Manualshelf

HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
21222324252627282930
Strong Security with a Weak Link
Vulnerability of a system when you download executables from the web depends on
its weakest link. For example, a router vendor shipped boxes with a default password
that was easy to guess. Most administrators forgot to change the password. Despite
investing many hours in correctly configuring the routers for secure operation, their
security can be defeated in seconds by an attacker who knew the password.
Exploitation of Critical Infrastructure Elements
As more business is done over the Internet, more trust is placed in critical infrastructure
elements: the routers, hubs, and web servers that move data around the Internet. This
infrastructure also include DNS name servers that enable users to access URLs from
their browsers. A DNS server maps names such as www.company.com to an Internet
Protocol (IP) address, such as 10.2.3.4. By targeting these important infrastructure
services, an attacker can bring down a whole organization. Sometimes attackers do not
have to steal your information to hurt you. By simply making your systems unavailable
for use, such attackers can cause losses in both revenue and credibility in your industry.
Misconfigured Software and Hardware
If you do not configure a critical piece of software or hardware properly, your network
becomes vulnerable to security attacks. This is a particular problem in the area of
firewalls, where configuration rules are complex. One missing rule can leave your
whole internal network open to attack.
Excessive Privileges for Simple Tasks
A code that runs with privileges (such as root on UNIX® systems, or as administrator
on Windows NT® systems) is particularly vulnerable, because a simple bug can have
a major impact. Codes are not designed to handle security attacks. Moreover, most
codes run with more privileges than it needs to accomplish a task. Often a site installs
its web server to run as root, granting it far greater privileges than it needs to serve up
websites and CGI scripts. Web servers that run as root are easy targets for attack. CGI
scripts are easily accessible, and any individual can gain complete root privileges to
such systems.
Springboards to Attack the Next Target
Even if you are not attacked, your company systems can be used to launch an attack
on other victims on the Internet.
Existing Tools Are Only Part of the Solution
A number of technologies have emerged as potential solutions to the various security
problems faced by companies. Firewalls, encryption, and security auditing tools are
useful. HP-UX HIDS integrates with these existing technologies to enhance system and
network security.
Importance of Intrusion Detection 23