Manualshelf

HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
61626364656667686970
3-2
HP ProCurve Network Immunity Manager with a Third-Party IDS/IPS
Contents
Task: Configure a Fortinet FortiGate UTM Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-59
Subtask: Set Up the UTM Device and Load the Operating System . . . . . . . . . . . . . . . .3-59
Subtask: Set Up Communication with PCM+ and NIM . . . . . . . . . . . . . . . . . . . . . . . . .3-64
Subtask: Configure IPS Settings and Logging on the Fortinet UTM Device . . . . . . . . .3-69
Optional Subtask: Set Up the UTM Device for IPS Operation . . . . . . . . . . . . . . . . . . . .3-74
Optional Subtask: Set Up an IDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-78
Task: Configure a SonicWALL UTM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-83
Subtask: Download the Latest Version of the SonicWall Operating System . . . . . . . . .3-83
Subtask: Return the UTM Device to Its Factory Default Configuration . . . . . . . . . . . . .3-87
Subtask: Set Initial UTM Device Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-88
Optional Subtask: Set Up for IPS Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-95
Subtask: Set Intrusion Protection Parameters and Logging . . . . . . . . . . . . . . . . . . . . . .3-101
Optional Subtask: Complete the Setup of the IPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-104
Task: Configure a TippingPoint IPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-106
Subtask: Update the TippingPoint Operating System . . . . . . . . . . . . . . . . . . . . . . . . . .3-107
Subtask: Modify the Default Security Profile or Create a Security Profile . . . . . . . . . .3-110
Subtask: Edit Action Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-115
Subtask: Configure SNMP Trap Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-118
Subtask: Discover the TippingPoint IPS in PCM+ . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-118
Task: Configure Non-ProCurve Security Devices Alerts in PCM+ . . . . . . . . . . . . . . . . . . .3-120
Subtask: Modify a Default Non-ProCurve Security Devices Alert . . . . . . . . . . . . . . . .3-121
Subtask: Create a Non-ProCurve Security Devices Alert . . . . . . . . . . . . . . . . . . . . . . .3-123
Subtask: Edit or Delete a Non-ProCurve Security Devices Alert . . . . . . . . . . . . . . . . .3-125
Step 3: Respond to Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-126
First Time Through the Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-126
Skip This Step . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-126
Ensure Policy Execution Is Disabled . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-126
Second and Subsequent Times Through the Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-128
Task: Select MAC Lockout as an Action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-128
Task: Select Enable/Disable Port as an Action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-130
Task: Select Rate Limiting as an Action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-132
Subtask: Select Quarantine VLAN as an Action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-134
Task: Define a Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-136
Task: Enable Policy Execution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-143
Step 4: Analyze Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-144
All Times Through the Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-144
Task: Verify That Events Trigger the Alerts and Actions . . . . . . . . . . . . . . . . . . . . . . .3-144
Task: Set up Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-145
Task: Use the NBAD Diagnostic Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-146
Task: View Logs and Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-149