HP X Unified Security Platform manual 18

Chapter 2: Overview

administrator can use firewalls and content filters that determine how the system handles traffic to and from a particular service. These filters are specified by the source, destination, and service or protocol of the traffic. Network Address Translation (NAT) provides the capability to share a single IP address, or to define Virtual Servers for public services such as web sites.

Core Functionality

The X Family device provides the following core functionality:

•Optimized VPN connectivity — The device allows inspection and control of traffic both inside and outside of VPN tunnels.

•Enforcement of usage policies — The device can be used to rate-limit applications, such as peer-to- peer file sharing applications. It includes an optional Web Content Filter subscription service. for preventing access to undesirable Web sites.

•Multicast applications — The device prioritizes real-time traffic and provides secure connectivity for IP multicast traffic.

•Detection and suppression — Unlike an intrusion detection system (IDS), the device identifies and stops malicious traffic on the edge of the network.

•Filter customization — Through IP filters, exceptions, and attack filter creation, you can customize the system to meet the specific needs of your enterprise.

•Real-time threat aggregation — The TMC collects threat information from throughout the world, converts it to attack filters, and distributes it to customers.

•Monitoring — The integrated reports generated by the device show graphically what traffic is going through the device to what servers. This includes visibility on web site access and type of traffic being transferred.

•Dynamic routing —The device can participate in dynamic routing via RIPv1/RIPv2 or static routes.

•Central management and reporting via the TippingPoint Security Management System (SMS) — available separately. SMS allows bulk configuration of all features of the device, including easy creation of VPN tunnels. SMS also offers centralized report generation and log collation.

The following sections describe each security application in more detail.

X Family Environment

A single X Family device can be installed at the perimeter of your network, on your Intranet, or both.

All of the functionality of the devices runs directly on the device as the Operating System (TOS). The Local Security Manager (LSM) is a web-browser client for managing your device that provides a graphical interface for on-the-box administration, configuration, and reporting. The LSM accesses the functionality of the X Family TOS.

You can also access the functionality of the device using the Command Line Interface (CLI). The CLI provides a way for you to set values, run setup commands, and perform general functions. However, the LSM provides most of the same functionality, except for some advanced configuration commands. In addition the LSM provides reporting and filter configuration.