TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

291

292

293

294

295

296

297

298

299

300

4-5

Firewall

General Firewall Concepts

Today’s networks have changed, however. As companies have adapted their

networks to meet the ever-changing face of business, the boundaries between

private and public networks have blurred. The Internet has become a critical

work tool for nearly every company, and companies have opened parts of their

private network to guests—such as partners and customers—allowing tem-

porary and permanent accounts with varying levels of access.

Although providing guests with limited network access is a good business

practice, it introduces security vulnerabilities into what was the inside, trusted

network. You must protect that network against these less-trusted users. And,

with a large percentage of attacks originating from internal sources, event

authorized users and employees might not be entirely trusted users.

In addition, even trusted users have different roles and should have rights to

different resources. Companies must implement security policies that regu-

late even internal users’ rights to internal resources.

Because these threats are occurring on the inside, trusted network, traditional

security measures—such as firewalls strategically placed between the private

and public networks—do not detect them. The traditional security measures

are still required, but companies must implement additional measures to

protect the network in this new environment. They must filter traffic within

the trusted network, checking for attacks and controlling access to network

resources.

The HP ProCurve Threat Management Services (TMS) zl Module provides this

kind of protection. The TMS zl Module acts as a traditional firewall between

and within networks. The module controls all network traffic, not just traffic

flowing between the trusted network and the untrusted; it allows you to filter

internal traffic, as well.

Advantages of an Integrated Firewall

Although firewall software can protect individual PCs, a firewall integrated

into a switch has several advantages:

■ Software firewalls often use mainstream operating systems. Attackers

study such systems for vulnerabilities. These operating systems are more

vulnerable to targeted attacks and sporadic lock-ups, which can take

down your firewall and leave your network unprotected.

■ A switch firewall protects your network entry points, stopping threats

before they get through the switch.

■ A firewall integrated with a switch allows your organization to enforce a

standard security policy for all hosts.