Manualshelf

HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
151152153154155156157158159160
3-2
Configuring a TMS zl Module as an IPS
Intrusion Prevention
Intrusion Prevention
The TMS zl Module, when operating in routing mode as an Intrusion Protection
System (IPS), can stop known viruses (identified by a signature) from spread-
ing through your network.
Signatures
TMS zl modules use a signature file containing a signature for each known
virus to check all traffic routed through or mirrored to the TMS zl Module.
This signature file must be updated regularly via a subscription service to keep
up with new attacks as they are discovered.
To ensure that the IDS gets the latest signature updates, you must purchase a
subscription license and register the TMS zl Module with the HP subscription
service. See My Software at http://hp.com/networking/mynetworking.
Protocol Anomalies
You can also configure acceptable sizes for common packet payloads for http,
SMTP, and Mime protocols on the selected IPS/IDS devices. (Additional
protocols can be configured at the TMS zl module.)
Each application protocol specifies particular policies and behavior. Using
protocol anomaly detection, a TMS zl module with IPS enabled examines
traffic to verify that traffic for a protocol conforms to the application settings.
Actions
When an IPS detects an attack, it issues an event that is categorized by threat
level, and an action can be taken based on the threat level. Each threat level
can be configured with one of the following actions:
Terminate Session
Block Matched Packet
Allow Matched Packed (default for all threat levels)
For example, when a device receives a critical event, you can terminate the
session.