Host Intrusion Detection System Release 3.0 Release Notes
Announcement
Benefits
Chapter 1
5
Benefits
• HP-UX HIDS is an HP-UX intrusion detection product that can enhance local
host-level security within your network. It does this by automatically monitoring
each configured host system within the network for possible signs of unwanted and
potentially damaging intrusions. If successful, such intrusions can lead to the loss of
availability of key systems or compromise system integrity.
• HP-UX HIDS provides continuous surveillance against inappropriate system usage
that is characteristic of hacker break-in attempts, subversive inside activities, and
viruses.
• HP-UX HIDS is a perfect complement to network-based security solutions, and as
such, can bolster the overall security of the computing infrastructure. HP-UX HIDS
is designed to detect intrusions that network-based offerings cannot identify, thereby
bolstering the integrity of the host system as the last line of defense.
• As HP-UX HIDS continuously examines ongoing activity on a system, it seeks out
patterns that might suggest security breaches or misuses. The types of threats which
HP-UX HIDS monitors include the following:
System Critical Unauthorized access
Privilege violations
Trojan horse
“Root” exploits
HP-UX OS Race condition
Buffer overflow
Password guessing
User security Failed logins
Failed SU attempts
User A modifying User B’s file
Files Modification of critical system files and
directories
Creation of world writable files
Creation of setuid files
Critical file creation and deletion
• HP-UX HIDS can provide immediate notification in the event of suspicious activity
that might precede an attack.
Standard Surveillance Groups and Schedules
HP-UX HIDS provides a set of (read-only) standard (preconfigured) surveillance groups
and schedules that will appear when you start the HP-UX HIDS System Manager. You
can use them directly or as basis for the development of your own customized schedules
and groups.