TMS zl Module Planning and Implementation Guide 2009-08
Table Of Contents
- Contents
- Glossary of Acronyms and Abbreviations
- 1.0 Purpose
- 2.0 Intended Audience
- 3.0 Objectives
- 4.0 Prerequisites
- 5.0 Skills
- 6.0 The HP ProCurve Threat Management Services zl Module
- 7.0 Common TMS Security Control Points
- 8.0 Deployment Considerations
- 9.0 Installation and Preparation of the TMS zl Module
- 10.0 Configuration of the TMS zl Module
- 11.0 Using multiple HP ProCurve Threat Management Services zl Modules
- Appendix A – Additional References
- Appendix B – Sample Company Information Assets Spreadsheet
- Sample “Information Assets” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “Server Network Details” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “TMS Zones” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “Firewall Rules” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- /Sample “Company Information Assets” Microsoft Excel 2003 spreadsheet
- Appendix C – Information Gathering Tools
- Appendix D - Updating Switch Software
- Appendix E – Emergency Recovery Process
Page 26
7.2.2 IDS/IPS
Similar to the Perimeter firewall placement scenario, IDS/IPS can be deployed
in data center placements as an IDS and IPS with a minimum of two modules.
The IDS, with a module in monitor mode, is configured to monitor a baseline
of intrusion activity at the outside of the firewall. The IPS, running on the
module shown above in routing mode, is configured to check for protocol-
specific intrusion signatures, generic per-protocol anomalies and general IP
protocol anomalies.
• SNMP-specific: SNMP Get Guessable Community, Network Interface
Enumeration, LANMan Services / Shares / Users Enumeration, Host
Process Enumeration, ARP Table Enumeration, TCP Connections
Enumeration, UDP Listeners Enumeration, etc.
• H.323-specific: Vulnerability in H.323 Protocol Implementation
• Citrix-specific: Check for a Citrix Server
• SQL-specific: IIS BattleAxe Forum SQL Injection, Oracle 9iAS Portal
Demo SQL Injection, All-In-One Control Panel SQL Injection, etc.
• Active Directory-specific: Microsoft Windows LSASS Buffer Overflow
Attempt
• SMB-specific: Microsoft SMB ADMIN$ Hidden Share Access, Samba
SMB Share Access by Directory Traversal, Microsoft SMB C$ Hidden
Share Access, etc.
• VMware-specific: VMware Workstation Create Process and Create
ProcessEx Code Execution, VMware IntraProcessLogging.DLL Arbitrary
File Overwrite Vulnerability, etc.
• Generic SNMP: Malformed SNMP message with wrong ASN.1 types,
Check for ASN.1 lengths that exceed packet length