TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

411

412

413

414

415

416

417

418

419

420

6-5

Intrusion Detection and Prevention

Overview

Internal Intentional Attacks. Internal intentional attacks are caused by

someone who already has some trusted access to your network. Perpetrators

might include disgruntled employees, partners, or administrators who abuse

their network access privileges to wreak havoc or deliberately open perimeter

network security holes.

Internal Unintentional Attacks. Internal attacks are largely the effect of

uninformed users or administrators. For example, less-than-savvy network

users may inadvertently release a virus or worm onto the network by using an

unsecure laptop or workstation to access the network or by downloading

infected software while accessing the Internet through the network. Or, as

another example, company policy might dictate that if the internal email

server receives an email infected with a virus or worm, it will send a warning

to every email box on the network. Although a warning is a good idea, if the

email server is slammed with infected emails, it may generate hundreds or

even thousands of warning emails that can quickly clog the network.

You can implement the HP ProCurve Threat Management Services zl Module

both at the perimeter of or within your trusted network to provide more

comprehensive protection against both external and internal attacks.

Attack Types

In addition to understanding attack vectors, you should also understand some

of the specific types of attacks that can endanger your network. While all

attacks generally damage or incapacitate your network, most attacks can be

categorized according to the method used to inflict the damage. Again, a list

of every attack is beyond the scope of this (or any) guide, since attacks are

continuously evolving, changing, and increasing in sophistication. This sec-

tion will explore some of the most common network attacks that the TMS zl

Module can recognize (and mitigate).

■ Policy violations

■ Cross-site scripting (XSS)

■ SQL injection

■ Viruses and worms

■ Malware

■ Reconnaissance

■ Protocol anomalies

■ Port scans

■ Traffic information

■ Unauthorized access