Manualshelf

HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
21222324252627282930
being monitored. HP provides a customized program for OpenView Operations (OVO)
integration; you can also create your own.
HP-UX HIDS Limitations
HP-UX HIDS cannot solve all security-related problems. Following are the limitations
of HP-UX HIDS:
HP-UX HIDS is not a replacement for comprehensive security policies and
procedures. You must define and implement security policies and procedures,
and configure HP-UX HIDS to enforce them. A lack of comprehensive policies,
procedures, and configuration can result in attacks going undetected. HP-UX HIDS
can also report false alerts, while your system remains vulnerable.
HP-UX HIDS does not prevent the onset of attacks. If your system is vulnerable
to attacks, those vulnerabilities remain even after HP-UX HIDS is installed.
HP-UX HIDS does not find static security flaws on a system, nor does it prevent
the onset of attacks. It only reports the possibility of an attack or an intrusion. For
example, if a password file contained an illegitimate account before HP-UX HIDS
was installed, that illegitimate account remains vulnerable even after HP-UX HIDS
is installed and operational. Furthermore, HP-UX HIDS cannot authenticate users
of a valid account. For example, if users share passwords, HP-UX HIDS cannot
ascertain the identity of the user gaining access to the system.
HP-UX HIDS Components
HP-UX HIDS includes the following components:
System Manager The System Manager is a GUI that enables you to configure,
control, and monitor the HP-UX HIDS system. Any intrusions detected are reported
as alerts.
Host-based agent The host-based agent gathers system data, monitors system
activity, and issues intrusion alerts.
Detection templates Detection templates contain the most commonly encountered
system attack patterns. Therefore, once these patterns of activity are recognized
as matching with one of the HP-UX HIDS detection templates, HP-UX HIDS can
detect the intrusion.
Data-gathering components HP-UX HIDS comprises modules that gather and
format information from data sources at various points within the system. Kernel
audit data and system log data are the data sources. HP-UX HIDS uses these
components to monitor all resources within the network.
Correlation engine HP-UX HIDS uses a correlation process that takes data from
system data sources and determines whether an alert must be issued.
HP-UX HIDS Components 27