Manualshelf

HP ProCurve Threat Management Solution Design Guide 2009-04

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
12345678910
2-2
Concepts
General Threat Management Architecture
2. Respond to the threat. This could be an action taken at:
The device from which the threat propagates—For example, a switch could block a
port, limit the port’s available bandwidth, or assign it to a quarantine VLAN. Alterna-
tively, the switch might lock out the offender’s MAC address from all of its ports, or an
access point (AP) might lock out the offender’s MAC address from all its wireless LANs
(WLANs).
The device that detects the threat—If the Threat Management Solution includes an
intrusion prevention system (IPS) or the HP ProCurve Threat Management Services
(TMS) zl Module, you could configure this device to take action on suspicious traffic
that it detects, including blocking the traffic or terminating the user’s session.
In addition to minimizing the disruption that the threat causes to the network, threat manage-
ment solutions can generate summaries of threat activity that you can use to:
Improve business processes
Generate regulatory reports
Tune the network defenses
Both access control and threat management rely on the trusted network infrastructure.
ProCurve infrastructure devices provide critical security capabilities that are always in place.
These capabilities include:
Secure infrastructure device management
Rogue AP protection for wireless networks
Basic protection from common exploits such as Dynamic Host Configuration Protocol
(DHCP) and Address Resolution Protocol (ARP) attacks (features that are available on the
latest-generation products)
These capabilities create a basic level of trust that the network infrastructure transmits and
stores secure data.
General Threat Management Architecture
The HP ProCurve Threat Management Solution architecture is designed to be flexible and
scalable, allowing organizations to implement the solution that best meets their needs and to
add components, and therefore capabilities, over time. The architecture includes:
A management station running HP ProCurve Manager Plus (PCM+) and HP ProCurve
Network Immunity Manager (NIM) software
HP ProCurve infrastructure devices
Optional components, which include:
HP ProCurve Identity Driven Manager (IDM)
HP ProCurve Threat Management Services (TMS) zl Module
Supported third-party security devices:
Cisco IPS 4200 Series
Fortinet FortiGate and FortiWifi Series
SonicWall E-Class NSA Series
SonicWall PRO Series
TippingPoint IPS Series