Manualshelf

HP ProCurve Threat Management Solution Design Guide 2009-04

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
21222324252627282930
2-21
Concepts
Deployment Options
Note that inline systems are effective in monitoring and preventing attacks, but by their
nature, they can cause bottlenecks in high-traffic areas. ProCurve recommends that you
deploy IPSs at critical network locations requiring high security or in areas where there is
a high probability of attack.
NIM + Offline IDSIn this deployment an offline IDS passively detects attacks by
monitoring traffic sent to it from a mirror port. If the IDS detects an attack, it takes no
action itself; instead, it sends an alert to NIM, which takes the appropriate action.
In Figure 2-15, the HP ProCurve switch that serves the employee cubicles has been
configured to mirror traffic from the cubicles to the IDS. The IDS examines that traffic and
notifies NIM if it detects a virus or other attack. NIM then discovers the location of the
attacker and takes the appropriate action to stop the attack.
Figure 2-15. NIM with an Offline IDS
Internet
NIM
Data
Center
Employee
Cubicles
Visitor Lobby
Conference Rooms
Security Events
to NIM
ProCurve
Switch
Mirrored Data
Traffic in to
Switch Ports
Offline IDS
NIM Response to
Any Supported
Switch Port
or Wireless
Device