Chapter 1 - Host Integrity

This chapter provides an introduction to the host integrity monitoring (HIM) systems. HIM system is the recurring assessment of a host s environment based on a known good state or policy. A host can be a home user's PC, a corporate e-mail or Web server, a production build system, or a computer in an Internet cafe. A host can also be a router or a switch. A HIM system comprises software agents and at least one management console. The details of how these two components interact may vary, but in general, the agents gather information about the host environment, and the console performs analysis and reporting on that data. The chapter presents some key characteristics of HIM, including the scanning process, management, and common feedback vectors. Some common arguments against deploying a HIM system are also presented. As with any security system, identifying and examining any weaknesses is worthwhile, because then one can focus on finding ways to address those weaknesses.