What are the challenges faced when deploying host based IPS?
A.
Must support multi operating systems
B.
Does not have full network picture
C.
?
D.
?
Explanation:
BD
Advantages of HIPS: The success or failure of an attack can be readily determined. A network IPS sends an
alarm upon the presence of intrusive activity but cannot always ascertain the success or failure of such anattack. HIPS does not have to worry about fragmentation attacks or variable Time to Live (TTL) attacks
because the host stack takes care of these issues. If the network traffic stream is encrypted, HIPS has access
to the traffic in unencrypted form.
Limitations of HIPS: There are two major drawbacks to HIPS:
+ HIPS does not provide a complete network picture: Because HIPS examines information only at the local
host level, HIPS has difficulty constructing an accurate network picture or coordinating the events happening
across the entire network.
+ HIPS has a requirement to support multiple operating systems: HIPS needs to run on every system in the
network. This requires verifying support for all the different operating systems used in your network.
Source: http://www.ciscopress.com/articles/article.asp?p=1336425&seqNum=3