HP-UX Host Intrusion Detection System Version 4.4 Administrator Guide (5900-1634, April 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software

Contents

About This Document...................................................................................10

Intended Audience..................................................................................................................10

New and Changed Information in This Edition............................................................................10

Publishing History...................................................................................................................10

Document Organization..........................................................................................................10

Typographic Conventions.........................................................................................................11

HP-UX Release Name and Release Identifier...............................................................................12

Related Information.................................................................................................................12

HP Welcomes Your Comments..................................................................................................12

1 Introduction.............................................................................................13

Importance of Intrusion Detection..............................................................................................13

Who are the Perpetrators?..................................................................................................13

How are These Threats Realized?.........................................................................................14

Misplaced Trust.............................................................................................................14

Malicious Code............................................................................................................14

Strong Security with a Weak Link....................................................................................14

Exploitation of Critical Infrastructure Elements....................................................................14

Misconfigured Software and Hardware............................................................................14

Excessive Privileges for Simple Tasks................................................................................15

Springboards to Attack the Next Target............................................................................15

Existing Tools Are Only Part of the Solution............................................................................15

Firewalls......................................................................................................................15

Encryption....................................................................................................................15

Security Auditing Tools...................................................................................................16

Intrusion Detection Technology.............................................................................................16

HP-UX HIDS Functionality.........................................................................................................17

HP-UX HIDS Limitations.......................................................................................................17

HP-UX HIDS Components.........................................................................................................18

HP-UX HIDS Secure Communications....................................................................................20

Glossary of HP-UX HIDS Terms.................................................................................................20

2 Configuring HP-UX HIDS............................................................................23

Required Configuration Steps...................................................................................................23

Optional Configuration Steps...................................................................................................23

Setting Up HP-UX HIDS Secure Communications.........................................................................24

Configuring a Multihomed Agent System...................................................................................29

Example...........................................................................................................................30

Configuring a Multihomed Administration System........................................................................31

Changing the IP Address of an Administration System.............................................................33

Configuring a Loopback System................................................................................................33

Configuring Ports....................................................................................................................34

Working with NIS..............................................................................................................34

Working with Firewalls.......................................................................................................34

Enabling Multiple Agents.........................................................................................................34

Enabling More than 23 Agents (Thread Limits).......................................................................34

Enabling More than 20 Inbound Requests.............................................................................35

Restricting Permissions.............................................................................................................36

Contents 3