Manualshelf

User's Guide

ManualsBrandsHP ManualsSoftwareHP Host Intrusion Detection System (HIDS)
12345678910
2.0 OVERVIEW
2.1 Product Overview
HP-UX HIDS is an HP-UX host intrusion detection product that can enhance local host-level security
within your network. It does this by automatically monitoring each configured host system within the
network for possible signs of unwanted and potentially damaging intrusions. If successful, such
intrusions could lead to the loss of availability of key systems or could compromise system integrity.
As HIDS continuously examines ongoing activity on a system, it seeks out patterns that might
suggest security breaches or misuses. These might include, for example, an attacker attempting to
break into or disrupt your system, subversive insider activities, or someone trying to spread a virus.
Once you have activated HIDS for a given host system and it detects an intrusion attempt, the host
sends an alert to the administrative interface where you can immediately investigate the situation, and
when necessary, take action against the intrusion. HIDS also supports customized local responses to,
for example, notify the administrator through e-mail or pager.
2.2 HP-UX HIDS Deployments
HIDS can be deployed on any HP-UX 11iv1 or 11iv2 server that contains applications and data that
need to be monitored for protection and/or availability, such as web servers, transaction processors,
application servers, and database systems. The performance of HIDS depends on the system load,
the rate at which certain system calls are invoked by other applications, and the HIDS configuration.
2.3 Sizing and Tuning Overview
The following guidelines should be used when selecting a system to run HIDS. They are discussed in
more detail in Section 3.0 Sizing and Tuning Recommendations.
Templates, the component of HIDS that detects intrusions, are designed to take advantage of
multiple CPUs, if available.
The amount of memory and disk space needed depends on the system load profile and the
HIDS configuration.
Sustained high loads can consume large amounts of memory. When heavily loaded, CPU is
the eventual performance bottleneck.
HIDS performance tuning is limited to:
Surveillance schedule configuration
Process priority setting
System performance tuning is limited to:
Blocking vs Non-blocking IDDS mode
HP Company Internal Page 5 of 20