Manualshelf

HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
21222324252627282930
The amount of information that flows through a typical corporate intranet and the level
of activity on most corporate servers make it impossible for any one person to
continually monitor them manually. Traditional network management and system
monitoring tools do not address the issue of helping to ensure that systems are not
misused and abused. Nor can they help detect theft of a company’s critical data from
important servers. The potential impact of computer-based crime is significant to most
corporations; their entire intellectual property often resides on servers. A tool that can
detect security-related threats and attacks as they occur significantly eases the burden
that most network administrators face.
HP-UX HIDS Functionality
HP-UX Host Intrusion Detection System (HIDS) is an intrusion detection system that
enhances local host-level security within a network. It automatically monitors each
configured host system within the network for possible signs of unwanted and
potentially damaging intrusions. If an intrusion is successful, it can lead to the loss of
availability of key systems or compromise system integrity.
HP-UX HIDS continuously examines ongoing activity on a system, and it seeks out
patterns that suggest security breaches or misuses. Security threats or breaches can
include attempts to break into a system, subversive activities, or spreading a virus.
Once you activate HP-UX HIDS for a given host system and it detects an intrusion
attempt, the host sends an alert to the administrative interface where you can
immediately investigate the situation, and when necessary, take action against the
intrusion. In addition, you can set up customized local responses to alerts.
HP-UX HIDS can provide notification in the event of suspicious activity that can precede
an attack. By contrast, other intrusion detection systems often allow a potential intruder
considerable time to damage a system before being detected, because they rely on an
operator-instigated analysis of system log files, typically performed at the end of the
day.
HP-UX HIDS is useful for enterprise environments where centralized management
tools control networks of heterogeneous systems. These environments can include web
servers, transaction processors, application servers, and database systems.
HP-UX HIDS uses knowledge about how host systems, the network, or the entire
enterprise can be exploited, and applies that expertise to the flow of system events.
Many intrusions, while differing in their scenarios, reuse the same building blocks to
exploit a wide variety of system vulnerabilities. HP-UX HIDS uses known building
blocks to protect resources against existing attack scenarios and unknown scenarios.
HP-UX HIDS provides simplified administration through a secure graphical user
interface (GUI), the HP-UX HIDS System Manager.
HP-UX HIDS provides customizable intrusion response capabilities. Hosts always send
alerts to the administration interface. You can augment these notifications with
automated host-based response programs that you can customize for the host that is
26 Introduction