3.5 Given a scenario, apply server hardening methods.
📘CompTIA Server+ (SK0-005)
1. Antivirus
What is Antivirus?
Antivirus is software designed to detect, prevent, and remove computer viruses from a server.
Key Functions
- Signature-based detection
Compares files against a database of known malware signatures. - Real-time scanning
Monitors files, processes, and network activity continuously. - Scheduled scanning
Runs scans at specific times (e.g., daily or weekly). - Quarantine and removal
Isolates suspicious files to prevent execution.
Why it is Important
- Protects servers from known threats
- Prevents malware from spreading across the network
- Ensures system integrity and uptime
Exam Keywords
- Signature-based detection
- Real-time protection
- Quarantine
- Known malware
2. Anti-malware
What is Anti-malware?
Anti-malware is a broader protection tool that defends against all types of malicious software, including:
- Viruses
- Worms
- Trojans
- Ransomware
- Spyware
- Adware
Key Differences from Antivirus
- Antivirus mainly targets known viruses
- Anti-malware protects against a wider range of threats, including newer and advanced ones
Key Features
- Behavior-based detection
Detects malware based on suspicious behavior instead of known signatures. - Heuristic analysis
Identifies potential threats by analyzing code patterns. - Cloud-based detection
Uses online databases for faster threat updates. - Ransomware protection
Protects critical files from unauthorized encryption.
Why it is Important
- Provides advanced protection
- Detects zero-day attacks (new, unknown threats)
- Works alongside antivirus for stronger defense
Exam Keywords
- Behavior-based detection
- Heuristic analysis
- Zero-day threats
- Advanced malware protection
3. Host Intrusion Detection System (HIDS)
What is HIDS?
A Host Intrusion Detection System (HIDS) monitors a server for suspicious activity and potential attacks.
How HIDS Works
- Installed directly on the server
- Monitors:
- System logs
- File changes
- User activities
- System calls
- Generates alerts when suspicious activity is detected
Key Characteristics
- Detection only (no blocking)
- Sends alerts to administrators
- Monitors internal server behavior
Example of HIDS Activity
- Detects unauthorized changes to system files
- Identifies unusual login attempts
- Flags abnormal system processes
Why it is Important
- Provides visibility into attacks
- Helps detect internal threats
- Useful for incident investigation
Exam Keywords
- Alert-based system
- Log monitoring
- Detection only
- No prevention
4. Host Intrusion Prevention System (HIPS)
What is HIPS?
A Host Intrusion Prevention System (HIPS) not only detects threats but also actively prevents and blocks malicious activity.
How HIPS Works
- Installed on the host (like HIDS)
- Monitors system behavior in real time
- Takes action when threats are detected:
- Blocks malicious processes
- Stops suspicious network activity
- Prevents unauthorized changes
Key Characteristics
- Detection + Prevention
- Can automatically block threats
- Uses behavior-based rules and policies
Example of HIPS Activity
- Blocks unauthorized software from running
- Prevents modification of critical system files
- Stops suspicious scripts or processes
Why it is Important
- Provides real-time protection
- Reduces response time to threats
- Helps enforce security policies
Exam Keywords
- Prevention-based system
- Real-time blocking
- Behavior-based rules
- Active protection
5. HIDS vs HIPS (Very Important for Exam)
| Feature | HIDS | HIPS |
|---|---|---|
| Purpose | Detect threats | Detect + Prevent threats |
| Action | Alerts only | Blocks threats |
| Response | Passive | Active |
| System Impact | Monitoring only | Monitoring + enforcement |
Simple Understanding
- HIDS = Detect and alert
- HIPS = Detect, alert, and block
6. How These Tools Work Together (Exam Concept)
In a secure server environment:
- Antivirus → Detects known malware
- Anti-malware → Detects advanced and unknown threats
- HIDS → Monitors and alerts suspicious activities
- HIPS → Blocks and prevents attacks
Combined Protection
These tools are often used together to create a layered defense (defense-in-depth).
7. Best Practices (Important for Exam)
- Keep antivirus and anti-malware updated
- Enable real-time protection
- Regularly scan servers
- Monitor HIDS alerts frequently
- Configure HIPS policies carefully (avoid false positives)
- Apply updates and patches to security tools
- Use centralized logging and monitoring systems
8. Key Exam Takeaways
- Antivirus → Protects against known malware using signatures
- Anti-malware → Protects against all types of malware using advanced detection
- HIDS → Monitors and alerts (no blocking)
- HIPS → Monitors and blocks (active prevention)
- Together, they provide host-level security and layered defense
