Manualshelf

Host Intrusion Detection System Administrator's Guide Release 3.1

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
21222324252627282930
Overview
HP-UX HIDS Components
Chapter 1
13
Detection Templates
HP-UX HIDS includes a set of preconfigured patterns, known as detection templates.
These templates are the building blocks used to identify the basic types of unauthorized
system activity or security attacks frequently found on enterprise networks. You can
customize the detection templates by changing certain configurable parameters.
Surveillance Groups
A surveillance group typically consists of related detection templates, for example, those
related to file system intrusions or web server attacks. Each surveillance group provides
protection against one or more particular kinds of intrusion.
Surveillance Schedules
A surveillance group is scheduled to be run regularly on one or more of the host systems
it is protecting, on one or more chosen days of the week, and at one or more chosen times.
This process of configuring surveillance groups to protect hosts on the basis of a regular
weekly schedule is referred to as creating a surveillance schedule. You can deploy a
surveillance schedule on one or more host systems. You can also create different
surveillance schedules for one or more systems within your network.
Kernel Audit Data
Kernel audit logs are generated by a trusted component of the operating system. The
audit logs include information about every system call that is executed on the host. The
information also includes parameters and outcomes, and are the lowest level of data
utilized by HP-UX HIDS. This data may also include information about starting and
stopping sessions for users.
NOTE HP-UX HIDS is independent of security configurations. It does not use the HP-UX C2
auditing capability, nor does it require that the system being monitored be put in trusted
mode.
System Log Files
HP-UX HIDS monitors System Log Files to detect user log in and log out, and the start
of interactive sessions.
HP-UX HIDS Secure Communications
Within HP-UX HIDS, there must be secure messaging and protocols for all
communications between its components. The HP-UX HIDS secure communication uses
the Secure Sockets Layer (SSL) protocol for client/server authentication, integrity, and
privacy. See the “Setting Up the HP-UX HIDS Secure Communications” on page 20 for
more information.