Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
51525354555657585960
1-29
Overview
Deployment Models for Monitor Mode—Threat Detection
Deployment Models for Monitor Mode—
Threat Detection
In monitor mode, the TMS zl Module can detect known DoS attacks, exploits,
worms, viruses, and other threats that are launched by internal users (users
who have been allowed access to the network). It logs the attack internally
and can forward the log to a syslog server, to an SNMP server, to an SNMP
trap server, or as an email. However, the module in monitor mode does not
take action to mitigate the threat.
Deployment Location
The TMS zl Module can detect threats that originate within or without your
private network. You must simply mirror the proper network traffic to the
TMS zl Module’s internal data port (port 1).
For example, to use the module to detect internal threats, you could install
the module in a core 5400zl switch or 8212zl switch and mirror the Interswitch
Links (ISLs) to the module’s data port. To have the module detect external
threats, you could connect a 5400zl switch or 8212zl switch to your external
router. You would then mirror the traffic from the port that connects to the
router to the module’s internal data port.
The ProCurve Series 5400zl switch and ProCurve 8212zl switches support
remote mirroring. If you have other switches that support this feature, you
can mirror traffic from those switches to the module’s data port.
Deployment Tasks for Internal Threat Detection
You must complete these tasks to deploy the TMS zl Module to detect (but not
mitigate) internal threats:
1. Install the TMS zl Module in a ProCurve Series 5400 zl switch or ProCurve
8212zl switch in a core location.