Manualshelf

HP ProCurve Threat Management Solution Design Guide 2009-04

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
11121314151617181920
2-6
Concepts
General Threat Management Architecture
Figure 2-2. Threat Management Solution with Inline IPS
Offline IDS—If you are using an IDS, you can use it in offline mode and have switches
mirror traffic to it. The advantage of using this approach is that you can use fewer IDSs.
The disadvantage is that it creates a great deal of unnecessary traffic.
Figure 2-3. Threat Management Solution with Offline IDS
In a threat management solution, an inline IPS and an offline IDS can be combined with NIM
to provide greater control over threat detection. For example, if NIM detects a certain type of
threat, its action may be to configure a switch to mirror the affected traffic to an offline IDS
for more detailed analysis. If the IDS then recognizes a known virus signature, it can alert NIM,
which then takes appropriate action.
Traffic in from
External Network
Third-party
Security Device
(IPS)
ProCurve Switch
Management Station:
ProCurve Manager Plus
Network Immunity Manage
r
Optional
Security Alerts
Unblocked Traffic
to Internal Network
Management Station:
ProCurve Manager Plus
Network Immunity Manager
Security Alerts
ProCurve Switch
Traffic in
from Network
Traffic out
to Network
Mirrored
Traffic
Response to
Threat
Third-party IDS