| Administration System | | A system node in a network that is configured to run the HP-UX HIDS System Manager.
|
|---|
| Agent | | The HP-UX HIDS component that gathers system data, monitors system activity, and issues notifications upon detection of an intrusion.
|
|---|
| Agent system/Agent host/Agent node | | A system node in a network that is configured to run the HP-UX HIDS agent program. The agent system is also known as the agent host or the agent node.
|
|---|
| Aggregated alert | | An alert that contains the aggregation of two or more file related real-time alerts that are triggered by the same process or by a group of related processes. As aggregation is done over a period of time, aggregated alerts by definition are issued after a delay, unlike real time alerts that are issued as soon as they are generated.
|
|---|
| Alert | | An alert is also referred to as a notification. A message sent by HP-UX HIDS warning of a suspected or actual intrusion, and usually calling for some sort of action in response. Typically, the alert is sent to a display window on the management component and logged as an entry to a log file.
|
|---|
| Alert Aggregation Tuple | | A schedule property used to aggregate any alert triggered by a process running a particular program and any alert triggered by the process’ descendent processes (that is, child process, grandchild process, and so on).
|
|---|
| Audit data | | Audit data is also referred to as a kernel audit data. The most detailed level of system data used by HP-UX HIDS. As each system call is executed, its parameters and outcome are recorded in a log file. HP-UX HIDS uses these records to detect intrusion.
|
|---|
| Console | | See Administration System and System Manager.
|
|---|
| Correlator | | A core component of HP-UX HIDS that interprets and categorizes data sources, correlates information to known detection templates, and sends notification of any suspected intrusions to the HP-UX HIDS System Manager.
|
|---|
| CSS | | Cascading Style Sheets (CSS) is a standard stylesheet language used to describe the presentation of a document written in a markup language such as HTML.
|
|---|
| Data source | | System data monitored by HP-UX HIDS to detect intrusions. Examples of data sources are the wtmp[s]/btmp[s] and su log files for monitoring logins, logouts, and su attempts, as well as kernel audit records produced by the kernel audit subsystem (IDDS) for monitoring for file system modifications and for signs of other intrusions or misuse.
|
|---|
| Data Source Process (DSP) | | A component of the HP-UX HIDS agent that reads the data sources and presents the information for alert calculation.
|
|---|
| Detection template | | Basic building block or pattern to be used to combat security attacks on systems.
|
|---|
| Duplicate alert | | An alert whose attacker (uid), target, type of attack (action), and program name attributes are same as one of the alerts already reported by HIDS, within the specified Suppression Count and Suppression Interval values.
|
|---|
| Duplicate Alert Suppression (DAS) | | A feature that suppresses duplicate alerts from being generated and reported to the HIDS administrator console. This feature is applicable only for kernel related templates except for the race condition and buffer overflow templates.
|
|---|
| HTML | | HyperText Markup Language (HTML) is a markup language for creating web pages.
|
|---|
| Intrusion | | An intrusion is also referred to as an attack. A violation of system security policy by an unauthorized outsider. An intrusion can include intruding in to an unauthorized network area, accessing certain systems within the network, accessing certain files, or running certain programs.
|
|---|
| Intrusion Detection Data Source (IDDS) | | The HP-UX kernel-based audit system used by HPUX HIDS to monitor the host system for potential intrusion activities.
|
|---|
| Intrusion Detection System (IDS) | | An automated system that detects a security violation on a system or a network.
|
|---|
| Kernel | | The core of the operating system. It is the compiled code responsible for managing the system’s resources, such as memory, file system, and input and output.
|
|---|
| Managed host | | A host that is actively managed by the HIDS Administrative GUI or CLUI.
|
|---|
| Open View Operations (OVO) | | A distributed client and server software solution designed to detect, solve, and prevent problems occurring in networks, systems, and applications in any enterprise. OVO is a scalable and flexible solution that can be configured to meet the requirements of any IT organization and its users. In addition, you can expand the applications of OVO by integrating management applications from HP OpenView partners or other vendors.
|
|---|
| Real-time alert | | An alert that is issued immediately after a potential sign of an intrusion is detected.
|
|---|
| Response Script | | Once HP-UX HIDS detects an intrusive activity, it sends an alert to the System Manager. In addition, it executes a set of programs located on the system that was attacked. This script is passed with the details of the alert, and can take whatever actions the system administrator requires.
|
|---|
| Secure Sockets Layer (SSL) | | A protocol for sending data across a network that prevents an eavesdropper from observing or modifying any data transmitted. It is used for all HP-UX HIDS communication between agent systems and the administration system.
|
|---|
| Summary alert | | An alert containing a summary of duplicate, suppressed alerts of a previously reported alert.
|
|---|
| Suppression count | | The maximum number of duplicate alerts suppressed for a given alert.
|
|---|
| Suppression interval | | The maximum elapsed time during which duplicate alerts of a particular alert are suppressed.
|
|---|
| Surveillance Group | | A group of detection templates. For example, all detection templates related to checking for file system intrusions that can be grouped into a “File System” surveillance group.
|
|---|
| Surveillance Schedule | | A set of configurable surveillance groups to be deployed on one or more systems on a scheduled basis. A particular surveillance group is assigned to run on a given system at one or more particular times of the day on one or more given days of the week.
|
|---|
| System Manager GUI | | The graphical user interface (GUI) through which you control the operations of HP-UX HIDS and where notification of alerts are displayed.
|
|---|
| Template Properties | | External values provided as parameters to templates to change a template behavior at run time.
|
|---|
| Tune Report | | A report containing a summary of all the unique alerts across multiple agents that are running the same schedule and that includes suggested filtering rules. The Tune Report is generated by the idsadmin tune command and is not an Alert Report generated by the idsadmin report command
|
|---|
| Virus | | A piece of potentially malicious code that, when run, attaches itself to other programs. When these programs are executed, the malicious code is also executed.
|
|---|
| Vulnerability | | A point at which a system can be subverted by an attacker. Vulnerabilities result from flaws in coding or design.
|
|---|
Printable version
