TMS zl Module Planning and Implementation Guide 2009-08
Table Of Contents
- Contents
- Glossary of Acronyms and Abbreviations
- 1.0 Purpose
- 2.0 Intended Audience
- 3.0 Objectives
- 4.0 Prerequisites
- 5.0 Skills
- 6.0 The HP ProCurve Threat Management Services zl Module
- 7.0 Common TMS Security Control Points
- 8.0 Deployment Considerations
- 9.0 Installation and Preparation of the TMS zl Module
- 10.0 Configuration of the TMS zl Module
- 11.0 Using multiple HP ProCurve Threat Management Services zl Modules
- Appendix A – Additional References
- Appendix B – Sample Company Information Assets Spreadsheet
- Sample “Information Assets” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “Server Network Details” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “TMS Zones” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “Firewall Rules” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- /Sample “Company Information Assets” Microsoft Excel 2003 spreadsheet
- Appendix C – Information Gathering Tools
- Appendix D - Updating Switch Software
- Appendix E – Emergency Recovery Process
Page 9
• l2tp - The Layer 2 Tunneling Protocol (L2TP) ALG
• msn - The MSN ALG supports the following functionalities of
Microsoft Instant Messenger 7.0:
• netbios - Windows Network Basic Input/Output System
(NetBIOS) ALG
• nntp - The NNTP ALG interprets the GROUP command of the
NNTP packets
• pptp - PPTP uses TCP 1723 for its control connection and Generic
Routing Encapsulation (GRE) for its data connection
• rpc - The Remote Procedure Call ALG
• rtspv4 - RTSP controls a stream that might be sent over a separate
protocol
• smtp - The Simple Mail Transport Protocol ALG
• sql - The SQL ALG interprets and translates the redirect messages
coming from the network listener.
• tftp - The TFTP ALG creates a dynamic association to allow the
data transfer from server to client when it sees a write/read request
from the client on the control connection.
Port triggers make use of ALGs to support applications that negotiate
connections on ports other than their well-known ones. For example, the
Remote Procedure Call (RPC) in both Windows and UNIX systems have well-
known port numbers for their portmapper services, which, in turn, dynamically
allocate port numbers for distributed processes to use for their communication.
Port triggers, through ALGs, add the necessary intelligence for the firewall to
intelligently permit these conversations by dynamically opening ports in a
specified range.
Port triggers are statically configured as compared to ALGs that are dynamic
in nature and are based on deeper inspection of the network traffic. Keep in
mind, however, that you should not use a port trigger if NAT is applied to the
traffic. Port triggers do not provide the same functionality that ALGs offer. For
example, if an upper-layer protocol carries IP addresses within its data
segment, an ALG knows where the IP address is held and can handle the traffic
appropriately even when NAT is applied. Port triggers, on the other hand,
check only the IP header.
For deeper information on ALGs and port triggers, see the “Firwall” section of
the HP ProCurve Threat Management Services zl Module Management and
Configuration Guide.
6.1.5 Denial of Service (DoS) Attack Prevention
The TMS zl Module provides for Denial of Service (DoS) and other attack
checking. IP Spoofing, Ping of Death, LAND, and IP Reassembly attacks are