Manualshelf

Host Intrusion Detection System Administrator's Guide Release 3.0

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
11121314151617181920
Overview
What HP-UX HIDS Does
Chapter 1
8
What HP-UX HIDS Does
HP-UX HIDS is an HP-UX intrusion detection product that can enhance local host-level
security within your network. It does this by automatically monitoring each configured
host system within the network for possible signs of unwanted and potentially damaging
intrusions. If successful, such intrusions could lead to the loss of availability of key
systems or could compromise system integrity.
As HP-UX HIDS continuously examines ongoing activity on a system, it seeks out
patterns that might suggest security breaches or misuses. These might include, for
example, an attacker attempting to break into or disrupt your system, subversive
“insider” activities, or someone trying to spread a virus. Once you have activated HP-UX
HIDS for a given host system and it detects an intrusion attempt, the host sends an alert
to the administrative interface where you can immediately investigate the situation, and
when necessary, take action against the intrusion. In addition, you can set up a
customized local response to an alert.
HP-UX HIDS can even provide notification in the event of suspicious activity that might
precede an attack. By contrast, other intrusion detection systems often allow a potential
intruder considerable time to damage the system before being detected, because they
rely entirely on an operator-instigated analysis of system log files, typically performed at
the end of a day.
HP-UX HIDS is particularly useful for enterprise environments where centralized
management tools control networks of heterogeneous systems. These environments
include, for example, web servers, transaction processors, application servers, and
database systems.
HP-UX HIDS uses knowledge about how host systems, the network, or the entire
enterprise might be exploited and applies that expertise to the flow of system events.
Many intrusions, while differing in their scenarios, reuse the same “building blocks” to
exploit a wide variety of system vulnerabilities. As a result, HP-UX HIDS can use known
building blocks to provide protection against both existing attack scenarios and even
against some unknown scenarios.
HP-UX HIDS provides simplified administration through a secure, management
graphical user interface (GUI), the HP-UX HIDS System Manager.
HP-UX HIDS provides a customizable intrusion response capability. Hosts always send
alerts to the administration interface. You can augment this with automated host-based
response programs that you can customize for the host that is being monitored. We
provide such a program for OpenViewOperations (OVO) integration; you can create your
own.