HP-UX Host Intrusion Detection System Release 4.1 Release Notes for HP-UX 11i v1 | HP-UX 11i v2 | HP-UX 11i v3

• Continuously examines ongoing activity on a system and seeks out patterns that

might suggest security breaches or misuse due to the exploitation of certain

vulnerabilities:

Vulnerability: Unauthorized File Modification

Monitors: Critical system and application programs and configuration

files

System and application log files

File additions and deletion

Critical files made world writable

Privileged “setuid” programs created

Files modified by non-owners

Vulnerability: Poorly written privileged programs

Monitors: Buffer overflows and Race conditions

Vulnerability: Weak password or unauthorized access

Monitors: Logins/Logouts

Vulnerability: Password guessing

Monitors: Failed logins and failed su attempts

• Complements network-based security solutions and bolsters the overall security

of the computing infrastructure. HP-UX HIDS is designed to detect intrusions that

network-based security products cannot identify, thereby strengthening the

integrity of the host system as the last line of defense.

• Provides immediate notification when a suspicious activity is detected, and

supports real-time response.

Documentation

The HP-UX HIDS documentation includes manuals, manpages, information on the HP

OpenView SMART Plug-In, an IDS Mailing List, and the ITRC Security Forum.

Manuals

The following documents are available at the HP technical documentation Website in

the Internet Security Solutions collection, http://docs.hp.com/en/internet and on the

Instant Information CD in the Internet and Security Solutions collection.

TitleHP Part No.

HP-UX Host Intrusion Detection System Release 4.1 Release Notes.5992–2109

HP-UX Host Intrusion Detection System Release 4.1 Administrator's Guide5992–2108

Documentation 15