Manualshelf

HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
211212213214215216217218219220
4-2
HP ProCurve Network Immunity Manager with HP ProCurve Security Devices
Contents
Task: Configure the TMS zl Module in Monitor Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-57
Subtask: Access the TMS zl Module’s CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-57
Subtask: Configure the Initial Settings for Monitor Mode . . . . . . . . . . . . . . . . . . . . . . . .4-59
Subtask: Access the Web Browser Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-60
Subtask: Configure DNS Server Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-60
Subtask: Configure Log Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-61
Subtask: Configure SNMP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-62
Subtask: Use NIM to Configure the TMS zl Module in Monitor Mode . . . . . . . . . . . . .4-65
Task: Configure ProCurve Security Devices Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-70
Task: Configure the Default ProCurve Threat Management Services Alert . . . . . . . . . .4-71
Subtask: Create a ProCurve Security Devices Alert . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-73
Subtask: Edit or Delete a ProCurve Security Devices Alert . . . . . . . . . . . . . . . . . . . . . .4-76
Subtask: Exclude Events for ProCurve Security Devices . . . . . . . . . . . . . . . . . . . . . . . .4-76
Step 3: Respond to Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-78
First Time Through the Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-78
Skip This Step . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-78
Subtask: Ensure Policy Execution Is Disabled . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-79
Optional Task: Consider Interaction with IDM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-80
Second and Subsequent Times Through the Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-81
Task: Select MAC Lockout as an Action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-81
Task: Select Enable/Disable Port as an Action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-83
Task: Select Rate Limiting as an Action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-85
Task: Select Quarantine VLAN as an Action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-87
Task: Configure Port or MAC Mirroring as an Action . . . . . . . . . . . . . . . . . . . . . . . . . .4-88
Task: Define a Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-92
Task: Enable Policy Execution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-99
Step 4: Analyze Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-100
All Times Through the Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-100
Task: Verify That Events Trigger the Alerts and Actions . . . . . . . . . . . . . . . . . . . . . . .4-100
Task: Set up Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-102
Task: Use the NBAD Diagnostic Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-102
Task: View Logs and Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-106