HP to bundle security system with servers

Hewlett-Packard Co. will begin bundling a security product designed to detect and analyze hacks on a server operating system with its hardware running HP-UX.

The IDS/9000 intrusion detection software will now be bundled with HP-UX, HP’s flavour of the Unix operating system, said Mark Crosbie, security architect at HP, speaking at the RAID 2001 conference at the University of California at Davis.

HP will also put out version 2.0 of the product in “a few weeks” and is considering making the software available for other operating systems, Crosbie said. IDS/9000 is already available as a free download from HP.

IDS/9000 looks for intrusions at the kernel level of an operating system, can take a snapshot of the system at the time of the attack and can trigger automatic responses that help lessen the impact of a hack, Crosbie said. The software uses a set of about 12 attack templates to match against unusual activity, looking to see if something seems out of the ordinary, such an odd log file or unauthorized change to a file’s properties.

Users can check for information on what system conditions were like when the attack attempts occurred and possibly use the data to avoid future break-ins. In addition, the IDS/9000 product can trigger a number of automatic responses to an intrusion, such as locking a suspect user account, sending an alert to an administrator and activating detection programs in other applications.

Detection software often takes a toll on system speed, but HP’s software lowers transaction processing throughput on an average Web site by only one per cent, Crosbie said. However, he added that on a Web site with the “worst configuration,” the product would slow transactions by about 20 per cent.

Also at the conference, research institute SRI International showed an intrusion detection system that runs on the popular Apache Web server. The SRI product can monitor as many as ten virtual clients from one central point, tracking URL (Uniform Resource Locator) requests on a Web server and collecting information on possible attacks. The group has a working prototype of the software ready for iPlanet E-Commerce Solutions’ iPlanet Web Server as well and is working to make the product run on databases, FTP (File Transfer Protocol) servers and mail servers, said Ulf Lindqvist, a computer scientist at SRI.

System administrators should still work to monitor resources across their networks, applications, servers and server operating systems instead of relying on one set of detection products, according to some users and vendors at the show.

“There are more systems to monitor the network, and the return on investment for network solutions has been pretty good, but each system has its advantages and disadvantages,” said Marvin Christensen, director of intrusion engineering at enterprise security and privacy services company Guardent Inc.

Companies with transaction-heavy Web sites or heavy amounts of traffic will have high performance requirements for intrusion protection products, because the companies need to focus on keeping the site’s speed high, Christensen said. With this in mind, a product such as HP’s that monitors the operating system would need to show it can stay out of the way of other applications and not hamper processing power too much.

HP, in Palo Alto, Calif., is at http://www.hp.com/.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now