Manualshelf

HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
111112113114115116117118119120
3-57
HP ProCurve Network Immunity Manager with a Third-Party IDS/IPS
Step 2: Detect Threats
Figure 3-56. Adding a Virtual Sensor
k. Optionally, click the double arrow icon to change the default values under Advanced
Options:
i. Specify how the sensor tracks inline TCP sessions (by Interface and VLAN, VLAN
Only, or Virtual Sensor). The default is Virtual Sensor. This is almost always the best
option to choose.
ii. Select the Normalizer mode (Strict Evasion Protection or Asymmetric Mode
Protection).
l. Click OK.
m. Click Apply.
4. Connect a network cable from the IDS’s switch port to the port on the sensor that you just
assigned to the IDS. In the example, that port is GigabitEthernet0/3.
5. Optionally, test the IDS configuration to verify that it is responding to malicious traffic.
a. Use port-scanning software to probe ports on your network in such a way that the
sensor detects it as malicious traffic. A common program for scanning ports in this
way is NMAP (which is available at www.insecure.org). NMAP was run in the example
network from one of the computers, using this command:
nmap -T Aggressive -A -v <IP address/prefix>
This command results in a thorough scan of all IP addresses and ports on the subnet,
which the IDS interpreted as an attack.