Manualshelf

HP ProCurve Threat Management Solution Design Guide 2009-04

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
31323334353637383940
2-26
Concepts
Deployment Options
Figure 2-18. NIM with the TMS zl Module Operating in Monitor Mode (as an IDS Only)
Unified solutionThe deployment options described in this section can all be combined
to operate simultaneously in a network environment. In addition, you can have:
Multiple IPSs and IDSs analyze traffic
Multiple switches and wireless devices send sFlow samples NIM
You can also cause the different types of deployment options to work together sequentially.
For example, you can set up NIM so that if it detects a certain type of anomaly using the
NBAD engine, its action will be to configure traffic mirroring from the offending port to a
monitoring IDS. Then if the IDS confirms an attack and notifies NIM, NIM can take the
appropriate action to neutralize the attack. In this way, you can use two different detection
methods to arrive at a more certain diagnosis of an attack.
NIM + IDM—IDM can be used with any of the deployment options to integrate your HP
ProCurve Threat Management and Access Control Solutions.
Internet
NIM
Data
Center
HP ProCurve
5406zl Switch with
TMS zl Module
Employee
Cubicles
Visitor Lobby
Conference Rooms
Security Alerts
Mirrored
Traffic
Mirrored
Traffic
NIM Response to Any
Supported Switch or
Wireless Device