Forum Rules before posting:


    http://forum.bitdefender.com/index.php?act...f=311&id=18


    Thank you for understanding!

  • Bumps/Topic advertisements or any other attempts to make a topic more visible without adding any new or relevant information will NOT be tolerated and the post will be DELETED.


    Kindly read the Bitdefender Forum Rules before posting:


    http://forum.bitdefender.com/index.php?act...f=311&id=18


    Thank you for understanding!


    Respected Georgia


    You also deleted some of the Christian's replies.


    Kindly note that we are asking for support in a timely fashion. As you can see from present posts (after deletion) that I posted the topic on 31st Jul, and the first reply from Technical Support is on 14th August. See the time span between my posts and reply from Support. This is not limited to this topic only. And this long time span forces the users on the forums to make some off-topic and somewhat sarcastic comments which obviously BD staff don't like. But kindly imagine yourself as a always waiting user for getting help and the silence of Technical Support.


    If I talk about myself, I also tried raising sound first for getting replies in time in a polite way then in somewhat aggressive way for which I was suspended for three days.


    Kindly also note that we all know the forum rules as well and we also respect all the BD staff, but there is some need to improve the response time for our issues. I also highly appreciate your helpful replies on our posts some of which are old and even I forget when I posted them.


    Hope you will not mind.


    Regards


    Omer

  • Not interested to make further comments?

  • What is the difference between IDS and HIPS?


    http://www.wilderssecurity.com/showthread.php?t=306237


    "HIDS = Hostbased Intrusion Detection System (your computer)


    HIPS = Hostbased Intrusion Prevention System


    NIDS = Network Intrusion Detection System (network)"


    "Both are system/desktop based protection, but HIPSs rely mostly on anomaly detection of system activity, and HIDSs rely mostly on anomaly detection of network activity.


    HIPS are recommended in Windows machines, and HIDS on Linux PC (OSSEC HIDS for instance is avalaibale for the two platforms).


    If you're not in a W/LAN, there is no need of an HIDS as any good firewall will log suspicious events.


    And in a few words, an HIPS tries to detect/prevent malwares from infecting the local host, and an HIDS tries to detect/prevent intruders/hackers (stealth port scan etc.) from gaining acces to the local host."


    =================================================


    http://www.differencebetween.com/differenc...ids-and-vs-ips/


    IDS vs IPS


    IDS (Intrusion Detection System) are systems that detect activities that are inappropriate, incorrect or anomalous in a network and report them. Furthermore, IDS can be used to detect whether a network or a server is experiencing an unauthorized intrusion. IPS (Intrusion Prevention System) is a system that actively disconnects connections or drops packets, if they contain unauthorized data. IPS can be seen as an extension of IDS.


    IDS


    IDS monitor the network and detect inappropriate, incorrect or anomalous activities. There are two main types of IDS. First one is the Network intrusion detection system (NIDS). These systems examine the traffic in the network and monitor multiple hosts for identifying intrusions. Sensors are used to capture the traffic in the network and each packet is analyzed to identify malicious content. The second type is the Host-based intrusion detection system (HIDS). HIDS are deployed in host machines or a server. They analyze data that are local to the machine such as system log files, audit trails and file system changes to identify unusual behavior. HIDS compare the normal profile of the host with the observed activities to identify potential anomalies. In most places, IDS installed devices are placed in between the boarder router and the firewall or outside the boarder router. In some cases IDS installed devices are placed outside the firewall and boarder router with the intension of seeing the full breadth of attempted attacks. Performance is a key issue with IDS systems since they are used with high bandwidth network devices. Even with high performance components and updated software, IDS tend to drop packets since they cannot handle the large throughput.


    IPS


    IPS is a system that actively takes steps to prevent an intrusion or an attack when it identifies one. IPS are divided in to four categories. First one is the Network-based Intrusion Prevention (NIPS), which monitors the entire network for suspicious activity. The second type is the Network Behavior Analysis (NBA) systems that examine the traffic flow to detect unusual traffic flows which could be results of attack such as distributed denial of service (DDoS). The third kind is the Wireless Intrusion Prevention Systems (WIPS), which analyzes wireless networks for suspicious traffic. The fourth type is the Host-based Intrusion Prevention Systems (HIPS), where a software package is installed to monitor activities of a single host. As mentioned earlier, IPS takes active steps such as dropping packets that contain malicious data, resetting or blocking traffic coming from an offending IP address.


    What is the difference between IPS and IDS?


    An IDS is a system that monitors the network and detects inappropriate, incorrect or anomalous activities, while an IPS is a system that detects intrusion or an attack and takes active steps to prevent them. Main deference between the two is unlike IDS, IPS actively takes steps to prevent or block intrusions that are detected. These preventing steps include activities like dropping malicious packets and resetting or blocking traffic coming from malicious IP addresses. IPS can be seen as an extension of IDS, which has the additional capabilities to prevent intrusions while detecting them.


    =================================================


    Intrusion Detection (IDS) and Prevention (IPS) Systems


    http://www.webopedia.com/DidYouKnow/Comput..._prevention.asp

  • Not interested to make further comments?


    Some comments about BD IDS at malwaretips.com


    http://malwaretips.com/Thread-Bitdefender-...t-Security-2013