Manualshelf

HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
11121314151617181920
2-4
HP ProCurve Network Immunity Manager Standalone Solution
Step 1: Establish a Policy
Step 1: Establish a Policy
If this is your first time through the threat management solution design process, perform the
activities in “First Time Through the Process” on page 2-4. If this is your second time or more
through the process, skip to “Second and Subsequent Times Through the Process” on page 2-23.
First Time Through the Process
The first time you go through the security management life cycle, you need to determine the
normal level of threat activity on your network. Depending on the equipment you have on your
network, you might receive the following types of events:
Network Behavioral Anomaly Detection (NBAD) events, using just HP ProCurve Manager
Plus (PCM+) and HP ProCurve Network Immunity Manager (NIM)
VirusThrottle™ events and Simple Network Management Protocol (SNMP) traps from
ProCurve switches that support security features
Security events from third-party security devices
This chapter will cover NBAD events. (Events from third-party devices are covered in the
chapters that follow.)
You can get a snapshot of network traffic by running PCM+ and NIM with their default settings.
At this point, you might want to keep things simple by not setting up VirusThrottle™ until you
get a general feel for where the trouble spots on your network are likely to be. (If you want to
view information about Virus Throttle™ and third-party devices now, you can find the setup
activities in the next chapter.)
To begin analyzing your network traffic and establish a baseline using NBAD, perform the tasks
that follow.
Task: Access PCM+
The first task is to access PCM+ by completing the following steps:
1. On the Windows Server 2003, click Start > Programs > HP ProCurve Manager > ProCurve
Manager. (The instructions in this guide were written using a Windows Server 2003 with
the display set to Classic view. Depending on your setup, the exact steps may differ slightly.)
2. When the PCM+ Login window is displayed, enter the Administrator user name and the
password that you configured when you installed PCM+.
The PCM+ Dashboard is displayed.