HP Host Intrusion Detection System (HIDS) manual What HP-UX Hids Does
Page 20
Overview
What HP-UX HIDS Does
What HP-UX HIDS Does
HP-UX HIDS is an HP-UX intrusion detection product that can enhance local host-level security within your network. It does this by automatically monitoring each configured host system within the network for possible signs of unwanted and potentially damaging intrusions. If successful, such intrusions could lead to the loss of availability of key systems or could compromise system integrity.
As HP-UX HIDS continuously examines ongoing activity on a system, it seeks out patterns that might suggest security breaches or misuses. These might include, for example, an attacker attempting to break into or disrupt your system, subversive “insider” activities, or someone trying to spread a virus. Once you have activated HP-UX HIDS for a given host system and it detects an intrusion attempt, the host sends an alert to the administrative interface where you can immediately investigate the situation, and when necessary, take action against the intrusion. In addition, you can set up a customized local response to an alert.
HP-UX HIDS can even provide notification in the event of suspicious activity that might precede an attack. By contrast, other intrusion detection systems often allow a potential intruder considerable time to damage the system before being detected, because they rely entirely on an operator-instigated analysis of system log files, typically performed at the end of a day.
HP-UX HIDS is particularly useful for enterprise environments where centralized management tools control networks of heterogeneous systems. These environments include, for example, web servers, transaction processors, application servers, and database systems.
HP-UX HIDS uses knowledge about how host systems, the network, or the entire enterprise might be exploited and applies that expertise to the flow of system events. Many intrusions, while differing in their scenarios, reuse the same “building blocks” to exploit a wide variety of system vulnerabilities. As a result, HP-UX HIDS can use known building blocks to provide protection against both existing attack scenarios and even against some unknown scenarios.
HP-UX HIDS provides simplified administration through a secure, management graphical user interface (GUI), the HP-UX HIDS System Manager.
HP-UX HIDS provides a customizable intrusion response capability. Hosts always send alerts to the administration interface. You can augment this with automated host-based response programs that you can customize for the host that is being monitored. We provide such a program for OpenView Operations (OVO) integration; you can create your own.