HP-UX 11i Version 2 June 2007 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i v2 Foundation OE LTU

171

172

173

174

175

176

177

178

179

180

Security

HP-UX Host Intrusion Detection System

Chapter 8

180

targeted at specific hosts. Since there are many types of attacks that can bypass

network-based detection systems, HP-UX HIDS Release 4.1 complements existing

network-based security mechanisms, bolstering enterprise security.

Summary of Change

HP-UX HIDS Release 4.1 supports the following new features:

• Supports an alert volume reduction feature that proactively suppresses duplicate

alerts from being generated, logged and reported to the HIDS administrator console.

Using this feature, administrators can manage HIDS alerts with ease, by focusing

their attention on fewer and more significant alerts.

• Includes a reporting feature that enables the generation of customized and

consolidated alert reports that are easy to view and print. Reports can be generated

in html, text, and raw formats.

• Provides a tuning tool that reduces the time and effort to deploy and maintain

Surveillance Schedules by:

— Eliminating the time consuming and error prone process of manually generating

filtering rules.

— Facilitating the review of alerts from multiple agents running the same schedule,

by presenting an alert report that consolidates duplicate alerts and groups alerts

triggered by the same program.

— Performing automatic schedule updates and deployments.

This tool effectively automates the process of identifying and filtering file-related alerts

that the HIDS administrator consider safe to ignore (alerts generated because of normal

system activity). This tool can be used to perform the following tasks:

• Customize a preconfigured schedule to alerts generated as part of normal system

activity during the initial HIDS deployment.

• Fine tune an existing schedule if new alerts that are considered safe to ignore are

generated after deployment.

Impact

There are no impacts other than those previously listed.

Compatibility

HP-UX HIDS Release 4.1 is backward compatible with Release 4.0, Release 3.1, and

Release 3.0. It is not backward compatible with Release 2.0, Release 2.1, Release 2.2, and

Release 1.0. HIDS v 1.0 and 2.x are obsolete and no longer supported by HP.

Schedules created using previous versions of HIDS need to be migrated to HIDS 4.1. For

more information on migrating schedules, see the Release Notes available at

http://www.docs.hp.com in the Internet Security Solutions section.

Performance

There are no known performance issues.