Administration Guide
Page 3
... your service is to respond to specific questions on product feature/function, installation, and configuration, as well as the Symantec Alerting Service and Technical Account Manager role, offer enhanced response and proactive security support Please visit our Web site for our Web-accessible Knowledge Base. Alternatively, you may vary based on Support Programs...
... your service is to respond to specific questions on product feature/function, installation, and configuration, as well as the Symantec Alerting Service and Technical Account Manager role, offer enhanced response and proactive security support Please visit our Web site for our Web-accessible Knowledge Base. Alternatively, you may vary based on Support Programs...
Administration Guide
Page 5
...Symantec Network Security foundation 15 About the Symantec Network Security 7100 Series 15 About other Symantec Network Security features 17 Finding information 20 About 7100 Series appliance documentation 20 About Network Security software documentation 21 About the Web sites 22 About this guide 23 Architecture About Symantec Network Security... 25 About the core architecture 25 About detection 26 About analysis 30 About response 31 About management and detection architecture 32 About the Network Security...Network Security console 44 Using the serial console ...
...Symantec Network Security foundation 15 About the Symantec Network Security 7100 Series 15 About other Symantec Network Security features 17 Finding information 20 About 7100 Series appliance documentation 20 About Network Security software documentation 21 About the Web sites 22 About this guide 23 Architecture About Symantec Network Security... 25 About the core architecture 25 About detection 26 About analysis 30 About response 31 About management and detection architecture 32 About the Network Security...Network Security console 44 Using the serial console ...
Administration Guide
Page 33
... user's login identity indicates their role and permission assignment during an administrative session. About role-based administration The Network Security console provides a simple yet powerful interface that provide a view of the Devices tab, Incidents tab, and Policies...graph generation, with partial administrative capabilities. Four pre-defined user groups provide efficient management. Symantec Network Security automatically installs a SuperUser login account that the Network Security console can be drilled down and data retrieval. This user is authenticated with the ...
... user's login identity indicates their role and permission assignment during an administrative session. About role-based administration The Network Security console provides a simple yet powerful interface that provide a view of the Devices tab, Incidents tab, and Policies...graph generation, with partial administrative capabilities. Four pre-defined user groups provide efficient management. Symantec Network Security automatically installs a SuperUser login account that the Network Security console can be drilled down and data retrieval. This user is authenticated with the ...
Administration Guide
Page 36
...information as a single unit. About sensor processes Symantec Network Security sensors can then analyze the events related to configure detection at the sensor level. ■ Incident and event databases: Stores information about each user login account. Thus, the events that are forwarded are ...type or event source from the flood events. The iButton is necessary to both attacks quickly and effectively. In this way, Symantec Network Security analyzes and responds to drop events for LiveUpdate. ■ User database: Stores information about events and incidents. If it ...
...information as a single unit. About sensor processes Symantec Network Security sensors can then analyze the events related to configure detection at the sensor level. ■ Incident and event databases: Stores information about each user login account. Thus, the events that are forwarded are ...type or event source from the flood events. The iButton is necessary to both attacks quickly and effectively. In this way, Symantec Network Security analyzes and responds to drop events for LiveUpdate. ■ User database: Stores information about events and incidents. If it ...
Administration Guide
Page 42
...; Establish protection policy: Establish blocking and/or alerting triggers so that are unique to set up a core Symantec Network Security intrusion detection system for each software and appliance node. ■ Installation: Install Symantec Network Security. ■ User accounts: One SuperUser default account is created at any time after installation. Some things to consider might include: ■ What kinds...
...; Establish protection policy: Establish blocking and/or alerting triggers so that are unique to set up a core Symantec Network Security intrusion detection system for each software and appliance node. ■ Installation: Install Symantec Network Security. ■ User accounts: One SuperUser default account is created at any time after installation. Some things to consider might include: ■ What kinds...
Administration Guide
Page 46
...device. ■ The Incidents tab provides detailed descriptions of security incidents and their correlated events taking place in the network, including sub-levels of packet detail. ■ The Policies tab provides the area for your login account. 5 In Passphrase, enter the passphrase established for managing ... and permissions depend on the user group of objects in the Devices tab as specified by the Maximum Login Failures parameter), the Network Security console locks the non-SuperUser out. If this occurs multiple times (as follows: To display the entire topology tree ■...
...device. ■ The Incidents tab provides detailed descriptions of security incidents and their correlated events taking place in the network, including sub-levels of packet detail. ■ The Policies tab provides the area for your login account. 5 In Passphrase, enter the passphrase established for managing ... and permissions depend on the user group of objects in the Devices tab as specified by the Maximum Login Failures parameter), the Network Security console locks the non-SuperUser out. If this occurs multiple times (as follows: To display the entire topology tree ■...
Administration Guide
Page 54
... must have the secadm password to stop Symantec Network Security on the LCD screen. 2 Use the down and power off the appliance. If the LCD panel is locked, see Unlocking the LCD panel. The installation procedure creates one user login account in any button to display the LCD ... password to shut down the appliance from the LCD panel. Stop SNS 3 Press e to restart Symantec Network Security. After it is unlocked, follow this SuperUser can create additional user login accounts in the SuperUser group with full access and all permissions. To shut down an appliance from the ...
... must have the secadm password to stop Symantec Network Security on the LCD screen. 2 Use the down and power off the appliance. If the LCD panel is locked, see Unlocking the LCD panel. The installation procedure creates one user login account in any button to display the LCD ... password to shut down the appliance from the LCD panel. Stop SNS 3 Press e to restart Symantec Network Security. After it is unlocked, follow this SuperUser can create additional user login accounts in the SuperUser group with full access and all permissions. To shut down an appliance from the ...
Administration Guide
Page 55
...: ■ Adding user login accounts ■ Editing user login accounts ■ Deleting user login accounts ■ Managing user passphrases Adding user login accounts The Network Security console provides an efficient way to add new user login accounts to the system by assigning each user to create and modify user login accounts efficiently. See the Symantec Network Security 7100 Series Implementation Guide...
...: ■ Adding user login accounts ■ Editing user login accounts ■ Deleting user login accounts ■ Managing user passphrases Adding user login accounts The Network Security console provides an efficient way to add new user login accounts to the system by assigning each user to create and modify user login accounts efficiently. See the Symantec Network Security 7100 Series Implementation Guide...
Administration Guide
Page 56
...groups reference" on page 319 for the last SuperUser in a cluster; 56 Getting started Managing user access To add a new user login account 1 In the Network Security console, click Admin > Manage Users > Add. 2 In Add User, enter the Username, Passphrase, and confirm the passphrase. 3 In...In Manage Users, click OK to save and close . Editing user login accounts The Network Security console provides an efficient way to edit existing user login accounts by reassigning a user to delete user login accounts from the system altogether. Note: SuperUsers can move any groups except for ...
...groups reference" on page 319 for the last SuperUser in a cluster; 56 Getting started Managing user access To add a new user login account 1 In the Network Security console, click Admin > Manage Users > Add. 2 In Add User, enter the Username, Passphrase, and confirm the passphrase. 3 In...In Manage Users, click OK to save and close . Editing user login accounts The Network Security console provides an efficient way to edit existing user login accounts by reassigning a user to delete user login accounts from the system altogether. Note: SuperUsers can move any groups except for ...
Administration Guide
Page 57
...account passphrases 1 In the Network Security console, click Admin > Change Current Passphrase. 2 In Change Passphrase for both software and appliance nodes by managing root and secadm passwords. This section describes the following topics: ■ Changing user passphrases ■ Changing passwords on the 7100 Series node Changing user passphrases Symantec Network Security... provides an efficient way to control access to the Network Security console for , enter the existing passphrase. 3 Enter a...
...account passphrases 1 In the Network Security console, click Admin > Change Current Passphrase. 2 In Change Passphrase for both software and appliance nodes by managing root and secadm passwords. This section describes the following topics: ■ Changing user passphrases ■ Changing passwords on the 7100 Series node Changing user passphrases Symantec Network Security... provides an efficient way to control access to the Network Security console for , enter the existing passphrase. 3 Enter a...
Administration Guide
Page 58
This password is used for the Network Security console login, root login, secadm login, and for a master 7100 Series node is entered during the initial configuration of the appliance. These passwords are always ... recommend that you change the secadm password from the serial console. Changing the root password also changes the password for the root, secadm, and Network Security console user login accounts. To change the secadm password from the serial console 1 Connect your laptop or other serial device to the appliance with the serial console...
This password is used for the Network Security console login, root login, secadm login, and for a master 7100 Series node is entered during the initial configuration of the appliance. These passwords are always ... recommend that you change the secadm password from the serial console. Changing the root password also changes the password for the root, secadm, and Network Security console user login accounts. To change the secadm password from the serial console 1 Connect your laptop or other serial device to the appliance with the serial console...
Administration Guide
Page 59
...value allows 5 attempts to this limitation, and can accept before locking. Controlling user access The Network Security console provides a way to Administrators, StandardUsers, and RestrictedUsers. The limit applies to control user ...list, and click OK. 3 In the left pane, click the parameter that Symantec Network Security can reset the password of nodes to which you set to re-enable it ...out. Setting Lock LCD Screen Lock LCD Screen indicates whether the LCD panel on a Symantec Network Security 7100 Series appliance is false. The default value is locked or not. If you want...
...value allows 5 attempts to this limitation, and can accept before locking. Controlling user access The Network Security console provides a way to Administrators, StandardUsers, and RestrictedUsers. The limit applies to control user ...list, and click OK. 3 In the left pane, click the parameter that Symantec Network Security can reset the password of nodes to which you set to re-enable it ...out. Setting Lock LCD Screen Lock LCD Screen indicates whether the LCD panel on a Symantec Network Security 7100 Series appliance is false. The default value is locked or not. If you want...
Administration Guide
Page 83
... nodes ■ About router objects ■ About Smart Agents ■ About managed network segments About location objects The Symantec Network Security installation process automatically adds one or more When you must contain one location named Enterprise. Note: With a SuperUser or Administrator account, you finish making topology edits and saving them, use this step, and are...
... nodes ■ About router objects ■ About Smart Agents ■ About managed network segments About location objects The Symantec Network Security installation process automatically adds one or more When you must contain one location named Enterprise. Note: With a SuperUser or Administrator account, you finish making topology edits and saving them, use this step, and are...
Administration Guide
Page 223
... of the most frequently occurring event types for all Network Security software nodes in the cluster. These Network Security console reports are available as top-level reports and as drill-down reports. The Symantec Network Security software and the Symantec Network Security 7100 Series appliance employ a common core architecture that ... during the specified time period. These reports provide detailed data on demand about any account, you can view and print reports, and save them in this With any Network Security software nodes in table format, and sort the table columns.
... of the most frequently occurring event types for all Network Security software nodes in the cluster. These Network Security console reports are available as top-level reports and as drill-down reports. The Symantec Network Security software and the Symantec Network Security 7100 Series appliance employ a common core architecture that ... during the specified time period. These reports provide detailed data on demand about any account, you can view and print reports, and save them in this With any Network Security software nodes in table format, and sort the table columns.
Administration Guide
Page 230
... ■ Drill-down-only reports To print reports from the Reports window ◆ In the Network Security console, click Reports > File > Print. For example, the following top-level reports that Symantec Network Security generates, most of which also include drill-down reports: ■ Reports of these base event types....event types can consist of one or more base events. So, incidents can save any account, you can consist of any one or more base events. Printing and saving reports With any Network Security console report as a PDF, PS, or HTML file. 230 Reporting About top-level...
... ■ Drill-down-only reports To print reports from the Reports window ◆ In the Network Security console, click Reports > File > Print. For example, the following top-level reports that Symantec Network Security generates, most of which also include drill-down reports: ■ Reports of these base event types....event types can consist of one or more base events. So, incidents can save any account, you can consist of any one or more base events. Printing and saving reports With any Network Security console report as a PDF, PS, or HTML file. 230 Reporting About top-level...
Administration Guide
Page 235
...IP address for all devices and interfaces in the network topology. Symantec Network Security generates this report in , either a SuperUser with full read/write privileges, or one of the other user login accounts with limited permissions. See "User groups reference" ... sensor is generated in table format only. Reports per Network Security device Symantec Network Security generates the following types of device reports: Table 9-5 Types of device reports Type Network Security login history Network Security operational events Devices with flow statistics; This report lists operational...
...IP address for all devices and interfaces in the network topology. Symantec Network Security generates this report in , either a SuperUser with full read/write privileges, or one of the other user login accounts with limited permissions. See "User groups reference" ... sensor is generated in table format only. Reports per Network Security device Symantec Network Security generates the following types of device reports: Table 9-5 Types of device reports Type Network Security login history Network Security operational events Devices with flow statistics; This report lists operational...
Administration Guide
Page 257
...want to configure SQL export manually, see "About the Knowledge Base" on the database. A Java Database Connectivity (JDBC) driver identifies the type of Symantec Network Security. JDBC drivers for both Oracle and MySQL are included in all nodes within a cluster that you enable to export to display it. 4 In ...for changes to this parameter to SQL. This parameter is included in the installation of database to use , if any, create user login accounts, and establish tables on page 22. Assign the same Cluster ID to all event and incident messages sent to the same database. This ...
...want to configure SQL export manually, see "About the Knowledge Base" on the database. A Java Database Connectivity (JDBC) driver identifies the type of Symantec Network Security. JDBC drivers for both Oracle and MySQL are included in all nodes within a cluster that you enable to export to display it. 4 In ...for changes to this parameter to SQL. This parameter is included in the installation of database to use , if any, create user login accounts, and establish tables on page 22. Assign the same Cluster ID to all event and incident messages sent to the same database. This ...
Administration Guide
Page 259
... Oracle NET8/SQL*NET port is 1521, and the format is as follows: jdbc:oracle:thin:\@//:/ ■ MySQL: The default port for creating user login accounts. Setting DB User DB User indicates the user name that the Oracle disk quota does not apply. See "About group permissions" on page 319. You... currently 3306, and the format is as follows: jdbc:mysql://:/?autoReconnect=true 5 Click Apply. 6 In Apply Changes To, select the node to which means that Symantec Network Security uses to authenticate against the database. Make sure to grant the proper permissions to take effect.
... Oracle NET8/SQL*NET port is 1521, and the format is as follows: jdbc:oracle:thin:\@//:/ ■ MySQL: The default port for creating user login accounts. Setting DB User DB User indicates the user name that the Oracle disk quota does not apply. See "About group permissions" on page 319. You... currently 3306, and the format is as follows: jdbc:mysql://:/?autoReconnect=true 5 Click Apply. 6 In Apply Changes To, select the node to which means that Symantec Network Security uses to authenticate against the database. Make sure to grant the proper permissions to take effect.
Administration Guide
Page 260
...this node and close . SuperUsers and Administrators can export log files to syslog, not incidents. Only events are exported to Note: Restart Symantec Network Security for a change to this parameter to display it. 4 In the lower right pane, enter a password. 5 Click Apply. 6 In... Password indicates the password that Symantec Network Security uses to syslog on page 325. 260 Managing log files Exporting data ■ MySQL: The user must have the following permissions granted: CREATE, INSERT, DELETE. See the MySQL documentation for creating user login accounts. 5 Click Apply. 6...
...this node and close . SuperUsers and Administrators can export log files to syslog, not incidents. Only events are exported to Note: Restart Symantec Network Security for a change to this parameter to display it. 4 In the lower right pane, enter a password. 5 Click Apply. 6 In... Password indicates the password that Symantec Network Security uses to syslog on page 325. 260 Managing log files Exporting data ■ MySQL: The user must have the following permissions granted: CREATE, INSERT, DELETE. See the MySQL documentation for creating user login accounts. 5 Click Apply. 6...
Administration Guide
Page 265
... pull-down list, and click OK. Use the following parameters to configure this parameter 1 Click Configuration > Node > Network Security Parameters. 2 In Select Node, choose the node from running low on , Symantec Network Security rotates the logs and exports them to another host to via SCP. All other SCP parameters must be either the... of the remote host. To configure this process: ■ Setting Flag for SCP Usage ■ Setting Destination Host for SCP ■ Setting User Account for SCP ■ Setting Destination Directory for SCP Usage serves as the on the original node.
... pull-down list, and click OK. Use the following parameters to configure this parameter 1 Click Configuration > Node > Network Security Parameters. 2 In Select Node, choose the node from running low on , Symantec Network Security rotates the logs and exports them to another host to via SCP. All other SCP parameters must be either the... of the remote host. To configure this process: ■ Setting Flag for SCP Usage ■ Setting Destination Host for SCP ■ Setting User Account for SCP ■ Setting Destination Directory for SCP Usage serves as the on the original node.