TMS zl Management and Configuration Guide ST.1.1.100226
1-37
Overview
IDS/IPS
IPS Subscription. The TMS zl Module requires a subscription to download
and update IDS/IPS signatures. The module supports these subscriptions:
■ HP ProCurve Threat Management Services 1-year IDS/IPS Subscription
(J9157A)
■ HP ProCurve Threat Management Services 2-year IDS/IPS Subscription
(J9158A)
■ HP ProCurve Threat Management Services 3-year IDS/IPS Subscription
(J9159A)
You can also purchase a module with a subscription: the HP ProCurve Threat
Management Services zl Module with 1-year IDS/IPS Subscription (J9156A).
You cannot transfer an IDS/IPS signature subscription from one module to
another unless the first module becomes inoperable; in that case you can
transfer the subscription to its replacement. For instructions on obtaining,
installing, and managing the HP ProCurve Threat Management Services IPS
subscriptions, see “Register the IDS/IPS Signature Subscription” in Chapter 6:
“Intrusion Detection and Prevention.”
Protocol Anomaly Detection
Using protocol-anomaly detection, the TMS zl Module looks for anomalies at
the application level of the packet payload. Each application protocol speci-
fies particular policies and behavior. The TMS zl Module examines traffic to
verify that traffic for a particular application behaves as expected. This type
of detection requires the module to examine each packet in a session in
context with other packets in that session. The module must buffer packets,
decode protocols, and maintain basic information about each open session
(which is defined as the flow of traffic between a particular source address
and port and a destination address and port).