I’m not sure because in CIS or website is few detail. I would like to know CIS is IDP or IPS? or both? and it can protect from what else.
Thanks, but sorry I’m not strong in English. ;D
Hello there and welcome to the forums !
CIS is a Free Antivirus scanner a Firewall and Host Intrusion Prevention (Defense+).
Here is some info on a general HIPS
Basically it monitors all kinds of system activities, what programs are a lowed to start, can they access system files, can they access registry, other programs memory space etc, etc…
So it’ based on Prevention.
For example your surfing the web with a browser called IE and you land on a site with hidden malware in it, it’s going to alert you that IE is trying to save Bad.exe to your local disk, then you chose to block that action your safe, if you chose to allow that action the next alert will probably be IE is trying to start Bad.exe do you wish to allow that, now it’s really getting time to push the “BLOCK” and Remember option to stay clean.
Hope this helps a bit,
Regards,
Ronny
HIPS (I know), HIDS, NIDS, what does this means?
Hostbased Intrustion Detection System
Network Based Intrusion Detections System
Host is software on a host only “Detecting” stuff based on signatures.
Network is a “tap” on a central connection (example: internet in/out) listening on the wire to see if it can detect “bad” traffic patterns also based on signatures.
OK. Thanks, my understood CIS is only HIPS, which have not NIPS. Right?
Well almost, it does protect you against the following on the Firewall engine:
TCP, UDP and IMCP Floods.
ARP Cache poisoning.
Fragmented IP blocking
Protocol Analysis (Checking if the headers and flags are correct RFC).
All found under advanced, attack detection settings, so there are a few but it’s not a snort like solution.
But would Comodo be vulnerable to any IDS related attack?
Can you explain a bit more ? What kind of attack are we talking about ?
I didn’t really have a particular one in mind. I guess the ones covered by Snort.
I’m not sure if i understand it correctly but as CIS is not snort it will not be vulnerable for snort exploits.
Maybe he means some like these??
buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts
That is correct.
You can’t compare Snort to Defense+ only thing close is the Attack Detection Stuff in the Firewall.
Snort acts on network traffic patterns.
Defense+ (HIPS) on processes and their specific activities on that system.
As a home user, I’m not sure I would have to worry about having an IDS. But I was wondering if the firewall would let an attack compromise the system.
A “good” firewall is as good as the rules it has been given by it’s administrator.
If you configure CIS well you have nothing to worry about, I’m not saying your are 100% secure because no firewall is, no other security related software will ever be. There are good and bad one’s but non of them will get 100%.
If you have multiple layers of security like a hardware firewall/router on your internet connection and a software firewall on your pc, also have a good outbound ruleset to prevent malware from phoning home etc.
You will be good to go.
Yes, I don’t think a lack of IDS is something to worry about much. Even the IDSs in Norton and KIS would not be 100% safe, as nothing is. I was just wondering if there was a difference between the protection of Comodo and NIS/KIS because of the lack of an IDS. I don’t think there is, based on the responses.
Of course I should have an AV and HIPS for prevention/detection/cure. But now I’m confused. You are saying I should have an IDS while others are not?
Now I understand. Do you think Comodo should have an IDS like NIS and KIS do?