The Host-Based Security System (HBSS) is a United States Department of Defense (DoD) security system that is used to find and analyze threats to the department's computer network via signature and firewall protection. As the name implies, this system is host-based, meaning it is installed on every host in the DoD network, ensuring consistent protection. Many smaller programs create the Host-Based Security System, and each one serves a purpose, such as detecting new hosts, verifying signatures and checking firewall policies. While this is used across the entire DoD, officers and many personnel are not taught how to use the system; only information operators and managers are trained in its use.
While the Host-Based Security System goes through many steps to ensure the protection of the DoD network, the process can be broken down to verification and firewall protection. When a host is using the network, its signature is verified; this ensures the host is known and has active access to the network. Behavioral verification checks the host’s common behaviors. For example, if a host that commonly accesses one database starts accessing many new databases, this will raise a red flag. Each host on the network is reported to the main firewall policy, ensuring that malicious users can only reach a certain point in the network.
Just as the Host-Based Security System name implies, this system is host-based. This means every server, laptop and desktop must have the HBSS installed before it is allowed to access the DoD network. By ensuring this widespread installation, security remains consistent, because each host will comply with HBSS procedures.
The HBSS is not a singular program; rather, it is a software suite. This separation makes it easier for each program to specialize in a certain task. As of September 2011, there are six programs in the suite: Policy Auditor checks and verifies every computer policy; Device Control Module secures universal serial bus (USB) devices on the DoD network; Rogue System Detection checks new hosts; the Host Intrusion Prevention System is a powerful firewall for blocking malicious users; Assets Baseline Module helps upgrade the system during heightened security; and Asset Publishing Service is used for making reports.
Relatively few DoD employees are trained in the proper use of the HBSS. Officers and leadership employees do not typically interact with the network on this level, so they are not taught how to use the HBSS. Information managers and operators directly interact with the security of the network, so those employees are targeted for training.