HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

211

212

213

214

215

216

217

218

219

220

4-5

HP ProCurve Network Immunity Manager with HP ProCurve Security Devices

Step 1: Establish a Policy

In this first step, you will establish a policy for NIM’s NBAD events. In “Step 2: Detect Threats”

on page 4-26, you will integrate the TMS zl Module with NIM and configure a policy to support

events from that device.

If this is your first time through the threat management solution design process, perform the

activities in “First Time Through the Process” on page 4-5. If this is your second time or more

through the process, skip to “Second and Subsequent Times Through the Process” on page 4-25.

First Time Through the Process

The first time you go through the security management life cycle, you need to determine the

normal level of threat activity on your network. Depending on the equipment you have on your

network, you might receive the following types of events:

■ NBAD events, using just HP ProCurve Manager Plus (PCM+) and HP ProCurve Network

Immunity Manager (NIM)

■ VirusThrottle

events and Simple Network Management Protocol (SNMP) traps from

ProCurve switches that support security features

■ Security events from the TMS zl Module

■ Security events from third-party security devices

This section will cover NBAD events; TMS zl Module events are covered in “Step 2: Detect

Threats” on page 4-26. (Events from third-party security devices are covered in Chapter 3: “HP

ProCurve Network Immunity Manager with a Third-Party IDS/IPS.”)

You can get a snapshot of network traffic by running PCM+ and NIM with their default settings.

At this point, you might want to keep things simple by not setting up Virus Throttle

until you

get a general feel for where the trouble spots on your network are likely to be. (If you want to

view information about Virus Throttle

and third-party devices now, you can find the setup

activities in the next chapter.)

To begin analyzing your network traffic to establish a baseline using NBAD, perform the tasks

that follow.

Task: Access PCM+

The first task is to access PCM+ by completing the following steps:

1. On the Windows Server 2003 server, click Start > Programs > HP ProCurve Manager > ProCurve

Manager. (The instructions in this guide were written using a Windows Server 2003 server

with the display set to Classic view. Depending on your setup, the exact steps may differ

slightly.)

2. When the PCM+ Login window is displayed, enter the Administrator user name and the

password that you configured when you installed PCM+.

The PCM+ Dashboard is displayed.