Manualshelf

Ethernet SNMP Module Installation and Reference Guide ( J2603B) 1995-10

ManualsBrandsHP ManualsComputer AccessoriesHP AdvanceStack 10-Base-T DMM Module
51525354555657585960
In addition to password protection and network management access protection
described in chapter 2, the HP AdvanceStack hub with an HP Ethernet SNMP
Module installed provides two major types of per-port security:
Intruder Prevention for inbound data (from the end user to the hub).
Eavesdrop Prevention for outbound data (from the hub to the end user).
Both of these types of security can be configured on each port individually
(all twisted-pair ports, plus the Xcvr port, and the BNC port) through the
SEcure command on the ASCII console interface. These per-port security
features are enabled by comparing the source and destination address of
each packet received or transmitted by the hub to each port’s Authorized
Station Address—the station address of the device that is authorized to
communicate through that hub port.
These features are not yet available through HP Stack Manager but they can
be set through the network management program HP Interconnect/Manager.
Intruder Prevention
Intruder Prevention stops an unauthorized computer (or other device) from
actively gaining access to the network. When a port is configured for
Intruder Prevention, the hub examines the source address of each packet
coming in through that port and compares it with the authorized station
address. If the addresses are not the same, the hub concludes that an
intruder is attempting to gain access to the network and takes the
appropriate action (as configured): either disabling the port, sending an
alarm to the network management station, or both. See “Setting Inbound
Security with Intruder Prevention” later in this appendix.
Eavesdrop Prevention
Eavesdrop Prevention stops a computer (or other device) from seeing
network traffic that is not intended for that port. When Eavesdrop
Prevention is configured on a port, the hub compares the port’s authorized
station address with the destination address of any outbound packet. If the
addresses match, the hub concludes that the packet is destined for the
computer attached to the port, and it sends the packet out through the port
unaltered. However, if the addresses do not match, the hub prevents the
computer from seeing the packet’s contents by substituting a meaningless
string of 1’s and 0’s. Note that broadcast and multicast packets are repeated
to all the ports, even when Eavesdrop Prevention is activated. See “Setting
Outbound Security with Eavesdrop Prevention” later in this appendix.
Security Information
Security Information
C-2