Managing Systems and Workgroups: A Guide for HP-UX System Administrators

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU

991

992

993

994

995

996

997

998

999

1000

Conﬁguring HP-UX Bastille: Interview

Bastille Conﬁguration Questions and Explanations for HP-UX

Appendix B 991

HP-UX Host Intrusion Detection System (HIDS) enhances host-level

security with near real-time automatic monitoring of each

configured host for signs of potentially damaging intrusions.

HIDS consists of a management Graphical User Interface (GUI), called the

System Management GUI, that allows the administrator to configure, control,

and monitor the HIDS system, and a host-based agent which is an intrusion

detection sensor, that gathers system data, monitors system activity, and

issues intrusion alerts. The communication between the GUI and agents is

encrypted. The agent listens on port 2985 for incoming connections

initiated by the GUI.

Answer YES if you are NOT running the HP-UX Host Intrusion

Detection System (HIDS) agent on this host. Also answer YES if you ARE

running the HP-UX Host HIDS agent on this host BUT are you are running the

HP-UX Host HIDS GUI LOCALLY on this host (i.e., you are NOT remotely

managing this agent by running the GUI on a remote host). Answer NO if

you are running an HP-UX Host HIDS agent locally on this host AND you are

remotely managing this agent with a remote HP-UX Host HIDS System Management

GUI.

NOTE: You need to install and configure HIDS separately from

Bastille. See http://www.hp.com/security for more information.

NOTE: What HIDS does not do:

1. HIDS is not a replacement for comprehensive security policies and

procedures. You must define and implement such security policies and

procedures and configure HIDS to enforce them. A lack of such policies,

procedures, and configuration can result in attacks that go undetected

and/or the reporting of many false alerts; that is, HIDS will work but

your system may still be vulnerable.

2. HIDS does not prevent the onset of attacks. If your system is

vulnerable to attacks, those vulnerabilities will remain even after HIDS

is installed.

3. HIDS will not find static security flaws on a system. For example, if

the password file contained an illegitimate account before HIDS was

installed, that illegitimate account remains a vulnerability even after

HIDS is installed and operational. Furthermore, HIDS cannot authenticate

users of a valid account. For example, if users share password information,

HIDS cannot ascertain the identity of an unauthorized user gaining

access to a system via a legitimate account login.

IPFilter Q: Do you want to BLOCK incoming connections to the HIDS GUI with

IPFilter? [Y]

The HP-UX Host Intrusion Detection System (HIDS)

Management Graphical User Interface (GUI) listens on port 2984

for incoming connections initiated by HIDS agents on each configured host.