Overview
Glossary of
Glossary of HP-UX HIDS Terms
/etc/hosts File of host names and IP addresses that are known to the local system.
Administration System
A system (node) in your network that is configured to run the
Agent | The |
| system activity, and issues notifications upon detection of an intrusion. |
Agent Host | See Agent System |
Agent System | A system (node) in your network that is configured to run the |
| HIDS agent program. |
Alert | Also referred to as a notification. A message sent by |
| warning of a suspected or actual intrusion and usually calling for some |
| sort of action in response. Typically, the alert is sent to a display |
| window on the management component and logged as an entry to a log |
| file. |
Audit Data | Also referred to as a kernel audit data. The most detailed level of |
| system data utilized by |
| its parameters and outcome are recorded in a log file. These records of |
| system activity are used by |
Console | See Administration System and System Manager |
Correlator | A core component of |
| data sources, correlates the information to known detection templates, |
| and sends notification of any suspected intrusions to the |
| System Manager. |
Data Source | The |
| intrusions. A data source is such a generator of data. For example, the |
| system log file (syslog) is a potential data source, as is kernel audit |
| data. |
Data Source Process
A component of the
Detection Template
Basic “building block” or pattern known to be used in security attacks on systems. It is knowledge of these characteristic types of unauthorized system activity that is used by
DSP | See Data Source Process |
GUI | See System Manager |
Host System | See Agent System |
IDDS | See Intrusion Detection Data Source |
IDS | See Intrusion Detection System |
Chapter 1 | 13 |
