Manualshelf

Host Intrusion Detection System Administrator's Guide Release 3.1

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
21222324252627282930
Overview
What HP-UX HIDS Does
Chapter 1
9
What HP-UX HIDS Does
HP-UX HIDS is an intrusion detection product that can enhances local host-level
security within the network. It automatically monitors each configured host system
within the network for possible signs of unwanted and potentially damaging intrusions.
If an intrusion is successful, it could lead to the loss of availability of key systems or
could compromise system integrity.
As HP-UX HIDS continuously examines ongoing activity on a system, it seeks out
patterns that might suggest security breaches or misuses. Security threats or breaches
can include attempts to break into a system, subversive activities or spreading a virus.
Once you have activated HP-UX HIDS for a given host system and it detects an
intrusion attempt, the host sends an alert to the administrative interface where you can
immediately investigate the situation, and when necessary, take action against the
intrusion. In addition, you can set up a customized local response to an alert.
HP-UX HIDS can even provide notification in the event of suspicious activity that might
precede an attack. By contrast, other intrusion detection systems often allow a potential
intruder considerable time to damage the system before being detected, because they
rely entirely on an operator-instigated analysis of system log files, typically performed at
the end of a day.
HP-UX HIDS is particularly useful for enterprise environments where centralized
management tools control networks of heterogeneous systems. These environments
include, for example, web servers, transaction processors, application servers, and
database systems.
HP-UX HIDS uses knowledge about how host systems, the network, or the entire
enterprise might be exploited and applies that expertise to the flow of system events.
Many intrusions, while differing in their scenarios, reuse the same “building blocks” to
exploit a wide variety of system vulnerabilities. As a result, HP-UX HIDS uses known
building blocks to protect resources against, both, existing attack scenarios and
unknown scenarios.
HP-UX HIDS provides simplified administration through a secure, management
graphical user interface (GUI), the HP-UX HIDS System Manager.
HP-UX HIDS provides a customizable intrusion response capability. Hosts always send
alerts to the administration interface. You can augment this with automated host-based
response programs that you can customize for the host that is being monitored. HP
provides such a program for OpenView Operations (OVO) integration; you can create
your own.