Host intrusion prevention system (HIPS) prevents malicious behavior from occurring on a host (server or desktop computer). Unlike Network intrusion prevention system (NIPS), the solutions are software-based, and the software is deployed on the host itself, closest to the applications and data that need to be protected.
A packet can exist in a deep inspection firewall of the HIPS for a long time, because analysis often requires multiple packets to commence. While the HIPS waits for the next packet to arrive, it is possible that the configuration of the firewall is changed.
Multiple configurations may be incompatible, and thus cause an undesirable outcome, like letting undesired packets through.
Accordingly, there is a need in the industry for developing a method and system for ensuring that packets are correctly processed in the HIPS in case of firewall configuration changes.