Administrator's Guide
Overview
What HP-UX HIDS Does Not Do
Chapter 1
9
What HP-UX HIDS Does Not Do
It is imperative that you be aware of the following information so that you do not assume
that HP-UX HIDS will solve all security related problems.
You are solely responsible for securing your system and for implementing well-defined
security policies and procedures. HP-UX HIDS is not a replacement for such
comprehensive security policies and procedures. You must define and implement such
security policies and procedures and configure HP-UX HIDS to enforce them. A lack of
such policies, procedures, and configuration can result in attacks that go undetected
and/or the reporting of many false alerts; that is, HP-UX HIDS will work but your
system may still be vulnerable.
HP-UX HIDS does not prevent the onset of attacks. If your system is vulnerable to
attacks, those vulnerabilities will remain even after HP-UX HIDS is installed.
HP-UX HIDS will not find static security flaws on a system. For example, if the
password file contained an illegitimate account before HP-UX HIDS was installed, that
illegitimate account remains a vulnerability even after HP-UX HIDS is installed and
operational. Furthermore, HP-UX HIDS cannot authenticate users of a valid account.
For example, if users share password information, HP-UX HIDS cannot ascertain the
identity of an unauthorized user gaining access to a system via a legitimate account
login.