Using acl deployment wizard, Security monitoring, Security – H3C Technologies H3C Intelligent Management Center User Manual
Page 25: Monitoring

11
Using ACL Deployment wizard
ACL Manager facilitates the deployment of ACLs and rule sets using the ACL Deployment wizard. This
wizard provides a step-by-step process for successfully deploying ACLs, ACL uses for packet, VLAN
filtering, and the removal of ACLs and ACL uses.
During the deployment task configuration process, IMC evaluates the selected devices and ACLs to
determine whether or not the task can be executed successfully. It identifies when devices do not match
the configuration selections, displays warning messages, and provides evaluation results to guide the
successful deployment of ACL resources.
The ACL Deployment wizard provides a facility for viewing and managing all deployment tasks through
the ACL Deployment Task List.
Security monitoring
The IMC Security Control Center (SCC) offers a proactive and integrated security monitoring and
management system. SCC provides operators with real time threat monitoring, detection, and analysis.
In addition, it includes the ability to define security control policies enabling operators to take manual or
automated actions when a security attack occurs.
IMC detects and provides actions for threats listed in
Table 1 Threats that IMC can deal with
Attack type Attacks
by protocol
Malformed packet attacks
ARP—ARP Overspeed, Duplicate ARP Address
IP—IP Fragment, IP Spoofing, Route Record, Source Route, Teardrop
ICMP—ICMP Redirect, ICMP Unreachable, Large ICMP, Ping of Death,
Smurf
NetBIOS—WinNuke
TCP—Land, TCP Flag
UDP—Fraggle, Tracert
Scanning attacks
IP Sweep, IPS Scan, TCP Port Scan, UDP Port Scan
Flood attacks
Frag Flood, ICMP Flood, SYN Flood, UDP Flood
IMC monitors many of these security threats in real time by receiving and processing two data sources:
Syslog events and SNMP traps sent by devices.
The Syslog messages that trigger IMC event alarms include:
•
Duplicate Addresses
•
ARP Overspeed
•
DHCP Server Detect
•
IMC attack event
IMC also processes SNMP traps sent by managed devices. The SNMP traps that SCC supports for
security attack alarms include:
•
Duplicate Address
•
ARP Overspeed
•
DHCP Server Detect