Manualshelf

HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
12345678910
iv
Step 2: Detect Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-26
Task: Install the TMS zl Module and Select the Operating Mode . . . . . . . . . . . . . . . . . . . . .4-26
Task: Configure the TMS zl Module in Routing Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-26
Subtask: Plan Zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-26
Subtask: Access the TMS zl Module’s CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-28
Subtask: Configure Management Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-30
Subtask: Access the TMS zl Module’s Web Browser Interface and Change
the Manager Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-35
Subtask: Configure SNMP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-36
Subtask: Configure DNS Server Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-39
Subtask: Enable Communication Between the TMS zl Module and
the PCM+/NIM Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-40
Subtask: Use NIM to Configure the TMS zl Module in Routing Mode . . . . . . . . . . . . .4-42
Task: Configure the TMS zl Module in Monitor Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-57
Subtask: Access the TMS zl Module’s CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-57
Subtask: Configure the Initial Settings for Monitor Mode . . . . . . . . . . . . . . . . . . . . . . . .4-59
Subtask: Access the Web Browser Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-60
Subtask: Configure DNS Server Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-60
Subtask: Configure Log Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-61
Subtask: Configure SNMP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-62
Subtask: Use NIM to Configure the TMS zl Module in Monitor Mode . . . . . . . . . . . . .4-65
Task: Configure ProCurve Security Devices Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-70
Task: Configure the Default ProCurve Threat Management Services Alert . . . . . . . . . .4-71
Subtask: Create a ProCurve Security Devices Alert . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-73
Subtask: Edit or Delete a ProCurve Security Devices Alert . . . . . . . . . . . . . . . . . . . . . .4-76
Subtask: Exclude Events for ProCurve Security Devices . . . . . . . . . . . . . . . . . . . . . . . .4-76
Step 3: Respond to Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-78
First Time Through the Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-78
Skip This Step . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-78
Subtask: Ensure Policy Execution Is Disabled . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-79
Optional Task: Consider Interaction with IDM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-80
Second and Subsequent Times Through the Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-81
Task: Select MAC Lockout as an Action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-81
Task: Select Enable/Disable Port as an Action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-83
Task: Select Rate Limiting as an Action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-85
Task: Select Quarantine VLAN as an Action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-87
Task: Configure Port or MAC Mirroring as an Action . . . . . . . . . . . . . . . . . . . . . . . . . .4-88
Task: Define a Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-92
Task: Enable Policy Execution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-99
Step 4: Analyze Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-100
All Times Through the Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-100
Task: Verify That Events Trigger the Alerts and Actions . . . . . . . . . . . . . . . . . . . . . . .4-100
Task: Set up Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-102
Task: Use the NBAD Diagnostic Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-102
Task: View Logs and Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-106