HP-UX 11i September 2005 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU

141

142

143

144

145

146

147

148

149

150

Security

HP-UX Host Intrusion Detection System Release 3.1

Chapter 8

144

HP-UX Host Intrusion Detection System Release 3.1

HP-UX HIDS Release 3.1 is a host-based HP-UX security product for HP computers

running HP-UX 11i. HP-UX HIDS Release 3.1 enables security administrators to

proactively monitor, detect, and respond to attacks targeted at specific hosts. Since there

are many types of attacks that can bypass network-based detection systems, HP-UX

HIDS Release 3.1 complements existing network-based security mechanisms, bolstering

enterprise security.

Summary of Change

HIDS has been updated to version 3.1. Changes include the following:

• Version 3.0 (initially delivered via the Web at http://hp.com/go/softwaredepot):

— Performance improvement: Significant reduction in CPU consumption and

better performance throughput by the HP-UX HIDS Release 3.0 idscor

correlator process.

— Template consolidation and property changes in HIDS Release 3.0: Prior to this

version of HIDS, the functionalities of the “Monitor Logins/Logouts” template

and “Monitor Start of Interactive Sessions” were overlapping each other. These

overlapping functionalities have been rectified in HIDS Release 3.0, and the two

templates have been consolidated into a single template called the “Monitoring

Logins/Logouts” template.

— Filtering of alerts: HP-UX HIDS provides a number of new template properties

for better filtering of unwanted alerts.

— Reducing alert volume: The default template setting for out-of-the-box

configurations has been fine-tuned to reduce the alert volume.

— Automating HP-UX HIDS deployment and management processes: The

command-line interface tool, idsadmin, is supported to automate the HIDS

deployment and management process.

— Alert Description: HP-UX HIDS provides descriptive alert messages to assist in

developing more comprehensive filtering within template properties.

— Migration Utilities: New conversion utilities are available to migrate HP-UX

HIDS Release 2.

customizations to the new HP-UX HIDS Release 3.0 template

format to reduce deployment efforts.

— Using OpenSSL for securing agent-admin communication: HP-UX HIDS now

has a dependency on the OpenSSL product available in the HP-UX Operating

Environments (as well as at http://hp.com/go/softwaredepot). The main

benefit is that any SSL-related vulnerability fixes can be made readily available

to HP-UX HIDS customers without the need for a new release of HIDS.

— Reducing System Reboot: The HP-UX HIDS bundle has been split into two

products, namely IDS and IDS-KERN, to reduce the probability of a system reboot

for future HP-UX HIDS updates.

• Version 3.1 (delivered both on the Web and with the May 2005 release of HP-UX v2):