Host Intrusion Detection System Administrator's Guide Release 3.1
Overview
Glossary of HP-UX HIDS Terms
Chapter 1
15
Intrusion Also referred to as an attack. A violation of system security policy by
an unauthorized outsider. A violation could include intruding in to the
unauthorized network area, accessing certain systems within the
network, accessing certain files, or running certain programs.
Intrusion Detection Data
Source (IDDS) The HP-UX HIDS audit system that monitors the host system for
potential intrusion activities.
Intrusion Detection System
(IDS) An automated system that detects a security violation on a system or a
network.
Kernel The core of the operating system. It is the compiled code responsible for
managing the computer’s resources, such as memory, file system, and
input/output.
Node See Agent System
Open View Operations
(OVO) A distributed client/server software solution designed to detect, solve,
and prevent problems occurring in networks, systems, and applications
in any enterprise. OVO is a scalable and flexible solution that can be
configured to meet the requirements of any IT organization and its
users. In addition, you can expand the applications of OVO by
integrating management applications from HP OpenView partners or
other vendors.
Response Script
Once HP-UX HIDS detects an intrusive activity, and sends an alert for
the System Manager. In addition, it executes a set of programs located
on the machine that was attacked. This script is passed with the
details of the alert, and can take whatever actions the system
administrator requires.
Secure Sockets Layer (SSL)
A protocol for sending data across a network that prevents an
eavesdropper from observing or modifying any data transmitted. It is
used for all HP-UX HIDS communication between agent systems and
the administration system.
Surveillance Group
A group of detection templates. For example, all detection templates
related to checking for file system intrusions that can be be grouped
into a “File System” surveillance group.
Surveillance Schedule
A set of configurable surveillance groups to be deployed on one or more
systems on a scheduled basis. A particular surveillance group is
assigned to run on a given system at one or more particular times of
the day on one or more given days of the week.
System Manager
The graphical user interface (GUI) through which you control the
operations of HP-UX HIDS and where notification of alerts occurs.
Virus A piece of potentially malicious code that, when run, attaches itself to
other programs. When these programs are executed, the malicious code
also gets executed.