R0106-HP MSR Router Series Security Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR4060 Router Chassis

Displaying and maintaining FIPS ······························································································································· 441

FIPS configuration examples ······································································································································· 441

Entering FIPS mode through automatic reboot ································································································· 441

Entering FIPS mode through manual reboot ····································································································· 443

Exiting FIPS mode through automatic reboot ··································································································· 444

Exiting FIPS mode through manual reboot ······································································································· 444

Configuring attack detection and prevention ········································································································ 446

Overview ······································································································································································· 446

Attacks that the device can prevent ··························································································································· 446

Single-packet attacks ··········································································································································· 446

Scanning attacks ················································································································································· 448

Flood attacks ························································································································································ 448

Blacklist function ··························································································································································· 449

Client verification ························································································································································· 449

TCP client verification ·········································································································································· 449

DNS client verification ········································································································································ 452

HTTP client verification ········································································································································ 452

Attack detection and prevention configuration task list ··························································································· 454

Configuring an attack defense policy ························································································································ 454

Creating an attack defense policy ····················································································································· 454

Configuring a single-packet attack defense policy ·························································································· 454

Configuring a scanning attack defense policy ································································································· 456

Configuring a flood attack defense policy ······································································································· 456

Configuring attack detection exemption ··········································································································· 461

Applying an attack defense policy to a Layer 3 interface ·············································································· 462

Applying an attack defense policy to the device ····························································································· 462

Enabling non-aggregated log output for single-packet attack events ···························································· 463

Configuring TCP client verification ····························································································································· 463

Configuring DNS client verification ··························································································································· 464

Configuring HTTP client verification ··························································································································· 465

Configuring the blacklist function ······························································································································· 465

Displaying and maintaining attack detection and prevention ················································································ 466

Attack detection and prevention configuration examples ······················································································· 469

Interface-based attack detection and prevention configuration example ······················································ 469

Blacklist function configuration example ··········································································································· 474

TCP client verification configuration example ·································································································· 475

DNS client verification configuration example ································································································ 476

HTTP client verification configuration example ································································································ 477

Support and other resources ·································································································································· 479

Contacting HP ······························································································································································ 479

Subscription service ············································································································································ 479

Related information ······················································································································································ 479

Documents ···························································································································································· 479

Websites ······························································································································································· 479

Conventions ·································································································································································· 480