The Host-Based Security System (HBSS) is a suite of software used by the US Department of Defense to protect its computer network through signature and firewall protection. It is host-based, meaning it must be installed on every host in the network. The suite includes six programs, and only information managers and operators are trained in its use. The system performs firewall auditing and protection, and every host is reported to the master firewall policy. Behavioral Verification checks for common host behaviors. Rogue System Detection checks for new hosts.
The Host-Based Security System (HBSS) is a United States Department of Defense (DoD) security system used to find and analyze threats to the department’s computer network through signature and firewall protection. As the name suggests, this system is host-based, meaning it is installed on every host in the DoD network, ensuring consistent protection. Many smaller programs build host-based security, and each one has a purpose, such as detecting new hosts, verifying signatures, and checking firewall policies. While this is used throughout the Department of Defense, officers and many personnel are not taught how to use the system; only information operators and managers are trained in its use.
While the host-based security system performs many steps to ensure the DoD network is protected, the process can be broken down into firewall auditing and protection. When a host uses the network, its signature is verified; this ensures that the host is known and has active access to the network. Behavioral Verification checks for common host behaviors. For example, if a host that commonly accesses one database starts accessing many new databases, that will raise a red flag. Every host on the network is reported to the master firewall policy, ensuring that malicious users can only reach a certain point on the network.
Just as the name of host based security system suggests, this system is host based. This means that every server, laptop and desktop must have HBSS installed before they can access the DoD network. By ensuring this widespread deployment, security remains consistent, because every host will be compliant with HBSS procedures.
HBSS is not a singular program; rather, it’s a suite of software. This separation makes it easier for each program to specialize in a given task. As of September 2011, there are six programs in the suite: Policy Auditor monitors and audits every computer policy; The Device Control Module protects Universal Serial Bus (USB) devices on the DoD network; Rogue System Detection checks for new hosts; the Host Intrusion Prevention System is a powerful firewall to block malicious users; Assets Baseline Module helps to update the system during increased security; and Asset Publishing Service is used to create reports.
Relatively few Department of Defense employees are trained in the proper use of HBSS. Leadership officers and employees typically do not interact with the network at this level, so they are not taught how to use HBSS. Information managers and operators interact directly with network security, so those employees are targeted for training.
Protect your devices with Threat Protection by NordVPN