Evaluation of two host-based intrusion prevention systems
Loading...
Authors
Labbe, Keith G.
Subjects
Advisors
Rowe, Keith
Fulp, J. D.
Date of Issue
2005-06
Date
Publisher
Monterey, California. Naval Postgraduate School
Language
Abstract
Host-based intrusion-prevention systems are recently popular technologies which protect computer systems from malicious attacks. Instead of merely detecting exploits, the systems attempt to prevent the exploits from succeeding on the host they protect. This research explores the threats that have led to the development of these systems and the techniques many use to counter those problems. We then evaluate two current intrusion-prevention products (McAfee Entercept and the Cisco Security Agent) as to their success in preventing exploits. Our tests used live viruses, worms, Trojan horses, and remote exploits which were turned loose on an isolated two-computer network. We make recommendations about deployment of the two products based on the results of our own testing.
Type
Thesis
Description
Series/Report No
Department
Organization
Naval Postgraduate School (U.S.)
Identifiers
NPS Report Number
Sponsors
Funder
Format
xiv, 55 p. : ill. ;
Citation
Distribution Statement
Approved for public release; distribution is unlimited.