Manualshelf

HP-UX Host Intrusion Detection System Version 4.7 Administrator Guide HP-UX 11i v3 (766144-001, March 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
11121314151617181920
Data-gathering components HP-UX HIDS comprises modules that gather and format information
from data sources at various points within the system. Kernel audit data and system log data
are the data sources. HP-UX HIDS uses these components to monitor all resources within the
network.
Correlation engine HP-UX HIDS uses a correlation process that takes data from system data
sources and determines whether an alert must be issued.
Secure network communications link HP-UX HIDS uses an encrypted network link as a means
of stopping an attacker from observing the traffic between its components, and possibly sending
false data to disrupt its operations.
Response capability Alerts are sent to the System Manager. In addition, alerts can be processed
by response programs that you create or install.
For more definitions, see “Glossary of HP-UX HIDS Terms (page 17).
Figure 1 shows a graphic representation of these components.
The HP-UX HIDS System Manager performs security management and develops surveillance
schedules. These schedules are sent to the HP-UX HIDS Agent where they are run at specified times.
The HP-UX HIDS agent uses Kernel Audit Data and System Log Data to run these schedules.
If an alert is generated, it is sent to the HP-UX HIDS System Manager. The System Manager delivers
this message to you as an alert notification.
In addition, the HP-UX HIDS agent executes your alert response programs, which can include an
HP-supplied interface with OpenView Operations as well as other response actions.
Figure 1 HP-UX HIDS Components
16 Introduction