Product guide

1-11

Security Overview

Network Security Features

Precedence of Security Options. Where the switch is running multiple

security options, it implements network traffic security based on the OSI

(Open Systems Interconnection model) precedence of the individual options,

from the lowest to the highest. The following list shows the order in which the

switch implements configured security features on traffic moving through a

given port.

1. Disabled/Enabled physical port

2. MAC lockout (Applies to all ports on the switch.)

3. MAC lockdown

4. Port security

5. Authorized IP Managers

6. Application features at higher levels in the OSI model, such as SSH.

(The above list does not address the mutually exclusive relationship that

exists among some security features.)

For more information, refer to Chapter 14, “Configuring and Monitoring Port

Security”.

Key Management System (KMS)

KMS is available in several ProCurve switch models and is designed to

configure and maintain key chains for use with KMS-capable routing protocols

that use time-dependent or time-independent keys. (A key chain is a set of

keys with a timing mechanism for activating and deactivating individual keys.)

KMS provides specific instances of routing protocols with one or more Send

or Accept keys that must be active at the time of a request.

For more information, refer to Chapter 16, “Key Management System”.