PCI-DSS Compliance for an HP-UX Host
17
11.4 Use either intrusion detection systems or intrusion prevention
systems or both to monitor all traffic in the cardholder data environment
and alert personnel to suspected compromises
Intrusion Detection
Intrusion detection detects illegal and improper use of computing resources by unauthorized personnel, before
such misuse results in excessive damage. This detection system constantly monitors critical systems and data to
protect them from attacks.
HP-UX HIDS continuously examines ongoing activity on a system, and it seeks out patterns that suggest security
breaches or misuses. Once HP-UX HIDS is activated for a given host system and it detects an intrusion attempt, the
host sends an alert to the administrative interface where admin can immediately investigate the situation, and
when necessary, take action against the intrusion. Enable Login or Logout, Repeated failed logins and Repeated
failed su commands templates for monitoring traffic in the system components to address this requirement.
For more information about HP-UX HIDS, see Appendix A.
Intrusion Prevention
HP-UX IPFilter can be configured to block unwanted traffic at the perimeter of the cardholder data environment and
the critical points within the network. For more information about HP-UX IPFilter, see the description in
Requirement 1.
This requirement can also be addressed by "HP TippingPoint Intrusion Prevention Systems (IPS)".
For more information about Tipping Point, see Appendix A.
11.5 Deploy file-integrity monitoring tools to alert personnel to
unauthorized modification of critical system files, configuration files, or
content files; and configure the software to perform critical file
comparisons at least weekly
File-integrity monitoring systems check for changes to critical files, the modification of which can indicate a system
compromise or risk of compromise, and notify when such changes are detected. Such unauthorized changes, if
undetected, can either render existing security controls ineffective or result in cardholder data being stolen with no
perceptible impact to normal processing or both.
Many of the files on an HP-UX system must not be modified during normal operation. This includes the system-
supplied binaries and libraries, and the kernel. Additionally, software packages are not usually installed or modified
during normal system operation. A system with critical files modified is vulnerable to further attacks. Attackers
often modify system files to plant back doors. For example, if the /etc/passwd file is modified to set the root
password as empty , an attacker can then log in as superuser (root) and compromise the system or use it to launch
attacks against other systems on the network. Modification or corruption of security critical files can also lead to
denial of service attacks.
HP-UX HIDS can monitor regular files, directories, symbolic links, and special files (block files, character files, named
pipes) and send an alert to the administrative interface in case modifications or potential modifications to the
specified files occur. Admin can immediately investigate the situation, and when necessary, take action against the
intrusion. It does not determine whether a file’s contents are changed or only a change is made. It does not watch
the content of the files, only that a file was opened with write permission. HP-UX HIDS come with pre-configured
critical files (For detailed list of files monitored by default see table “Table A-9 File/Directories Template Properties”
in HP-UX HIDS administrator guide). Other critical files, such as those for custom applications, must be evaluated
and defined by the entity (that is, the merchant or service provider).
Enable Modification of files or directories template to monitor integrity of critical files. In the Modification files
template, add other critical files specific to the applications as one of the directories to be monitored.
For more information on HP-UX HIDS administration, see HP-UX Host Intrusion Detection System Administrator
Guide.
For more information about HP-UX HIDS, see Appendix A.