HP-UX Host Intrusion Detection System Version 4.7 Administrator Guide HP-UX 11i v3 (766144-001, March 2014)
Contents
HP secure development lifecycle....................................................................10
1 Introduction.............................................................................................11
Importance of Intrusion Detection..............................................................................................11
Who are the Perpetrators?..................................................................................................11
How are These Threats Realized?.........................................................................................12
Misplaced Trust.............................................................................................................12
Malicious Code............................................................................................................12
Strong Security with a Weak Link....................................................................................12
Exploitation of Critical Infrastructure Elements....................................................................12
Misconfigured Software and Hardware............................................................................12
Excessive Privileges for Simple Tasks................................................................................12
Springboards to Attack the Next Target............................................................................13
Existing Tools Are Only Part of the Solution............................................................................13
Firewalls......................................................................................................................13
Encryption....................................................................................................................13
Security Auditing Tools...................................................................................................14
Intrusion Detection Technology.............................................................................................14
HP-UX HIDS Functionality.........................................................................................................14
HP-UX HIDS Limitations.......................................................................................................15
HP-UX HIDS Components.........................................................................................................15
HP-UX HIDS Secure Communications....................................................................................17
Glossary of HP-UX HIDS Terms.................................................................................................17
2 Configuring HP-UX HIDS............................................................................20
Required Configuration Steps...................................................................................................20
Optional Configuration Steps...................................................................................................20
Setting Up HP-UX HIDS Secure Communications.........................................................................21
Configuring a Multihomed Agent System...................................................................................26
Example...........................................................................................................................27
Configuring a Multihomed Administration System........................................................................28
Changing the IP Address of an Administration System.............................................................30
Configuring a Loopback System................................................................................................30
Configuring Ports....................................................................................................................31
Working with NIS..............................................................................................................31
Working with Firewalls.......................................................................................................31
Enabling Multiple Agents.........................................................................................................31
Enabling More than 23 Agents (Thread Limits).......................................................................31
Enabling More than 20 Inbound Requests.............................................................................32
Restricting Permissions.............................................................................................................33
3 Getting Started with HP-UX HIDS................................................................34
HIDS Quick Start Guide..........................................................................................................34
Agents..................................................................................................................................35
System Manager....................................................................................................................35
Starting HP-UX HIDS for the First Time........................................................................................35
Operations Screens.................................................................................................................36
Basic Screen Actions...............................................................................................................37
Selecting Entries in Lists.......................................................................................................37
Searching Entries...............................................................................................................37
Sorting Entries...................................................................................................................37
Contents 3