4
•
DHCP protection: blocks DHCP packets from
unauthorized DHCP servers, preventing
denial-of-service attacks
•
Secure management access: all access
methods--CLI, GUI, or MIB--are securely encrypted
through SSHv2, SSL, and/or SNMPv3
•
USB Secure Autorun (requires HP
ProCurve Manager Plus): deploys, diagnoses,
and updates switch using USB flash drive; works
with secure credential to prevent tampering
•
Switch CPU protection: provides automatic
protection against malicious network traffic trying
to shut down the switch
•
ICMP throttling: defeats ICMP denial-of-service
attacks by enabling any switch port to
automatically throttle ICMP traffic
•
Identity-driven ACL: enables implementation of
a highly granular and flexible access security
policy and VLAN assignment specific to each
authenticated network user
•
STP BPDU port protection: blocks Bridge
Protocol Data Units (BPDUs) on ports that do not
require BPDUs, preventing forged BPDU attacks
•
Dynamic IP lockdown: works with DHCP
protection to block traffic from unauthorized hosts,
preventing IP source address spoofing
•
Dynamic ARP protection: blocks ARP
broadcasts from unauthorized hosts, preventing
eavesdropping or theft of network data
•
STP Root Guard: protects root bridge from
malicious attack or configuration mistakes
•
Detection of malicious attacks: monitors 10
types of network traffic and sends a warning when
an anomaly that potentially can be caused by
malicious attacks is detected
•
Port security: allows access only to specified
MAC addresses, which can be learned or
specified by the administrator
•
MAC address lockout: prevents configured
particular MAC addresses from connecting to the
network
•
Source-port filtering: allows only specified
ports to communicate with each other
•
RADIUS/TACACS+: eases switch management
security administration by using a password
authentication server
•
Secure Shell (SSHv2): encrypts all transmitted
data for secure, remote command-line interface
(CLI) access over IP networks
•
Secure Sockets Layer (SSL): encrypts all HTTP
traffic, allowing secure access to the
browser-based management GUI in the switch
•
Secure FTP: allows secure file transfer to/from
the switch; protects against unwanted file
downloads or unauthorized copying of switch
configuration file
•
NEW Management Interface Wizard:
CLI-based step-by-step configuration tool to help
ensure that management interfaces such as SNMP,
telnet, SSH, SSL, Web, and USB are secured to
desired level
•
Switch management logon security: can
require either RADIUS or TACACS+ authentication
for secure switch CLI logon
•
Security banner: displays a customized security
policy when users log in to the switch
Convergence
•
IP multicast routing (requires Premium
License): includes PIM Sparse and Dense modes
to route IP multicast traffic
•
IP multicast snooping (data-driven IGMP):
automatically prevents flooding of IP multicast
traffic
•
LLDP-MED (Media Endpoint Discovery): a
standard extension of LLDP that stores values for
parameters such as QoS and VLAN to
automatically configure network devices such as IP
phones
•
RADIUS VLAN for voice: uses standard
RADIUS attribute and LLDP-MED to automatically
configure VLAN for IP phones
•
PoE allocations: supports multiple methods
(automatic, IEEE 802.3af class, LLDP-MED, or user
specified) to allocate PoE power for more efficient
energy savings
Quality of Service (QoS)
•
NEW Advanced classifier-based QoS:
classifies traffic using multiple match criteria based
on L2/3/4 information; applies QoS policies such
as setting priority level and rate limit to selected
traffic per port or per VLAN
•
Layer 4 prioritization: enables prioritization
based on TCP/UDP port numbers
•
Traffic prioritization: allows real-time traffic
classification into eight priority levels mapped to
eight queues
Commentaires sur ces manuels