Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP Host Intrusion Detection System (HIDS)
21222324252627282930
Overview
HP-UX HIDS Components
Chapter 1
12
Detection Templates
HP-UX HIDS includes a set of preconfigured patterns, known as detection templates.
These templates are the building blocks used to identify the basic types of unauthorized
system activity or security attacks frequently found on enterprise networks. You can
customize the detection templates by changing certain configurable parameters.
Surveillance Groups
Different combinations of detection templates are combined into surveillance groups. A
surveillance group typically consists of related detection templates, such as, for example,
those related to file system intrusions or web server attacks. Each surveillance group
provides protection against one or more particular kinds of intrusion.
Surveillance Schedules
A surveillance group is then scheduled to be run regularly on one or more of the host
systems it is protecting, on one or more chosen days of the week, and at one or more
chosen times. This process of configuring surveillance groups to protect hosts on the
basis of a regular weekly schedule is referred to as creating a surveillance schedule. A
single surveillance schedule can be deployed on one or more host systems; you also have
the option of creating different surveillance schedules for use on one or more of the
different systems within your network.
Kernel Audit Data
Kernel audit logs are generated by a trusted component of the operating system. They
generally include all the information about every system call executed on the host,
including parameters and outcomes, and are the lowest level of data utilized by HP-UX
HIDS. (System calls are services requested to the underlying operating system by an
application or user level program.) This data may also include information about
starting and stopping sessions for users.
NOTE HP-UX HIDS is independent of security configurations. It does not use the HP-UX C2
auditing capability, nor does it require that the system being monitored be put in trusted
mode.
System Log Files
System log files are monitored by HP-UX HIDS to detect logins and logouts and the start
of interactive sessions.
HP-UX HIDS Secure Communications
Within HP-UX HIDS, there must be secure messaging and protocols for all
communications between its components. The HP-UX HIDS secure communication uses
the Secure Sockets Layer (SSL) protocol for client/server authentication, integrity, and
privacy. See the “Glossary of HP-UX HIDS Terms” on page 13 and “Setting Up the
HP-UX HIDS Secure Communications” on page 20 for more information.