Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
471472473474475476477478479480
6-6
Intrusion Detection and Prevention
IDS/IPS Concepts
You can implement the HP ProCurve Threat Management Services zl Module
both at the perimeter of or within your trusted network to provide more
comprehensive protection against both external and internal attacks.
Attack Types
In addition to understanding attack vectors, you should also understand some
of the specific types of attacks that can endanger your network. While all
attacks generally damage or incapacitate your network, most attacks can be
categorized according to the method used to inflict the damage. Again, a list
of every attack is beyond the scope of this (or any) guide, since attacks are
continuously evolving, changing, and increasing in sophistication. This sec-
tion will explore some of the most common network attacks that the TMS zl
Module can recognize (and mitigate).
Policy violations
Cross-site scripting (XSS)
SQL injection
Viruses and worms
Malware
Reconnaissance
Protocol anomalies
Traffic information
Unauthorized access
Exploits
Denial of service (DoS)
Backdoors
Policy Violations
An example of a policy violation attack is when a user leaves the password
field empty while trying to access an FTP server.
Cross-Site Scripting (XSS)
Cross-site scripting is the most common type of publicly reported security
vulnerability. An attacker can change user settings and hijack accounts,
poison cookies, expose SSL connections, gain access to sensitive page con-
tent, and manipulate many other objects associated with dynamically gener-
ated Web pages by injecting malicious scripts into the Web pages. Two types
of XSS attacks are detailed below: