Manualshelf

HP ProCurve Threat Management Solution Design Guide 2009-04

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
21222324252627282930
2-22
Concepts
Deployment Options
IDSs differ from IPSs in that they are not part of the normal traffic path. While this means
that they are not able to block traffic when they detect an attack, it also means that they
will not cause a traffic bottleneck. In addition, the flexibility of mirroring (especially
remote mirroring) allows you to change the source of the traffic that you send to the IDS
to meet changing conditions on your network. Where it might be impractical to deploy
enough IPSs to monitor all the traffic in your network without causing bottlenecks, you
could use IPSs to protect the most critical network resources and use IDSs to provide
detection services in locations that have the greatest amount of anomalous activity at any
given time.
NIM + TMS zl Module in Routing Mode—As part of a Threat Management Solution,
the TMS zl Module integrates with PCM+/NIM more closely than it does with a third-party
IPS. You can use PCM+ to actually configure the module. This feature is especially helpful
if you:
Have multiple TMS zl Modules
Use PCM+ to manage other devices on your network
In addition, you can configure the TMS zl Module to send SNMP traps to NIM for further
action or analysis.
When a TMS zl Module operates in routing mode, it can be deployed in different ways to
provide either perimeter protection or internal protection.
If you want to use the TMS zl Module to provide perimeter protection, it will function as a
traditional firewall with the additional security features of an IPS and VPN capabilities. As
shown in Figure 2-16, you deploy the TMS zl Module at the perimeter of your internal
network and configure your network infrastructure and the module so that the module
routes and filters all traffic sent between the internal and external network. To allow the
TMS zl Module to route traffic between the two networks, you can configure static routes
or enable Routing Information Protocol (RIP) or Open Shortest Path First (OSPF) so that
the module can exchange dynamic routes with other routers and routing switches on your
network. Traffic transmitted on the internal network is routed by one or more routing
switches. (For specific information on how to configure the TMS zl Module in routing mode
to provide perimeter protection, see the HP ProCurve Threat Management Services zl
Module Management and Configuration Guide, which is available on the HP ProCurve
Network Web site at http://www.procurve.com/customercare/support/manuals/
index.htm.)