Content deleted Content added
m Removing link(s): Wikipedia:Articles for deletion/Verisys closed as delete (XFDcloser) |
|||
Line 40:
A HIDS will usually go to great lengths to prevent the object-database, checksum-database and its reports from any form of tampering. After all, if intruders succeed in modifying any of the objects the HIDS monitors, nothing can stop such intruders from modifying the HIDS itself – unless security administrators take appropriate precautions. Many [[Computer worm|worms]] and [[Computer virus|viruses]] will try to disable anti-virus tools, for example.
Apart from crypto-techniques, HIDS might allow administrators to store the databases on a [[CD-ROM]] or on other read-only memory devices (another factor
One could argue that the [[trusted platform module]] comprises a type of HIDS. Although its scope differs in many ways from that of a HIDS, fundamentally it provides a means to identify whether anything/anyone has tampered with a portion of a computer. Architecturally this provides the ultimate (at least {{As of|2005|alt=at this point in time}}) host-based intrusion detection, as depends on hardware external to the [[central processing unit|CPU]] itself, thus making it that much harder for an intruder to corrupt its object and checksum databases.
| |||