UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must have a host-based intrusion detection tool installed.


Overview

Finding ID Version Rule ID IA Controls Severity
V-782 GEN006480 SV-782r7_rule ECID-1 Medium
Description
Without a host-based intrusion detection tool, there is no system-level defense when an intruder gains access to a system or network. Additionally, a host-based intrusion detection tool can provide methods to immediately lock out detected intrusion attempts.
STIG Date
Draft AIX Security Technical Implementation Guide 2011-08-17

Details

Check Text ( C-285r3_chk )
A few applications providing host-based network intrusion protection are:

- Dragon Squire by Enterasys Networks
- ITA by Symantec
- Hostsentry by Psionic Software
- Logcheck by Psionic Software
- RealSecure agent by ISS
- Swatch by Stanford University

Ask the SA or IAO if a host-based intrusion detection application is loaded on the system.

Procedure to determine if the application is loaded on the system:
# find / -name -print



Determine if the application is active on the system.

Procedure:
# ps –ef | grep

If no host-based intrusion detection system is installed on the system, this is a finding.
Fix Text (F-936r3_fix)
Install a host-based intrusion detection tool.