Updates For The Hp Switch Software Access Security Guide; Configuring Advanced Threat Protection; Introduction - HP 2530 Manual Supplement

1 Updates for the HP Switch Software Access Security Guide

Configuring advanced threat protection

Fix or Feature update?
Feature update: Configuring
advanced threat protection
NOTE: The features covered in this chapter are not supported on J9779A, J9780A, J9782A,
and J9783A switches.

Introduction

As your network expands to include mobile devices, continuous Internet access, and new user
classes, additional protection from attacks launched from both inside and outside your internal
network is often necessary. Advanced threat protection can detect port scans and hackers who try
to access a port or the switch itself. The following software features provide advanced threat
protection:
DHCP snooping: Protects your network from common DHCP attacks such as:
◦
Address spoofing in which an invalid IP address or network gateway address is assigned
by a rogue DHCP server.
◦
Address exhaustion of available addresses in the network DHCP server caused by repeated
attacker access to the network and numerous IP address requests.
Dynamic ARP protection: Protects your network from ARP cache poisoning such as:
◦
An unauthorized device forges an illegitimate ARP response and network devices use the
response to update their ARP caches.
◦
A denial-of-service (DoS) attack from unsolicited ARP responses changes the network
gateway IP address so that outgoing traffic prevented from leaving the network overwhelms
network devices.
Instrumentation monitor: Protects your network from other common attacks, including:
Attempts...
at a port scan to expose a vulnerability in the switch
to fill all IP address entries in the switch's forwarding
table cause legitimate traffic to be dropped
to spread viruses
to exhaust system resources so that sufficient resources
are not available to transmit legitimate traffic
to attack the switch's CPU
by hackers to access the switch
6 Updates for the HP Switch Software Access Security Guide
Software Release
Available for software
release YA.15.13 and later.
Affected Chapter/Section
'Configuring advanced threat protection' is a new section
in Chapter 10 — Port Security of the HP Switch Software
Access Security Guide
Indicated by...
an excessive number of packets sent to closed TCP/UDP
ports
an increased number of learned IP destination addresses
an increased number of ARP request packets
an unusually high use of specific system resources
a delay in the system response time to new network
events
an excessive number of failed logins or port
authentication failures