HP-UX 11i Version 1.6 Release Notes
Other Functionality
HP Intrusion Detection System/9000 (IDS/9000)
Chapter 8
149
HP Intrusion Detection System/9000 (IDS/9000)
HP Intrusion Detection System/9000 (IDS/9000), a host-based intrusion detection
system for HP-UX.
Version 2.1 is new for IPF systems in HP-UX 11i v1.6. (Versions 1.0, 2.0, and 2.1 have
been previously delivered for PA-RISC systems in HP-UX 11.00 and 11i.)
Summary of Change
IDS/9000 enables security administrators to proactively monitor, detect, and respond to
attacks targeted at specific hosts. Since there are many types of attacks that can bypass
network-based detection systems, IDS/9000 complements existing network-based
security mechanisms, bolstering enterprise security.
Details of Change
The IDS/9000 product details are:
• Administrative GUI: task-oriented and easy to use. Controls the interactions for
installing, configuring, monitoring and controlling IDS/9000 agents.
• Integrated with OpenView Operations (OVO, formerly known as VPO or ITO) and
the associated Smart Plug In (SPI): Enables users to monitor IDS/9000 alerts from
the OVO management console. For configuration and control of IDS/9000 agents, the
IDS/9000 administrative GUI is launched from within the OVO console.
• Enhances local host-level security within your network by automatically monitoring
each configured host system within the network for possible signs of unwanted and
potentially damaging intrusions.
• Provides continuous surveillance against inappropriate system usage that is
characteristic of hacker break-in attempts, subversive inside activities, and viruses.
• The types of threats that IDS/9000 counters include the following:
System Critical: Unauthorized access
Privilege violations
Trojan horse
"Root" exploits
HP-UX OS: Race condition
Buffer overflow
Password guessing
User Security:
Failed logins
Failed SU attempts
User A modifying User B's file