Manualshelf

Host Intrusion Detection System Administrator's Guide Release 3.1

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
21222324252627282930
Overview
Glossary of HP-UX HIDS Terms
Chapter 1
14
Glossary of HP-UX HIDS Terms
/etc/hosts File of host names and IP addresses that are known to the local
system.
Administration System
A system node in your network that is configured to run the HP-UX
HIDS System Manager program.
Agent The HP-UX HIDS component that gathers system data, monitors
system activity, and issues notifications upon detection of an intrusion.
Agent System A system node in your network that is configured to run the HP-UX
HIDS agent program. The Agent System is also known as the Agent
Host.
Alert Also referred to as a notification. A message sent by HP-UX HIDS
warning of a suspected or actual intrusion and usually calling for some
sort of action in response. Typically, the alert is sent to a display
window on the management component and logged as an entry to a log
file.
Audit Data Also referred to as a kernel audit data. The most detailed level of
system data utilized by HP-UX HIDS. As each system call is executed,
its parameters and outcome are recorded in a log file. HP-UX HIDS
uses these records to detect intrusion.
Console See Administration System and System Manager
Correlator A core component of HP-UX HIDS that interprets and categorizes data
sources, correlates information to known detection templates, and
sends notification of any suspected intrusions to the HP-UX HIDS
System Manager.
Data Source The HP-UX HIDS analyzes system data to detect intrusions. A data
source generates this data. For example, the system log file (syslog)is
a potential data source, as is kernel audit data.
Data Source Process
A component of the HP-UX HIDS agent that reads the data sources
and presents the information for alert calculation.
Detection Template
Basic “building block” or pattern to be used in security attacks on
systems. It is the knowledge of these pattern types of unauthorized
system activity that is used by HP-UX HIDS when detecting security
attacks.
DSP See Data Source Process
GUI See System Manager
Host System See Agent System
IDDS See Intrusion Detection Data Source
IDS See Intrusion Detection System