Manualshelf

HP ProCurve Threat Management Solution Design Guide 2009-04

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
51525354555657585960
4-7
Design
Software and Hardware Selection
NIM + TMS zl Module
You must complete all of the tasks described in “NIM Standalone” on page 4-5.
You must also determine whether the TMS zl Module will operate in routing mode or monitor
mode.
In routing mode, the TMS zl Module acts as an IPS, giving you all of the benefits of a NIM + IPS
deployment. However, the module can protect a larger network segment than many traditional
IPSs. It is the router for your internal network and detects and mitigates threats in all of the
traffic that it routes.
In routing mode, the TMS zl Module provides additional benefits such as its stateful firewall
and VPN capabilities. You can use the firewall to protect the perimeter of your network or to
filter traffic on the internal network and block threats that infiltrate there. The firewall will
automatically block a number of known attacks. In addition, you can use the firewall to
separate your network into areas of trust and apply unique access policies to each area.
The TMS zl Module also provides VPN capabilities. You can use VPNs in the traditional way—
to protect traffic transmitted over the insecure Internet—or you can use them to protect
particularly sensitive information as it is transmitted over a large corporate or campus network.
To enable the module to interoperate with NIM, configure it to send traps to PCM+. Typically,
you should disable intrusion prevention at this point so that the module detects threats but
does not take action against them. You will plan policies for managing threats with NIM and
with the module later in the security management life cycle.
In monitor mode, the module acts as an IDS, giving you the same benefits of a NIM + IDS
deployment. For this deployment option, you must verify the mirroring capabilities of your
network as described in “NIM + IDS” on page 4-6. You should also configure the module to send
traps to PCM+, allowing you to analyze these traps in PCM+.
Note Whether you use the TMS zl Module in routing mode or monitor mode, you must purchase and
register an IDS/IPS signature subscription. These signatures are updated as needed to protect
your network from emerging threats. You download the signatures to the module so that it is
ready to detect threats and then configure the module to check for updated signatures
periodically.
Plan Integration with IDM
This section describes the features of a Threat Management Solution that integrates with IDM.
You should read this section whether or not you are currently using IDM:
If you do not yet own IDM—You must decide whether you require the enhancements
provided by IDM; in which case you must purchase this PCM+ plug-in.
If you already own IDM—You must decide whether to enable or disable integration
between your existing Access Control Solution and your new Threat Management Solution.
The benefits of integrating NIM and IDM include:
Better threat protection—NIM’s actions continue to apply to a user regardless of the
user’s connection point.
Better visibility into who is generating threats:
You can view an offender’s username in NIM tables and reports.
You can view a user in IDM and see all of the actions applied to this user.
Easier setup—You can use the same times and locations for both IDM’s policies and NIM’s
policies.