How is everyone just before Thanksgiving? With so many new and updated parts of LANDesk Management Suite Family of products where do we start?

Let’s take a look at Host Intrusion Prevention System or HIPS.

What is HIPS? It helps you thwart malicious attacks with application control to prevent applications from executing in malicious ways right on an individual host system. In other words HIPS will learn behaviors on the PCs and give you the ability to stop those behaviors that you feel are not in the best intrest of your environment.

· Level 1: Network-Level HIPS

HIPS protection styles that operate at this level have the advantage of identifying and preventing threats in the network traffic stream before they have a chance to get on the machine. Thus, these styles avoid having to deal with the difficult issue of removal of the malicious code later.

· Level 2: Application-Level HIPS

HIPS protection styles at this level have an advantage in that the files they examine are on the machine, making this level the best place to catch malicious code that manifests itself as a file by checking files already on the machine, as they are stored or before they are executed.

· Level 3: Execution-Level HIPS

HIPS protection styles at this level provide protection as the application is executing by monitoring interactions of the code with its host system (typically, with kernel-level drivers). This is the best way to prevent “good code gone bad”—attacks against unknown vulnerabilities in underlying applications or zero-day attack protection against unknown vulnerabilities.

Features of LANDesk HIPS include:

· Kernel-level, rule-based file system and registry protection: Rules specifying which operations on which files are forbidden to which processes.

· System startup control: A process that controls the programs allowed to run upon startup.

· Detection of stealth root kits: Two methods for detecting the presence of root kits:

— Kernel hooks detection, which identifies and logs malicious drivers while insulating them from the operating system.

— Hidden process detection, which looks for discrepancies between the list of processes seen by the software’s user-mode service and the list seen by the software’s kernel driver.

· Kernel-level network filtering: Filters the network connection requests for applications, allowing or denying them in accordance with policy settings and process certifications (described below).

· Process and file certification: A mechanism, based on a list of authorized applications and files, that bypasses some of the protections listed above while protecting against injection of non-certified code at runtime.

In a nutshell with HIPS as administrators can;

o HIPS integrates several protection barriers

o Allows administrators to control many nodes of HIPS from a single console

o Gives administrators powerful tools to install and manage the client HIPS functionality

o Detect and remove hidden processes and root kits

o Protect system services, startup programs, Active X and toolbars

o Protect process injection and kill rule-based file-system and registry protection