beautypg.com

Using acl deployment wizard, Security monitoring, Security – H3C Technologies H3C Intelligent Management Center User Manual

Page 25: Monitoring

background image

11

Using ACL Deployment wizard

ACL Manager facilitates the deployment of ACLs and rule sets using the ACL Deployment wizard. This

wizard provides a step-by-step process for successfully deploying ACLs, ACL uses for packet, VLAN
filtering, and the removal of ACLs and ACL uses.
During the deployment task configuration process, IMC evaluates the selected devices and ACLs to

determine whether or not the task can be executed successfully. It identifies when devices do not match

the configuration selections, displays warning messages, and provides evaluation results to guide the
successful deployment of ACL resources.
The ACL Deployment wizard provides a facility for viewing and managing all deployment tasks through

the ACL Deployment Task List.

Security monitoring

The IMC Security Control Center (SCC) offers a proactive and integrated security monitoring and

management system. SCC provides operators with real time threat monitoring, detection, and analysis.

In addition, it includes the ability to define security control policies enabling operators to take manual or
automated actions when a security attack occurs.
IMC detects and provides actions for threats listed in

Table 1

.

Table 1 Threats that IMC can deal with

Attack type Attacks

by protocol

Malformed packet attacks

ARP—ARP Overspeed, Duplicate ARP Address
IP—IP Fragment, IP Spoofing, Route Record, Source Route, Teardrop
ICMP—ICMP Redirect, ICMP Unreachable, Large ICMP, Ping of Death,

Smurf
NetBIOS—WinNuke
TCP—Land, TCP Flag
UDP—Fraggle, Tracert

Scanning attacks

IP Sweep, IPS Scan, TCP Port Scan, UDP Port Scan

Flood attacks

Frag Flood, ICMP Flood, SYN Flood, UDP Flood

IMC monitors many of these security threats in real time by receiving and processing two data sources:

Syslog events and SNMP traps sent by devices.
The Syslog messages that trigger IMC event alarms include:

Duplicate Addresses

ARP Overspeed

DHCP Server Detect

IMC attack event

IMC also processes SNMP traps sent by managed devices. The SNMP traps that SCC supports for

security attack alarms include:

Duplicate Address

ARP Overspeed

DHCP Server Detect

See also other documents in the category H3C Technologies Safety: