Manualshelf

HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
21222324252627282930
Secure network communications link HP-UX HIDS uses an encrypted network
link as a means of stopping an attacker from observing the traffic between its
components, and possibly sending false data to disrupt its operations.
Response capability Alerts are sent to the System Manager. In addition, alerts can
be processed by response programs that you create or install.
For more definitions, see “Glossary of HP-UX HIDS Terms” (page 30).
Figure 1-1 shows a graphic representation of these components.
The HP-UX HIDS System Manager performs security management and develops
surveillance schedules. These schedules are sent to the HP-UX HIDS Agent where they
are run at specified times. The HP-UX HIDS agent uses Kernel Audit Data and System
Log Data to run these schedules.
If an alert is generated, it is sent to the HP-UX HIDS System Manager. The System
Manager delivers this message to you as an alert notification.
In addition, the HP-UX HIDS agent executes your alert response programs, which can
include an HP-supplied interface with OpenView Operations as well as other response
actions.
28 Introduction