HP-UX Host Intrusion Detection System Version 4.4 Release Notes (5900-1612, April 2011)

1 Announcement

The HP-UX Host Intrusion Detection System Version 4.4 supports monitoring of HP-UX Containers

(HP-UX SRP).

What is HP-UX HIDS

HP-UX HIDS is a host-based HP-UX security product for HP computers running HP-UX 11i. HP-UX

HIDS enables security administrators to proactively monitor, detect, and respond to attacks targeted

at specific hosts. Many types of attacks can bypass network-based detection systems. HP-UX HIDS

monitors these bypassed attacks and complements the existing network-based security mechanisms,

bolstering enterprise security.

HP-UX HIDS seeks patterns that might suggest security breaches or misuse by examining information

about system activity from a variety of data sources. It detects illicit activities that include attempting

to break into or disrupt the system, modifying system files and directories, or attempting to spread

a virus. When HP-UX HIDS detects an intrusion attempt, it issues an alert to the administrative

interface, where users can immediately investigate the situation, and take necessary action against

the intrusion. In addition, users can customize a local response to an alert as described in Appendix

B, Response Programs in the Host Intrusion Detection System Administrator’s Guide.

HP-UX HIDS is particularly useful for enterprise environments in which centralized management

tools control networks of heterogeneous systems. These environments include Web servers,

transaction processors, application servers, and database systems.

Compatibility with Previous Versions

HP-UX HIDS version 4.4 software is backward compatible with HIDS versions 4.3, 4.2, 4.1, 4.0,

and 3.1. However, surveillance schedules created with 3.1 or 4.0 must be migrated to HIDS

version 4.3 (see “Migrating Schedules from Older Versions of HIDS” (page 16)). Schedules created

with HIDS version 4.1 or 4.2 do not need to be migrated. However, a version 4.1 schedule must

be migrated in order to make use of the configuration properties introduced in version 4.2 and

supported in version 4.3.

NOTE: HP-UX HIDS v4.4 is not backward compatible with HIDS v1.0 and HIDS v2.0, v2.1, and

v2.2 (collectively referred to as HIDS 2.x). HIDS v1.0 and HIDS v2.x are obsolete. HIDS version

4.4 schedules with the Log File Monitoring detection template feature enabled cannot be

activated by HIDS agents running the HIDS v4.1 software.

The Schedules configured with Containers (SRPs) cannot be activated on agents running HIDS v4.3

and earlier.

Compatibility with Other Products

HP-UX HIDS is not compatible with all HP software products; see Table 1 for the list of products

that are supported. Do not run HP-UX HIDS on systems that are running unsupported products (or

vice versa).

Table 1 HP-UX HIDS Product Compatibility

Supported?Product

YesHP-UX 11i v3

YesHP-UX 11i v2

NoHP-UX 11i v1.6

NoHP-UX 11i v1.5

What is HP-UX HIDS 5