HP-UX 11i Version 2 May 2005 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i v2 Foundation OE LTU

151

152

153

154

155

156

157

158

159

160

Security

HP-UX Host Intrusion Detection System

Chapter 8

154

— Template consolidation and property changes in HIDS Release 3.0: Prior to this

version of HIDS, the functionality of the “Monitor Logins/Logouts” template and

the “Monitor Start of Interactive Sessions” overlapped each other. This

overlapping functionality has been rectified in HIDS Release 3.0 and the two

templates have been consolidated into a single template called the “Monitoring

Logins/Logouts” template.

— Filtering of alerts: HP-UX HIDS provides a number of new template properties

for better filtering of unwanted alerts.

— Reducing alert volume: The default template setting for out-of-the-box

configurations has been fine-tuned to reduce the alert volume.

— Automating HP-UX HIDS deployment and management processes: A

command-line interface tool, idsadmin, is supported to automate the HIDS

deployment and management process.

— Alert Description: HP-UX HIDS provides descriptive alert messages to assist in

developing more comprehensive filtering within template properties.

— Migration Utilities: New conversion utilities are available to migrate HP-UX

HIDS Release 2.

customizations to the new HP-UX HIDS Release 3.0 template

format to reduce deployment efforts.

— Using OpenSSL for securing agent-admin communication: HP-UX HIDS now

has a dependency on the OpenSSL product

available in the HP-UX Operating

Environments (as well as at http://software.hp.com). The main benefit is

that any SSL-related vulnerability fixes can be made readily available to HP-UX

HIDS customers without the need for a new release of HIDS.

— Reducing System Reboot: The HP-UX HIDS bundle has been split into two

products, namely IDS and IDS-KERN, to reduce the probability of a system reboot

for future HP-UX HIDS updates.

• Version 3.1 (delivered both on the Web and with the May 2005 release of HP-UX):

HP-UX HIDS Release 3.1 contains fixes to a number of defects reported against v3.0,

as well as a number of enhancements:

— Defect fixes are mainly focused on addressing issues with the idscor process

terminating abnormally.

— Enhancements include better filtering capabilities and additional alert

information in order to facilitate more automated response.

Impact

HP-UX HIDS Release 3.0 offers better performance and CPU utilization, many

enhancements as well as defect fixes. HP-UX HIDS Release 3.1 is a maintenance release

containing defect fixes, as well a few enhancements. To learn more about these fixes and

enhancements, refer to the HP-UX HIDS Release Notes.

Compatibility

HP-UX HIDS Release 3.1 is backward compatible with Release 3.0. It is not backward

compatible with Release 2.0, Release 2.1, Release 2.2, and Release 1.0.

1. See also “OpenSSL” on page 162.