Manualshelf

Security Solutions

ManualsBrandsHP ManualsSoftwareHP ProCurve Access Control Client Software
919293949596979899100
2-24
Customer Needs Assessment
Vulnerability to Attacks
Intrusion detection system (IDS)/intrusion prevention system
(IPS)—These hardware and software solutions monitor network traffic
and look for network intrusions and attacks. Attacks are detected either
by benchmarking traffic usage and monitoring for deviations or by
inspecting traffic and looking for known attack patterns.Technologies
such as ProCurve’s Virus Throttle
TM
software—This invention of Hewlett-
Packard (HP) Labs is implemented in ProCurve Networking devices such
as the ProCurve Switch 5400zl Series. Rather than detect specific virus
signatures, Virus Throttle software works on the principle that a worm
will request sessions with a large number of devices on the network as it
attempts to spread. It limits the number of new outgoing connections (that
is, sessions or conversations with other endpoints) for each endpoint
based on parameters set by the network administrator.
ProCurve Network Immunity Manager—This plug-in for ProCurve
Manager Plus monitors network devices and detects and automatically
responds to threats, such as virus attacks, on the inside network. It
leverages security and traffic-monitoring features—such as sFlow, Virus
Throttle, and remote mirroring technologies—built into ProCurve
switches with the ProVision ASIC and performs Network Behavior Anom-
aly Detection (NBAD) to detect attacks. Optionally, Network Immunity
Manager can remotely mirror suspect traffic to an IDS/IPS for deeper
analysis.
You should assess your networks level of protection and look for weak points.
The router connecting to the Internet probably has a firewall, but do endpoints
also have firewalls and anti-virus software—and more importantly, do users
activate them?
Another step you can take is to ensure that operating systems (OSs) and
applications are patched. Many viruses and worms are designed to exploit a
security vulnerability in an OS or application. When such a security vulnera-
bility is discovered, the vendor creates a patch to eliminate it. By patching
known vulnerabilities, you can help protect your network against the attacks
that exploit them.
However, you may not always have time to manually patch endpoints before
an attack occurs. In addition, some laptops may not be attached to the network
the day you apply a patch. And if you have guests attaching to your network,
you do not know the state of their endpoints when they attach to the network.
After a careful assessment of your networks weak points, you can plan your
network access solution to shore up weak points. For example, your endpoint
integrity policy could deny network access to endpoints without anti-virus