HP-UX Host Intrusion Detection System Version 4.3 release notes
Table 1-1 HP-UX HIDS Product Compatibility (continued)
Supported?Product
NoHP-UX 11i v1
YesNIS, NIS+
YesOpenView
Not testedServiceGuard
Not testedThird-party Event Monitoring Service (EMS)
YesTrusted Mode operation
NoVirtual Vault
Localization
The HP-UX HIDS software and documentation are not localized in non-English languages.
Benefits
The HP-UX HIDS intrusion detection product offers the following benefits:
• Automatically monitors each configured host system within the network for possible signs
of unwanted and potentially damaging intrusions.
• Provides continuous surveillance against inappropriate system usage that include attempting
to break into or disrupt the system, modifying system files and directories, or attempting
to spread a virus.
• Continuously examines ongoing activity on a system and seeks out patterns that might
suggest security breaches or misuse due to the exploitation of certain vulnerabilities:
Vulnerability: Unauthorized File Modification
Monitors: Critical system and application programs and configuration files
System and application log files
File additions and deletion
Critical files made world writable
Privileged “setuid” programs created
Files modified by non-owners
Vulnerability: Poorly written privileged programs
Monitors: Buffer overflows and Race conditions
Vulnerability: Weak password or unauthorized access
Monitors: Logins/Logouts
Vulnerability: Password guessing
Monitors: Failed logins and failed su attempts
Monitors: Messages logged to text based log files
• Complements network-based security solutions and bolsters the overall security of the
computing infrastructure. HP-UX HIDS is designed to detect intrusions that network-based
security products cannot identify, thereby strengthening the integrity of the host system as
the last line of defense.
• Provides immediate notification when a suspicious activity is detected, and supports real-time
response.
8 Announcement