Security is newsworthy. Recently, the IRS reported as many as 330,000 taxpayer accounts they believe were accessed by thieves. These security breaches often result in identity theft and the loss of critical corporate data, and can cost your company millions of dollars in unrecoverable expenses.
As a company, you need to be aware of IT security and your need to be protected, and you might be wondering where to start. This post is the first in a multi-part series about the various types of security products available and what they can do for you. These tools can be used to secure anything -- whether it's a home PC or laptop, an enterprise tech stack or even a hosted hybrid cloud solution. The same principles apply everywhere. Initially, we’ll begin with host-based security products.
Host-based security products are those that reside on or help to protect one host, server, or virtual machine. These host-based security products can be used at home or at work. The three fundamental types we’ll discuss here are Anti-Virus/Anti-Malware, firewalls and IDS/IDP.
Anti-Virus or Anti-Malware
Let’s start with Anti-Virus or Anti-Malware products. These products detect and protect against software viruses on your host. These harmful files get to your host through email attachments, embedded files from browsing the Internet, auto-running processes from DVDs, CDs or peripherals and other methods. Once on your host, malware and viruses can record and send data stored on the system, use computer resources such as CPU or memory, erase data or make the system unusable. Anti-Virus or Anti-Malware products scan files for pieces of code that are known to be harmful, and once found, these products disable or delete them so they cannot be executed and your system is protected.
A firewall is a reliable and oft-used method of safeguarding a host or environment. A host-based firewall contains a set of rules that will allow or block traffic to and from the host. This is similar to a corporate badging system, where the system setup allows people into specific rooms or buildings. Security measures might even extend to limiting what days or times people can enter the rooms or the building.
Like the rules in the badge system, a host-based firewall will have rules set to protect where Web traffic is coming from, where it is going to, the types of traffic being sent, and the times of day that the traffic is occurring. The firewall has the ability to log the data it allows or blocks so that you may investigate when the system was accessed or look for patterns in traffic that might be harmful. This also allows troubleshooting if some type of traffic was incorrectly blocked. In both the badging and the firewall systems, the rules are manually set-up, and then the tool utilizes those rules to automatically protect its assets.
IDS and IPS – Intrusion Detection and Intrusion Prevention Services
Another type of host-based security product is an Intrusion Detection Service or Intrusion Prevention Service, also known as IDS or IPS, respectively. These products monitor for specific patterns of activity that might lead to harmful problems on your host. For example, an IPS will recognize high-priority events and block them, and will also correlate low-priority events over time, blocking traffic if the trend is suspicious. This type of security is similar to a set of cameras inside and outside of buildings, with guards monitoring the camera feeds. If a guard sees something suspicious, like a masked group of individuals trying to open a locked door or window, he or she can immediately take action and call the police. The guards can also monitor for potentially suspicious activity over time. For example, the same van pulls up daily and someone gets out and looks into the window. If this only happens once, the guard would likely not do anything, but if this happens every day, the guard would likely notice and take action.
There are differences between an IDS and an IPS. An IDS will detect and notify you of potential issues. Once you are notified, you can choose your course of action, if any. With an IPS, in addition to the initial detection of potentially harmful traffic or activity, it will also immediately block some traffic based on a predetermined ruleset. Sometimes the traffic pattern is obvious in its harmful nature and other times it takes a while to identify patterns in low-priority events. The IPS logs, and can also prevent, attacks based on the knowledge it has gathered on the traffic pattern.
All three of these host-based security products are a good foundation for a solid multi-faceted security solution. There are many more products that provide different types of protection. Just as protecting all the money in a bank with only a locked door wouldn’t be very secure, multiple layers of cybersecurity are needed in any company or home defense.
Stay tuned for additional follow-ups to this article, where I will talk about other security products. Next up, we'll cover File Integrity and Log Monitoring/Log Inspection.