HP-UX Host Intrusion Detection System Version 4.2 Release Notes

Table 1-1 HP-UX HIDS Product Compatibility (continued)

Supported?Product

NoHP-UX 11i v1.6

NoHP-UX 11i v1.5

NoHP-UX 11i v1

NoHP-UX 11.0

YesNIS, NIS+

YesOpenView

Not testedServiceGuard

Not testedThird-party Event Monitoring Service (EMS)

YesTrusted Mode operation

NoVirtual Vault

Localization

The HP-UX HIDS software and documentation are not localized in non-English languages.

Benefits

The HP-UX HIDS intrusion detection product offers the following benefits:

• Automatically monitors each configured host system within the network for possible signs

of unwanted and potentially damaging intrusions.

• Provides continuous surveillance against inappropriate system usage that include attempting

to break into or disrupt the system, modifying system files and directories, or attempting

to spread a virus.

• Continuously examines ongoing activity on a system and seeks out patterns that might

suggest security breaches or misuse due to the exploitation of certain vulnerabilities:

Vulnerability: Unauthorized File Modification

Monitors: Critical system and application programs and configuration files

System and application log files

File additions and deletion

Critical files made world writable

Privileged “setuid” programs created

Files modified by non-owners

Vulnerability: Poorly written privileged programs

Monitors: Buffer overflows and Race conditions

Vulnerability: Weak password or unauthorized access

Monitors: Logins/Logouts

Vulnerability: Password guessing

Monitors: Failed logins and failed su attempts

• Complements network-based security solutions and bolsters the overall security of the

computing infrastructure. HP-UX HIDS is designed to detect intrusions that network-based

8 Announcement