HP Host Intrusion Detection System (HIDS) HP-UX Hids Secure Communications, Detection Templates

Overview

HP-UX HIDS Components

Detection Templates

HP-UX HIDS includes a set of preconfigured patterns, known as detection templates. These templates are the building blocks used to identify the basic types of unauthorized system activity or security attacks frequently found on enterprise networks. You can customize the detection templates by changing certain configurable parameters.

Surveillance Groups

Different combinations of detection templates are combined into surveillance groups. A surveillance group typically consists of related detection templates, such as, for example, those related to file system intrusions or web server attacks. Each surveillance group provides protection against one or more particular kinds of intrusion.

Surveillance Schedules

A surveillance group is then scheduled to be run regularly on one or more of the host systems it is protecting, on one or more chosen days of the week, and at one or more chosen times. This process of configuring surveillance groups to protect hosts on the basis of a regular weekly schedule is referred to as creating a surveillance schedule. A single surveillance schedule can be deployed on one or more host systems; you also have the option of creating different surveillance schedules for use on one or more of the different systems within your network.

System Log Files

System log files are monitored by HP-UX HIDS to detect logins and logouts and the start of interactive sessions.

HP-UX HIDS Secure Communications

Within HP-UX HIDS, there must be secure messaging and protocols for all communications between its components. The HP-UX HIDS secure communication uses the Secure Sockets Layer (SSL) protocol for client/server authentication, integrity, and privacy. See the “Glossary of HP-UX HIDS Terms” on page 13 and “Setting Up the HP-UX HIDS Secure Communications” on page 20 for more information.