Manualshelf

HP-UX Host Intrusion Detection System Version 4.7 Release Notes HP-UX 11i v3 (766145-001, March 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
12345678910
Table 1 HP-UX HIDS Product Compatibility (continued)
SupportProduct
YesOpenView
Not testedServiceGuard
Not testedThird-party Event Monitoring Service (EMS)
YesTrusted Mode operation
NoVirtual Vault
Localization
The HP-UX HIDS software and documentation are not localized in non-English languages.
Benefits
The HP-UX HIDS intrusion detection product offers the following benefits:
Automatically monitors each configured host system within the network for possible signs of
unwanted and potentially damaging intrusions.
Provides continuous surveillance against inappropriate system usage that include attempting
to break into or disrupt the system, modifying system files and directories, or attempting to
spread a virus.
Continuously examines ongoing activity on a system and seeks out patterns that might suggest
security breaches or misuse due to the exploitation of certain vulnerabilities:
Vulnerability: Unauthorized File Modification
Monitors: Critical system and application programs and configuration files
System and application log files
File additions and deletion
Critical files made world writable
Privileged setuid” programs created
Files modified by non-owners
Vulnerability: Poorly written privileged programs
Monitors: Buffer overflows and Race conditions
Vulnerability: Weak password or unauthorized access
Monitors: Logins/Logouts
Vulnerability: Password guessing
Monitors: Failed logins and failed su attempts
Monitors: Messages logged to text based log files
NOTE: Logins/Logouts, Failed logins and failed su attempts are not supported in HP-UX
Containers (HP-UX SRP).
Complements network-based security solutions and bolsters the overall security of the computing
infrastructure. HP-UX HIDS is designed to detect intrusions that network-based security products
cannot identify, thereby strengthening the integrity of the host system as the last line of defense.
Provides immediate notification when a suspicious activity is detected, and supports real-time
response.
Localization 7