Host Intrusion Detection System Release 3.1 Release Notes

Announcement

Beneﬁts

The HP-UX HIDS intrusion detection product offers the following beneﬁts:

• Automatically monitors each conﬁgured host system within the network for possible signs

of unwanted and potentially damaging intrusions.

• Provides continuous surveillance against the inappropriate system usage that is

characteristic of hacker break-in attempts, subversive inside activities, and viruses.

• Complements network-based security solutions and bolsters the overall security of the

computing infrastructure. HP-UX HIDS is designed to detect intrusions that

network-based offerings cannot identify, thereby strengthening the integrity of the host

system as the last line of defense.

• Continuously examines ongoing activity on a system and seeks out patterns that might

suggest security breaches or misuses. The types of threats that HP-UX HIDS monitors

include the following:

System critical Unauthorized access

Privilege violations

Trojan horse

“Root” exploits

HP-UX Operating System Race condition

Buffer overﬂow

Password guessing

User security Failed logins

Failed SU attempts

User A modifying User B’s ﬁle

Files Modiﬁcation of critical system ﬁles and directories

Creation of world writable ﬁles

Creation of setuid ﬁles

Critical ﬁle creation and deletion

• Provides immediate notiﬁcation in the event of suspicious activity that might precede an

attack.