Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX 11i Version 1.6 Release Notes: HP-UX Servers and Workstations > Chapter 8 Other Functionality

HP Intrusion Detection System/9000 (IDS/9000)
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

HP Intrusion Detection System/9000 (IDS/9000), a host-based intrusion detection system for HP-UX.

Version 2.1 is new for IPF systems in HP-UX 11i v1.6. (Versions 1.0, 2.0, and 2.1 have been previously delivered for PA-RISC systems in HP-UX 11.00 and 11i.)

Summary of Change

IDS/9000 enables security administrators to proactively monitor, detect, and respond to attacks targeted at specific hosts. Since there are many types of attacks that can bypass network-based detection systems, IDS/9000 complements existing network-based security mechanisms, bolstering enterprise security.

Details of Change

The IDS/9000 product details are:

  • Administrative GUI: task-oriented and easy to use. Controls the interactions for installing, configuring, monitoring and controlling IDS/9000 agents.

  • Integrated with OpenView Operations (OVO, formerly known as VPO or ITO) and the associated Smart Plug In (SPI): Enables users to monitor IDS/9000 alerts from the OVO management console. For configuration and control of IDS/9000 agents, the IDS/9000 administrative GUI is launched from within the OVO console.

  • Enhances local host-level security within your network by automatically monitoring each configured host system within the network for possible signs of unwanted and potentially damaging intrusions.

  • Provides continuous surveillance against inappropriate system usage that is characteristic of hacker break-in attempts, subversive inside activities, and viruses.

  • The types of threats that IDS/9000 counters include the following:

    System Critical:

    Unauthorized access

    Privilege violations

    Trojan horse

    "Root" exploits

    HP-UX OS:

    Race condition

    Buffer overflow

    Password guessing

    User Security:

    Failed logins

    Failed SU attempts

    User A modifying User B's file

    Files:

    Modification of critical system files and directories

    Creation of world writable files

    Creating setuid files

    File additions and deletions

  • Multiple response script capability: Users can have multiple response scripts invoked when an alert is generated, in addition to simultaneous reports sent to the administrative GUI.

Impact

No impact.

Compatibility

Version 2.1 is not compatible with HP-UX systems that are running version 1.0.Version 2.1 is compatible with PA-RISC systems that are running version 2.0 or 2.1.

Performance

IDS/9000 runs in compatibility mode on IPF systems. Given the associated emulation overhead, we anticipate significant performance degradation. Therefore, we recommend that you do not run IDS/9000 agents on IPF production systems.

Obsolescence

The use of the SIGSEGV signal to terminate agent processes is deprecated, IPF systems should use SIGTERM instead.

Documentation

The following documents are available in the Internet and Security Solutions collection on the Instant Information CD and at http://docs.hp.com/hpux/internet:

HP Intrusion Detection System/9000 Release 2.1 Release Notes, Product Number J5083-90008.
HP Intrusion Detection System/9000 Administrator's Guide, Product Number J5083-90007.


Shadow Passwords
  		 


CDE Environment  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2002 Hewlett-Packard Development Company, L.P.