What are the challenges faced when deploying host based IPS?
A.
Must support multi operating systems
B.
Does not have full network picture
Explanation:
Advantages of HIPS: The success or failure of an attack can be readily determined. A
network IPS sends an alarm upon the presence of intrusive activity but cannot always
ascertain the success or failure of such an attack. HIPS does not have to worry about
fragmentation attacks or variable Time to Live (TTL) attacks because the host stack takes
care of these issues. If the network traffic stream is encrypted, HIPS has access to the traffic
in unencrypted form.
Limitations of HIPS: There are two major drawbacks to HIPS:
+ HIPS does not provide a complete network picture : Because HIPS examines information
only at the local host level, HIPS has difficulty constructing an accurate network picture or
coordinating the events happening across the entire network.
+ HIPS has a requirement to support multiple operating systems: HIPS needs to run on every
system in the network. This requires verifying support for all the different operating systems
used in your network.
http://www.ciscopress.com/articles/article.asp?p=1336425&seqNum=3