Manualshelf

Host Intrusion Detection System Administrator's Guide Release 3.0

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
21222324252627282930
Overview
Glossary of HP-UX HIDS Terms
Chapter 1
13
Glossary of HP-UX HIDS Terms
/etc/hosts File of host names and IP addresses that are known to the local
system.
Administration System
A system (node) in your network that is configured to run the HP-UX
HIDS System Manager program. See also System Manager
Agent The HP-UX HIDS component that gathers system data, monitors
system activity, and issues notifications upon detection of an intrusion.
Agent Host See Agent System
Agent System A system (node) in your network that is configured to run the HP-UX
HIDS agent program.
Alert Also referred to as a notification. A message sent by HP-UX HIDS
warning of a suspected or actual intrusion and usually calling for some
sort of action in response. Typically, the alert is sent to a display
window on the management component and logged as an entry to a log
file.
Audit Data Also referred to as a kernel audit data. The most detailed level of
system data utilized by HP-UX HIDS. As each system call is executed,
its parameters and outcome are recorded in a log file. These records of
system activity are used by HP-UX HIDS for intrusion detection.
Console See Administration System and System Manager
Correlator A core component of HP-UX HIDS that interprets and categorizes the
data sources, correlates the information to known detection templates,
and sends notification of any suspected intrusions to the HP-UX HIDS
System Manager.
Data Source The HP-UX HIDS requires data generated by the system to detect
intrusions. A data source is such a generator of data. For example, the
system log file (syslog) is a potential data source, as is kernel audit
data.
Data Source Process
A component of the HP-UX HIDS agent that reads the data sources
and presents the information for alert calculation.
Detection Template
Basic “building block” or pattern known to be used in security attacks
on systems. It is knowledge of these characteristic types of
unauthorized system activity that is used by HP-UX HIDS when
detecting security attacks.
DSP See Data Source Process
GUI See System Manager
Host System See Agent System
IDDS See Intrusion Detection Data Source
IDS See Intrusion Detection System