1 Updates for the HP Switch Software Access Security Guide
Configuring advanced threat protection
Affected Chapter/SectionSoftware ReleaseFix or Feature update?
‘Configuring advanced threat protection’ is a new section
in Chapter 10 — Port Security of the HP Switch Software
Access Security Guide
Available for software
release YA.15.13 and later.
Feature update: Configuring
advanced threat protection
NOTE: The features covered in this chapter are not supported on J9779A, J9780A, J9782A,
and J9783A switches.
Introduction
As your network expands to include mobile devices, continuous Internet access, and new user
classes, additional protection from attacks launched from both inside and outside your internal
network is often necessary. Advanced threat protection can detect port scans and hackers who try
to access a port or the switch itself. The following software features provide advanced threat
protection:
• DHCP snooping: Protects your network from common DHCP attacks such as:
Address spoofing in which an invalid IP address or network gateway address is assigned
by a rogue DHCP server.
◦
◦ Address exhaustion of available addresses in the network DHCP server caused by repeated
attacker access to the network and numerous IP address requests.
• Dynamic ARP protection: Protects your network from ARP cache poisoning such as:
An unauthorized device forges an illegitimate ARP response and network devices use the
response to update their ARP caches.
◦
◦ A denial-of-service (DoS) attack from unsolicited ARP responses changes the network
gateway IP address so that outgoing traffic prevented from leaving the network overwhelms
network devices.
• Instrumentation monitor: Protects your network from other common attacks, including:
Indicated by...Attempts...
an excessive number of packets sent to closed TCP/UDP
ports
at a port scan to expose a vulnerability in the switch
an increased number of learned IP destination addressesto fill all IP address entries in the switch’s forwarding
table cause legitimate traffic to be dropped
an increased number of ARP request packetsto spread viruses
an unusually high use of specific system resourcesto exhaust system resources so that sufficient resources
are not available to transmit legitimate traffic
a delay in the system response time to new network
events
to attack the switch’s CPU
an excessive number of failed logins or port
authentication failures
by hackers to access the switch
6 Updates for the HP Switch Software Access Security Guide
To Next Page
Loading...
Need help?
General
