Host Intrusion Detection System Administrator's Guide Release 3.0
Overview
Glossary of HP-UX HIDS Terms
Chapter 1
14
Intrusion Also referred to as an attack. A violation of system security policy by
an unauthorized outsider or by an otherwise authorized user. A
violation could include improperly accessing the network, accessing
certain systems within the network, accessing certain files, or running
certain programs.
Intrusion Detection Data
Source (IDDS) The HP-UX HIDS audit system that monitors the system for potential
intrusion activities.
Intrusion Detection System
(IDS) An automated system that can detect a security violation on a system
or a network.
Kernel The core of the operating system.It is the compiled code responsible for
managing the computer’s resources, such as memory, file system, and
input/output.
Node See Agent System
Open View Operations
(OVO) A distributed client/server software solution designed to help system
administrators detect, solve, and prevent problems occurring in
networks, systems, and applications in any enterprise. OVO is a
scalable and flexible solution that can be configured to meet the
requirements of any IT organization and its users. In addition, you can
expand the applications of OVO by integrating management
applications from HP OpenView partners or other vendors.
OVO See Open View Operations
Response Script
Once HP-UX HIDS detects an intrusive activity, it prepares an alert
for the System Manager. In addition, it can execute a set of programs
located on the machine that was attacked. This script is passed the
details of the alert, and can take whatever actions the system
administrator requires.
Secure Sockets Layer (SSL)
A protocol for sending data across a network that prevents an
eavesdropper from observing and/or modifying any data transmitted.
It is used for all HP-UX HIDS communication between agent systems
and the administration system.
SSL See Secure Sockets Layer.
Surveillance Group
A group of detection templates. For example, all detection templates
related to checking for file system intrusions might be grouped into a
“File System” surveillance group.
Surveillance Schedule
A set of configurable surveillance groups to be deployed on one or more
systems on a scheduled basis. A particular surveillance group is
assigned to run on a given system at one or more particular times of
the day on one or more given days of the week.