Manualshelf

HP ProCurve Threat Management Solution Design Guide 2009-04

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
21222324252627282930
2-20
Concepts
Deployment Options
Note that the MAC lockout applies to all RPs managed by the WESM. Even if the attacker
roams to a different RP (on the same WESM), the MAC address of the attacker is still locked
out of the network.
NIM + Inline IPSIn this deployment, an IPS is placed inline between two points on the
network, causing all traffic between those points to pass through it. The IPS inspects all
the traffic, and if it recognizes a virus or similar attack it blocks the attacker’s traffic.
Optionally, it can send a security alert to NIM.
In Figure 2-14, the IPS is placed in front of the corporate data center to protect the
corporate servers. If the IPS detects an attack, it blocks all traffic to the data center,
preventing the spread of a virus or other destructive agent to the servers. The IPS also
sends an alert to NIM, which then locates the source of the attack and takes the appropriate
action to stop the attack, such as blocking the port where the attack originates.
Figure 2-14. NIM with an Inline IPS Deployment