How Intruder Prevention Works, Authorized MAC address | HP J3188A

Security Information

Security Information

How Intruder Prevention Works

How Intruder Prevention Works

Intruder Prevention stops an unauthorized computer (or other device) from actively gaining access to the network. When a port is configured for Intruder Prevention, the hub examines the source address of each packet coming in through that port and compares it with the authorized MAC address. If the addresses are not the same, the hub concludes that an intruder is attempting to gain access to the network and takes the appropriate action (as configured): either disabling the port, sending an alarm to the network management station, or both. See “Setting Inbound Security with Intruder Prevention” later in this appendix.

How Eavesdrop Prevention Works

Eavesdrop Prevention stops a computer (or other device) from seeing network traffic that is not intended for that port. When Eavesdrop Prevention is configured on a port, the hub compares the port’s authorized MAC address with the destination address of any outbound packet. If the addresses match, the hub concludes that the packet is destined for the computer attached to the port, and it sends the packet out through the port unaltered. However, if the addresses do not match, the hub prevents the computer from seeing the packet’s contents by substituting a meaningless string of 1’s and 0’s. Note that broadcast and multicast packets are repeated to all the ports, even when Eavesdrop Prevention is activated. See “Setting Outbound Security with Eavesdrop Prevention” later in this appendix.

Authorized MAC address

To provide data security on a hub port, a single, unique MAC address must be configured as the authorized MAC address for each port. You can configure the authorized MAC address either by assigning it or by designating the port to learn it automatically. This configuration is performed with the Secure command from the hub’s console. See the Secure command description in the chapter on Managing the Hub.

F-2

Image 78

HP J3188A How Intruder Prevention Works, How Eavesdrop Prevention Works, Authorized MAC address, Security Information

Contents

HP J3188A Page Installation and Reference Guide HP 10Base-T Hub-16M J3188A Publication Number Back of the Hub HP 10Base-T Hub-16M J3188AFront of the Hub Iii Features Network Connections Contents Cables and Connectors Security Information ViiPage Installing the Hub Connect the external transceiver Installing and Configuring Your HubVerify included parts Verify the hub operates correctly Cord connected directly to the hub for proper operation Time LED Pattern Mount the hub Rack or Cabinet Mounting Table Mounting Connect the hub to your network Connecting Devices to the Hub Connecting Hubs TogetherTwisted-Pair Cascade Connections Installing ThinLAN Connections Ohm terminator Connecting the Hub-16M to a Fiber-Optic Backbone Interpreting LED Status Interpreting Hub Status LEDs Interpreting Port Status LEDs Following table provides LED port informationPage Troubleshooting Troubleshooting Approaches Using a Checklist to Diagnose the Hub Troubleshooting Using a Checklist to Diagnose the HubProblem Solution LED Operation Power Coll Troubleshooting LED OperationDiagnostic Tips Hub will automatically recover after Hub Maintenance Tasks Testing the Hub OnlyClearing a Password for the Ascii Console Troubleshooting Hub Maintenance Tasks Running Connectivity TestsObtaining Firmware Enhancements Setting up the Ascii Console Managing the Hub Directly, Using a Serial Cable and a Terminal Remotely, Using TelnetManaging the Hub Remotely, Using a Modem and a Terminal Starting the Console Example HE ST This displays help for the Status command Console Command ReferenceCommands are described in the rest of the chapter Syntax Conventions on Help Screen BAckup Default Description Counter Name Definition Valid Range CDpstatusCOunters Range IPconfig When to Use IPconfigDIsconnect Using IP Configuring for Network ManagementUsing Novell NetWare IPX Following table explains the IP parameters Parameter Default Value Definition MAnagers SHow Command Manager Address IP or IPX Receive Alarms?To end your editing NEighbor Displays the other devices that are using CDP protocolMEssageinterval Table entry with ID 1 would now be a blank line PIng PAsswordClear a password Community name REset POrt port ON/OFFRObustness Security Configuration Parameter Definitions SEcure portSHowCLear Managing the Hub Configuring Security on a Single Port Configuring Security on All Twisted-Pair PortsEavesdrop Prevention, must be set to on Address Selection Authorized Showing the Security Configuration Clearing Security Violation Indicators SPeed new speed STatus Status Information What It Means 16M will respond with the correct packet Network links, see the , TroubleshootingTEstlink To sendPage Cables and Connectors Recommended CablesFollowing table shows PC connections to the RS-232 port Cables and Connectors Following table shows network connections to the hubCable Function Cable Type HP Product Number Pins 3 and 6 must be a twisted pair Twisted-Pair Cable/Connector Pin-OutsPins 1 and 2 must be a twisted pair Twisted-Pair Cable for Hub-to-Computer Network Connection Cable pin-out described below RS-232 Connector and Cable Pin-OutsInstaller for assistance with your cabling requirements Minimum pin-out will function correctly Signal Minimum Cable Pinout for Ascii Console ConnectionRS-232 Modem Cable Twisted-Pair Cable Pin Assignments Twisted-Pair Straight-Through CableHub End MDI-X Electrical SpecificationsPhysical Environmental Connectors SpecificationsElectromagnetic Modem Configuration US Robotics Courier V.FC/V.34Megahertz XJ2288 Pcmcia card modem Practical Peripherals PM288MT II Intel 14.4EXSupra FAX Network Addressing Communication Between the Hub Network Management Station IPX Addressing Notes IPX Addressing for Novell NetWareIP Addresses for IP and Non-IP Networks Globally Assigned IP Network Addresses Device IP Configuration CountryCompany Name/Address Using Bootp Bootp Process Bootp Table File Entries Definitions of the table entry fieldsPage Backup Links How Backup Links Work Backup Links LimitationsAdditional Notes Hub to a Switch Examples of Backup LinksHow the Backup Function Works Hub to a Server T e G g e s t i o n Hub can monitor only one link Configuring a Backup Link Configuration/Installation Sequence Identifying the Backup Link Indications of Backup Link Activation Reactivating the Primary Link Page Security Information Understanding Network Security Authorized MAC address How Intruder Prevention WorksHow Eavesdrop Prevention Works Security Information Assigning the Authorized MAC address Setting Inbound Security with Intruder Prevention Auto Port Disable Send Alarm Setting Outbound Security with Eavesdrop Prevention Security Information Page Safety and Regulatory Statements Mounting Precautions Settings to configure Power PrecautionsTemperature might exceed 45C 113F Equipment and should be easily accessible Safety Information Grounding Informations concernant la sécurité Tible de causer des dommages à léquipement Hinweise zur Sicherheit Considerazioni sulla sicurezza Consideraciones sobre seguridad Safety Information Japanese European Community Regulatory StatementsFCC Class a Statement for U.S.A. Only Canada Declaration of Conformity Index Index Diagnosing with the LEDs … 2-2 diagnostic tests Late collision … 3-13 mounting the hub … LED description … Verifying hub operation … Page J3188-90001