Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX 11i Version 2 May 2005 Release Notes: HP 9000 Servers, HP Integrity Servers, and HP Workstations > Chapter 8 Security

HP-UX Host Intrusion Detection System
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

spacerspacerspacer
spacer
spacer
  		 
 

HP-UX Host Intrusion Detection System (HIDS) Release 3.1 is a host-based HP-UX security product for HP computers running HP-UX 11i. HP-UX HIDS Release 3.1 enables security administrators to proactively monitor, detect, and respond to attacks targeted at specific hosts. Since there are many types of attacks that can bypass network-based detection systems, HP-UX HIDS Release 3.1 complements existing network-based security mechanisms, bolstering enterprise security.

Summary of Change

Since the September 2004 release of HP-UX 11i v2, HIDS has been updated to version 3.1. Changes include the following:

  • HIDS Release 3.0 (initially delivered via the Web at http://software.hp.com):

    • Performance improvement: Significant reduction in CPU consumption and better performance throughput by the HP-UX HIDS Release 3.0 idscor correlator process.

    • Template consolidation and property changes in HIDS Release 3.0: Prior to this version of HIDS, the functionality of the “Monitor Logins/Logouts” template and the “Monitor Start of Interactive Sessions” overlapped each other. This overlapping functionality has been rectified in HIDS Release 3.0 and the two templates have been consolidated into a single template called the “Monitoring Logins/Logouts” template.

    • Filtering of alerts: HP-UX HIDS provides a number of new template properties for better filtering of unwanted alerts.

    • Reducing alert volume: The default template setting for out-of-the-box configurations has been fine-tuned to reduce the alert volume.

    • Automating HP-UX HIDS deployment and management processes: A command-line interface tool, idsadmin, is supported to automate the HIDS deployment and management process.

    • Alert Description: HP-UX HIDS provides descriptive alert messages to assist in developing more comprehensive filtering within template properties.

    • Migration Utilities: New conversion utilities are available to migrate HP-UX HIDS Release 2.x customizations to the new HP-UX HIDS Release 3.0 template format to reduce deployment efforts.

    • Using OpenSSL for securing agent-admin communication: HP-UX HIDS now has a dependency on the OpenSSL product[41] available in the HP-UX Operating Environments (as well as at http://software.hp.com). The main benefit is that any SSL-related vulnerability fixes can be made readily available to HP-UX HIDS customers without the need for a new release of HIDS.

    • Reducing System Reboot: The HP-UX HIDS bundle has been split into two products, namely IDS and IDS-KERN, to reduce the probability of a system reboot for future HP-UX HIDS updates.

  • Version 3.1 (delivered both on the Web and with the May 2005 release of HP-UX):

    HP-UX HIDS Release 3.1 contains fixes to a number of defects reported against v3.0, as well as a number of enhancements:

    • Defect fixes are mainly focused on addressing issues with the idscor process terminating abnormally.

    • Enhancements include better filtering capabilities and additional alert information in order to facilitate more automated response.

Impact

HP-UX HIDS Release 3.0 offers better performance and CPU utilization, many enhancements as well as defect fixes. HP-UX HIDS Release 3.1 is a maintenance release containing defect fixes, as well a few enhancements. To learn more about these fixes and enhancements, refer to the HP-UX HIDS Release Notes.

Compatibility

HP-UX HIDS Release 3.1 is backward compatible with Release 3.0. It is not backward compatible with Release 2.0, Release 2.1, Release 2.2, and Release 1.0.

Performance

HP-UX HIDS Release 3.0 provides significant reduction in CPU consumption and better performance throughput by the HIDS idscor correlator process. HP-UX HIDS Release 3.1 performance is not changed, and the performance remains same as in Release 3.0.

Documentation

For further information, refer to the following:

  • Manpages (directory path /opt/ids/share/man/man1m):

    • IDS_checkAdminCert(1M)

    • IDS_checkAgentCert(1M)

    • IDS_checkInstall(1M)

    • IDS_genAdminKeys(1M)

    • IDS_genAgentCerts(1M)

    • IDS_importAgentKeys(1M)

    • idsadmin(1M)

    • idsagent(1M)

    • idsgui(1M)

  • Documents (available at http://docs.hp.com/en/internet.html#HP-UX%20Host%20Intrusion%20Detection%20System):

    • HP-UX Host Intrusion Detection System Release 3.0 Release Notes

    • HP-UX Host Intrusion Detection System Release 3.1 Release Notes

    • HP-UX Host Intrusion Detection System Administrator’s Guide, Software Release 3.0

    • HP-UX Host Intrusion Detection System Administrator’s Guide, Software Release 3.1

    • HP OpenView Operations SMART Plug-In for HP-UX HIDS (Available at the HP Openview Management Software site at http://openview.hp.com. Choose Downloads, then Smart Plug-ins.)

Obsolescence

Effective June 1, 2005, the support for Release 1.0 of HP-UX HIDS will be discontinued. HP recommends that all customers using HP-UX HIDS 1.0 upgrade to Release 3.0/Release 3.1 immediately.


[41] See also “OpenSSL ”.



HP-UX Auditing System
  		 


HP-UX IPFilter  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2005 Hewlett-Packard Development Company, L.P.