HP-UX Host Intrusion Detection System Release 4.0 Release Notes for HP-UX 11i v1 | HP-UX 11i v2

Announcement

Beneﬁts

Chapter 110

Beneﬁts

The HP-UX HIDS intrusion detection product offers the following

beneﬁts:

• Automatically monitors each conﬁgured host system within the

network for possible signs of unwanted and potentially damaging

intrusions.

• Provides continuous surveillance against inappropriate system

usage that include attempting to break into or disrupt the system,

modifying system ﬁles and directories, or attempting to spread a

virus.

• Continuously examines ongoing activity on a system and seeks out

patterns that might suggest security breaches or misuse due to the

exploitation of certain vulnerabilities:

Vulnerability: Unauthorized File Modiﬁcation

Monitors: Critical system and application programs and

conﬁguration ﬁles

System and application log ﬁles

File additions and deletion

Critical ﬁles made world writablePrivileged

“setuid” programs created

Files modiﬁed by non-owners

Vulnerability: Poorly written privileged programs

Monitors: Buffer overﬂows and Race conditions

Vulnerability: Weak password or unauthorized access

Monitors: Logins/Logouts

Vulnerability: Password guessing

Monitors: Failed logins and failed su attempts