TMS zl Module Planning and Implementation Guide 2009-08
Table Of Contents
- Contents
- Glossary of Acronyms and Abbreviations
- 1.0 Purpose
- 2.0 Intended Audience
- 3.0 Objectives
- 4.0 Prerequisites
- 5.0 Skills
- 6.0 The HP ProCurve Threat Management Services zl Module
- 7.0 Common TMS Security Control Points
- 8.0 Deployment Considerations
- 9.0 Installation and Preparation of the TMS zl Module
- 10.0 Configuration of the TMS zl Module
- 11.0 Using multiple HP ProCurve Threat Management Services zl Modules
- Appendix A – Additional References
- Appendix B – Sample Company Information Assets Spreadsheet
- Sample “Information Assets” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “Server Network Details” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “TMS Zones” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “Firewall Rules” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- /Sample “Company Information Assets” Microsoft Excel 2003 spreadsheet
- Appendix C – Information Gathering Tools
- Appendix D - Updating Switch Software
- Appendix E – Emergency Recovery Process
Page 24
opened.
Deny
All other traffic
AD
Apps, External,
Management,
SMB, SQL
Permit
Simple Network Management Protocol
(SNMP) Traps (UDP/162)
SQL
Management
Permit
Server Message Block (SMB, UDP/135-139,
445 and TCP/135-139, 445)
SQL
SMB
Permit
Active Directory (AD, UDP/42, 53, 88, 135,
137, 138, 389, 445, 1512 and TCP/42, 53, 88,
135, 137, 139, 389, 445, 636, 1512, 3268,
3269, AD-fixed-port, FRS-fixed-port)
SQL
AD
Note: DS-fixed-port and FRS-fixed-port require registry changes on all Global
Catalog, Domain Controller and Member Servers to fix the Directory Services and
File Replication Service ports to single ports vs. the default behavior of fully
dynamic Remote Procedure Call (RPC) that would require TCP/1024-65535 to be
opened.
Permit
Ports to be determined
- Using port maps to map SQL traffic on
whatever implementation-specific ports, for
example TCP/1433 for MS SQL Server or
TCP/3306 for mySQL, to the SQL service so
it will be examined by IPS as SQL traffic. For
example, identifying SQL Injection attempts
within conversations on the ports mapped to
the SQL service.
SQL
To Be
Determined per
installation
requirements
Note: Although not depicted above, another important use for the port mapping
feature is to map the various TCP ports used for Reverse Telnet sessions via
terminal servers for out-of-band console management of infrastructure devices to
the Telnet service. In other words, Telnet to TCP/2001 is still the Telnet protocol
and should be checked by the IPS for any protocol-specific anomalies and/or
specific signatures.
Deny
All other traffic
SQL
AD, Apps,
External,
Management,
SMB
Permit
Simple Network Management Protocol
(SNMP) Traps (UDP/162)
Apps
Management
Permit
Server Message Block (SMB, UDP/135-139,
445 and TCP/135-139, 445)
Apps
SMB
Permit
Active Directory (AD, UDP/42, 53, 88, 135,
137, 138, 389, 445, 1512 and TCP/42, 53, 88,
135, 137, 139, 389, 445, 636, 1512, 3268,
3269, AD-fixed-port, FRS-fixed-port)
Apps
AD
Note: DS-fixed-port and FRS-fixed-port require registry changes on all Global
Catalog, Domain Controller and Member Servers to fix the Directory Services and
File Replication Service ports to single ports vs. the default behavior of fully
dynamic Remote Procedure Call (RPC) that would require TCP/1024-65535 to be
opened.
Deny
All other traffic
Apps
AD, External,
Management,