2.0OVERVIEW

2.1Product Overview

HP-UX HIDS is an HP-UX host intrusion detection product that can enhance local host-level security within your network. It does this by automatically monitoring each configured host system within the network for possible signs of unwanted and potentially damaging intrusions. If successful, such intrusions could lead to the loss of availability of key systems or could compromise system integrity.

As HIDS continuously examines ongoing activity on a system, it seeks out patterns that might suggest security breaches or misuses. These might include, for example, an attacker attempting to break into or disrupt your system, subversive insider activities, or someone trying to spread a virus. Once you have activated HIDS for a given host system and it detects an intrusion attempt, the host sends an alert to the administrative interface where you can immediately investigate the situation, and when necessary, take action against the intrusion. HIDS also supports customized local responses to, for example, notify the administrator through e-mail or pager.

2.2 HP-UX HIDS Deployments

HIDS can be deployed on any HP-UX 11iv1 or 11iv2 server that contains applications and data that need to be monitored for protection and/or availability, such as web servers, transaction processors, application servers, and database systems. The performance of HIDS depends on the system load, the rate at which certain system calls are invoked by other applications, and the HIDS configuration.

2.3 Sizing and Tuning Overview

The following guidelines should be used when selecting a system to run HIDS. They are discussed in more detail in Section 3.0 Sizing and Tuning Recommendations.

Templates, the component of HIDS that detects intrusions, are designed to take advantage of multiple CPUs, if available.

The amount of memory and disk space needed depends on the system load profile and the HIDS configuration.

Sustained high loads can consume large amounts of memory. When heavily loaded, CPU is the eventual performance bottleneck.

HIDS performance tuning is limited to:

Surveillance schedule configuration

Process priority setting

System performance tuning is limited to:

Blocking vs Non-blocking IDDS mode

HP Company Internal

Page 5 of 20