Customer Needs Assessment
Vulnerability to Attacks
■Intrusion detection system (IDS)/intrusion prevention system (IPS)—These hardware and software solutions monitor network traffic and look for network intrusions and attacks. Attacks are detected either by benchmarking traffic usage and monitoring for deviations or by inspecting traffic and looking for known attack patterns.Technologies such as ProCurve’s Virus ThrottleTM software—This invention of Hewlett- Packard (HP) Labs is implemented in ProCurve Networking devices such as the ProCurve Switch 5400zl Series. Rather than detect specific virus signatures, Virus Throttle software works on the principle that a worm will request sessions with a large number of devices on the network as it attempts to spread. It limits the number of new outgoing connections (that is, sessions or conversations with other endpoints) for each endpoint based on parameters set by the network administrator.
■ProCurve Network Immunity Manager—Thisplug-in for ProCurve Manager Plus monitors network devices and detects and automatically responds to threats, such as virus attacks, on the inside network. It leverages security and traffic-monitoringfeatures—such as sFlow, Virus Throttle, and remote mirroring technologies—built into ProCurve switches with the ProVision ASIC and performs Network Behavior Anom- aly Detection (NBAD) to detect attacks. Optionally, Network Immunity Manager can remotely mirror suspect traffic to an IDS/IPS for deeper analysis.
You should assess your network’s level of protection and look for weak points. The router connecting to the Internet probably has a firewall, but do endpoints also have firewalls and anti-virus software—and more importantly, do users activate them?
Another step you can take is to ensure that operating systems (OSs) and applications are patched. Many viruses and worms are designed to exploit a security vulnerability in an OS or application. When such a security vulnerability is discovered, the vendor creates a patch to eliminate it. By patching known vulnerabilities, you can help protect your network against the attacks that exploit them.
However, you may not always have time to manually patch endpoints before an attack occurs. In addition, some laptops may not be attached to the network the day you apply a patch. And if you have guests attaching to your network, you do not know the state of their endpoints when they attach to the network.
After a careful assessment of your network’s weak points, you can plan your network access solution to shore up weak points. For example, your endpoint integrity policy could deny network access to endpoints without anti-virus