General Configuration Guidelines; For A Network That Is Relatively Attack-Free - HP 3500yl Series Access Security Manual
Switch software
Hide thumbs
Also See for 3500yl Series:
- Release notes (219 pages) ,
- Specifications (16 pages) ,
- Features (6 pages)
Table of Contents
Advertisement
Note
General Configuration Guidelines
As stated earlier, connection-rate filtering is triggered only by inbound IP
traffic generating a relatively high number of new IP connection requests from
the same host.
For a network that is relatively attack-free:
1.
Enable notify-only mode on the ports you want to monitor.
Set global sensitivity to low.
2.
3.
If SNMP trap receivers are available in your network, use the snmp-server
command to configure the switch to send SNMP traps.
4.
Monitor the Event Log or (if configured) the available SNMP trap receivers
to identify hosts exhibiting high connection rates.
5.
Check any hosts that exhibit relatively high connection rate behavior to
determine whether malicious code or legitimate use is the cause of the
behavior.
6.
Hosts demonstrating high, but legitimate connection rates, such as heavily
used servers, may trigger a connection-rate filter. Configure connection
rate ACLs to create policy exceptions for trusted hosts. (Exceptions can
be configured for these criteria:
•
A single source host or group of source hosts
•
A source subnet
•
Either of the above with TCP or UDP criteria
(For more on connection rate ACLs, refer to "Application Options" on
page 3-4.)
Increase the sensitivity to Medium and repeat steps 5 and 6.
7.
On networks that are relatively infection-free, sensitivity levels above
Medium are not recommended.)
(Optional.) Enable throttle or block mode on the monitored ports.
8.
Virus Throttling (Connection-Rate Filtering)
General Configuration Guidelines
3-7
Hide quick links:
Advertisement
Chapters
Table of Contents
