HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software

Kernel The core of the operating system. It is the compiled code responsible for managing the

system’s resources, such as memory, file system, and input and output.

Managed host A host that is actively managed by the HIDS Administrative GUI or CLUI.

Open View

Operations

(OVO)

A distributed client and server software solution designed to detect, solve, and prevent

problems occurring in networks, systems, and applications in any enterprise. OVO is a

scalable and flexible solution that can be configured to meet the requirements of any IT

organization and its users. In addition, you can expand the applications of OVO by

integrating management applications from HP OpenView partners or other vendors.

Real-time

alert

An alert that is issued immediately after a potential sign of an intrusion is detected.

Response

Script

Once HP-UX HIDS detects an intrusive activity, it sends an alert to the System Manager.

In addition, it executes a set of programs located on the system that was attacked. This

script is passed with the details of the alert, and can take whatever actions the system

administrator requires.

Secure

Sockets Layer

(SSL)

A protocol for sending data across a network that prevents an eavesdropper from

observing or modifying any data transmitted. It is used for all HP-UX HIDS

communication between agent systems and the administration system.

Summary

alert

An alert containing a summary of duplicate, suppressed alerts of a previously reported

alert.

Suppression

count

The maximum number of duplicate alerts suppressed for a given alert.

Suppression

interval

The maximum elapsed time during which duplicate alerts of a particular alert are

suppressed.

Surveillance

Group

A group of detection templates. For example, all detection templates related to checking

for file system intrusions that can be grouped into a “File System” surveillance group.

Surveillance

Schedule

A set of configurable surveillance groups to be deployed on one or more systems on a

scheduled basis. A particular surveillance group is assigned to run on a given system

at one or more particular times of the day on one or more given days of the week.

System

Manager GUI

The graphical user interface (GUI) through which you control the operations of HP-UX

HIDS and where notification of alerts are displayed.

Template

Properties

External values provided as parameters to templates to change a template behavior at

run time.

Tune Report A report containing a summary of all the unique alerts across multiple agents that are

running the same schedule and that includes suggested filtering rules. The Tune Report

is generated by the idsadmin tune command and is not an Alert Report generated

by the idsadmin report command

Virus A piece of potentially malicious code that, when run, attaches itself to other programs.

When these programs are executed, the malicious code is also executed.

Vulnerability A point at which a system can be subverted by an attacker. Vulnerabilities result from

flaws in coding or design.

32 Introduction