HP-UX Host Intrusion Detection System Release 4.0 Release Notes for HP-UX 11i v1 | HP-UX 11i v2 | HP-UX 11i v3

Benefits

The HP-UX HIDS intrusion detection product offers the following benefits:

• Automatically monitors each configured host system within the network for

possible signs of unwanted and potentially damaging intrusions.

• Provides continuous surveillance against inappropriate system usage that include

attempting to break into or disrupt the system, modifying system files and

directories, or attempting to spread a virus.

• Continuously examines ongoing activity on a system and seeks out patterns that

might suggest security breaches or misuse due to the exploitation of certain

vulnerabilities:

Vulnerability: Unauthorized File Modification

Monitors: Critical system and application programs and configuration

files

System and application log files

File additions and deletion

Critical files made world writable

Privileged “setuid” programs created

Files modified by non-owners

Vulnerability: Poorly written privileged programs

Monitors: Buffer overflows and Race conditions

Vulnerability: Weak password or unauthorized access

Monitors: Logins/Logouts

Vulnerability: Password guessing

Monitors: Failed logins and failed su attempts

• Complements network-based security solutions and bolsters the overall security

of the computing infrastructure. HP-UX HIDS is designed to detect intrusions that

network-based security products cannot identify, thereby strengthening the

integrity of the host system as the last line of defense.

• Provides immediate notification when a suspicious activity is detected, and

supports real-time response.

Documentation

The HP-UX HIDS documentation includes manuals, manpages, information on the HP

OpenView SMART Plug-In, an IDS Mailing List, and the ITRC Security Forum.

Benefits 11