HP X Unified Security Platform manual 19

X Family Environment

The Security Management System (SMS) provides functionality beyond that provided by the LSM and CLI. The SMS enables you to manage not one but multiple devices. The SMS coordinates all X Family and IPS devices across your environment for administration, configuration, and monitoring. Most important, the SMS includes enterprise-wide reporting and trend analysis.

From the SMS, you must set an overall profile of settings for each X Family device. The profile controls how the device responds to traffic that matches filters. The X Family device is always in Active mode and reacts to traffic as specified by the appropriate filter.

The LSM and the X Family device maintain a connection to the Threat Management Center (TMC), which is located at TippingPoint headquarters. The TMC monitors 10,000 sensors around the world for the latest attack information. As a result, your network can be continually inoculated.

Each component of the X Family environment is discussed in more detail in the following sections. Additional information about the X Family devices is available in the X Family Concepts Guide.

Optimized VPN Connectivity

The X Family VPN features support IPSec, L2TP, and PPTP tunneling protocols, as well as DES, 3DES, AES-128/192/256, MD5, and SHA-1 encryption standards, and manual keyring, IKE with pre-shared keys, and IKE with X.509 certificates. The device provides intrusion prevention inspection within VPN tunnels and can also prioritize traffic bi-directionally, both inside and outside of the VPN tunnels. The VPN is hardware-accelerated, with an ASIC designed specifically for encrypting and decrypting packets. To increase network security, you can configure VPN traffic to terminate in a security zone that is separate from your internal LAN security zones. The X Family devices also support NAT deployment within VPN tunnels.

Policy Enforcement

Policy enforcement includes the X Family device firewall, content filtering, and the IPS. The X Family device has a stateful inspection firewall with a top-down rule evaluation engine. The firewall can be used to rate-limit both security zones and applications, preventing excess bandwidth consumption. 3Com offers a Web Filtering subscription service, which allows or denies web sites by category. You can also manually allow or block URLs as exceptions to the defined rules. Web Filtering is applied through firewall rules.

Security Zones and Network Interfaces

Security Zones enable you to segment your network into trusted areas. Traffic within a security zone is switched at wire speed and is not inspected. Traffic between two security zones is inspected by the firewall, IPS, and other security services. A security zone can be associated with one or more physical ports or can exist only virtually by logical definition (no ports). A virtual zone is useful for terminating VPNs such that traffic can be inspected within the VPN tunnel after decryption as part of routing to the destination security zone. Policy enforcement is applied to traffic that moves between security zones. Network virtual interfaces enable you to connect multiple Layer 3 networks to the X family device. Each Security Zone needs to be associated with a Virtual Interface. A Virtual Interface can be associated with multiple security zones in a transparent/bridged deployment where security is still enforced but the device is deployed easily into an existing Layer 2 network. Security zones can be defined through 802.1q VLAN tags.