HP-UX Host Intrusion Detection System Version 4.2 Release Notes

HP-UX HIDS is a host-based HP-UX security product for HP computers running HP-UX 11i.

HP-UX HIDS enables security administrators to proactively monitor, detect, and respond to

attacks targeted at specific hosts. Many types of attacks can bypass network-based detection

systems. HP-UX HIDS monitors these bypassed attacks and complements the existing

network-based security mechanisms, bolstering enterprise security.

HP-UX HIDS seeks patterns that might suggest security breaches or misuse by examining

information about system activity from a variety of data sources. It detects illicit activities that

include attempting to break into or disrupt the system, modifying system files and directories,

or attempting to spread a virus. When HP-UX HIDS detects an intrusion attempt, it issues an

transaction processors, application servers, and database systems.

HP-UX HIDS version 4.2 software is backward compatible with version 4.1, version 4.0, and

version 3.1. However, schedules created with 3.1 and 4.0 versions of HIDS must be migrated to

HIDS version 4.2. Schedules created with 4.1 version of HIDS do not need to be migrated.

However, in order for a 4.1 schedule to contain the new 4.2 schedule global properties, the

migrator tool must be run on the v4.1 schedule or the 4.2 GUI must be started to load and save

the v4.1 schedule or the schedule text file must be directly edited to add the new global variables.

For more information about migration, see “Migrating Schedules from Older Versions of HIDS”

(page 21)

HP-UX HIDS is not compatible with all HP software products; see Table 1-1 for the list of products

that are supported. Do not run HP-UX HIDS on systems that are running unsupported products

(or vice versa).