Security Overview
Network Security Features
Feature Default
Setting
Security Guidelines More Information and
Configuration Details
Key none KMS is available in several ProCurve switch models and Chapter 16, “Key
Management is designed to configure and maintain key chains for use Management System”
System (KMS) with KMS-capable routing protocols that use time-
dependent or time-independent keys. (A key chain is a
set of keys with a timing mechanism for activating and
deactivating individual keys.) KMS provides specific
instances of routing protocols with one or more Send or
Accept keys that must be active at the time of a request.
Spanning Tree none These features prevent your switch from malicious
Advanced Traffic
Protection attacks or configuration errors:
Management Guide, refer to
• BPDU Filtering and BPDU Protection: Protects the
the chapter “Multiple
network from denial-of-service attacks that use
Instance Spanning-Tree
spoofing BPDUs by dropping incoming BPDU frames
Operation”
and/or blocking traffic through a port.
• STP Root Guard: Protects the STP root bridge from
malicious attacks or configuration mistakes.
DHCP Snooping, none These features provide the following additional
Chapter 11, “Configuring
Dynamic ARP protections for your network:
Advanced Threat
Protection
• DHCP Snooping: Protects your network from
Protection”
common DHCP attacks, such as address spoofing
and repeated address requests.
• Dynamic ARP Protection: Protects your network
from ARP cache poisoning.
• Instrumentation Monitor. Helps identify a variety of
malicious attacks by generating alerts for detected
anomalies on the switch.
1-9
