TMS zl Module Planning and Implementation Guide 2009-08
Table Of Contents
- Contents
- Glossary of Acronyms and Abbreviations
- 1.0 Purpose
- 2.0 Intended Audience
- 3.0 Objectives
- 4.0 Prerequisites
- 5.0 Skills
- 6.0 The HP ProCurve Threat Management Services zl Module
- 7.0 Common TMS Security Control Points
- 8.0 Deployment Considerations
- 9.0 Installation and Preparation of the TMS zl Module
- 10.0 Configuration of the TMS zl Module
- 11.0 Using multiple HP ProCurve Threat Management Services zl Modules
- Appendix A – Additional References
- Appendix B – Sample Company Information Assets Spreadsheet
- Sample “Information Assets” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “Server Network Details” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “TMS Zones” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “Firewall Rules” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- /Sample “Company Information Assets” Microsoft Excel 2003 spreadsheet
- Appendix C – Information Gathering Tools
- Appendix D - Updating Switch Software
- Appendix E – Emergency Recovery Process
Page 14
7.0 Common TMS Security Control Points
There are three common security control points where it is anticipated that many enterprise
environments will wish to deploy the HP ProCurve Threat Management Services zl Module:
1. At the perimeter of the enterprise network where it interfaces with the Internet and/or
business partner networks to protect from untrusted external networks
2. At the entry point to the data center where the data center interfaces with the rest of the
enterprise network to provide an extra layer of protection for the concentrated, high-value
information assets typically found within
3. At interface points between significant portions of the enterprise network (separate profit and
loss business units within a large corporation or geographical continents in a multinational
corporation) in order to provide granular access control and contain threat outbreaks within
the portion of the network that they originate
Note: A consideration when implementing the TMS zl Module in these scenarios is to
keep in mind the impact on the processing overhead of each layer of traffic examination.
As with any security product that performs active traffic inspection, the type and number
of functions enabled that traffic has to pass through has an impact on overall throughput.
Please refer to the current HP ProCurve Threat Management Services zl Module
Datasheet for performance and throughput specifications for the hardware and software
versions of the TMS zl Module being implemented. This type of information can be
obtained in the
HP ProCurve Reference Library.
7.1 Perimeter
This is the most common, almost traditional, placement of a security control like the HP
ProCurve Threat Management Services (TMS) zl Module.