User Guide
Page 3
..., such as to author content for current information on product feature/ function, installation, and configuration, as well as the Symantec Alerting Service and Technical Account Manager role, offer enhanced response and proactive security support Please visit our Web site for our Web-accessible Knowledge Base. Contacting Technical Support Customers with Product Engineering as...
..., such as to author content for current information on product feature/ function, installation, and configuration, as well as the Symantec Alerting Service and Technical Account Manager role, offer enhanced response and proactive security support Please visit our Web site for our Web-accessible Knowledge Base. Contacting Technical Support Customers with Product Engineering as...
User Guide
Page 27
... detailed packet information. ■ Policies tab: Provides the tools to perform all information in the Network Security console includes dynamic chart and graph generation, with partial administrative capabilities. Users can be saved and printed. Symantec Network Security automatically installs a SuperUser login account that is allowed to create, manage, and apply user-defined signatures, signature variables, and...
... detailed packet information. ■ Policies tab: Provides the tools to perform all information in the Network Security console includes dynamic chart and graph generation, with partial administrative capabilities. Users can be saved and printed. Symantec Network Security automatically installs a SuperUser login account that is allowed to create, manage, and apply user-defined signatures, signature variables, and...
User Guide
Page 30
...in multiple event queues, based on the network. About sensor processes Symantec Network Security sensors can use to configure tasks at the sensor level. ■ Incident and event databases: Stores information about each user login account. Independent of the deployment mode of the ... parameters that SuperUsers and Administrators can operate using in-line or passive mode, and using a Symantec Network Security 7100 Series appliance only. In this way, Symantec Network Security analyzes and responds to configure detection at the node level and to both attacks quickly and effectively...
...in multiple event queues, based on the network. About sensor processes Symantec Network Security sensors can use to configure tasks at the sensor level. ■ Incident and event databases: Stores information about each user login account. Independent of the deployment mode of the ... parameters that SuperUsers and Administrators can operate using in-line or passive mode, and using a Symantec Network Security 7100 Series appliance only. In this way, Symantec Network Security analyzes and responds to configure detection at the node level and to both attacks quickly and effectively...
User Guide
Page 37
...tab as specified by the Maximum Login Failures parameter), the Network Security console locks the non-SuperUser out. Viewing the Network Security console The Network Security console contains three main tabs that provide a view of the network topology, the network traffic, and the detection and response functionality: ■...established for managing protection policies and automated responses at that point, access is used at the point of your user login account, and click OK. Caution: If a non-SuperUser uses the wrong passphrase, an Incorrect Username or Passphrase message appears....
...tab as specified by the Maximum Login Failures parameter), the Network Security console locks the non-SuperUser out. Viewing the Network Security console The Network Security console contains three main tabs that provide a view of the network topology, the network traffic, and the detection and response functionality: ■...established for managing protection policies and automated responses at that point, access is used at the point of your user login account, and click OK. Caution: If a non-SuperUser uses the wrong passphrase, an Incorrect Username or Passphrase message appears....
User Guide
Page 39
... passphrase at any of permissions and access. All users can change passwords periodically for the root, secadm, and Network Security console user login accounts. This password is entered during the initial configuration of the appliance and for command line access to the operating ...the serial console for initial configuration of the appliance. Serial console access requires a valid username and password. About user permissions Symantec Network Security provides an efficient way to the serial console or the LCD panel. The passphrase identifies each user with full access and ...
... passphrase at any of permissions and access. All users can change passwords periodically for the root, secadm, and Network Security console user login accounts. This password is entered during the initial configuration of the appliance and for command line access to the operating ...the serial console for initial configuration of the appliance. Serial console access requires a valid username and password. About user permissions Symantec Network Security provides an efficient way to the serial console or the LCD panel. The passphrase identifies each user with full access and ...
User Guide
Page 40
... one master node and up to 120 slave nodes that maintain the availability of other users. 40 Getting Started About deployment To change login account passphrases 1 In the Network Security console, click Admin > Change Current Passphrase. 2 In Change Passphrase for , enter the existing passphrase. 3 Enter a new passphrase from 6 to.... About deployment Both software and appliance nodes can be deployed using in-line mode: ■ In-line deployment: Only the Symantec Network Security 7100 Series appliance can modify their own passphrases, but cannot add, edit, or delete those of all nodes.
... one master node and up to 120 slave nodes that maintain the availability of other users. 40 Getting Started About deployment To change login account passphrases 1 In the Network Security console, click Admin > Change Current Passphrase. 2 In Change Passphrase for , enter the existing passphrase. 3 Enter a new passphrase from 6 to.... About deployment Both software and appliance nodes can be deployed using in-line mode: ■ In-line deployment: Only the Symantec Network Security 7100 Series appliance can modify their own passphrases, but cannot add, edit, or delete those of all nodes.
User Guide
Page 87
... upper right pane of the Sensor Parameters dialog displays a description of protocol from being falsely reported as events. About port mapping Symantec Network Security provides a way to tune the sensors to mitigate common violations of the parameter. The lower right pane displays the current value.... With any supported protocol. To view port mappings 1 In the Network Security console, click Configuration > Node > Port Mappings. 2 In Local Node Selection, select the node for any user account, you normally run services on non-standard ports or to view the mappings. For...
... upper right pane of the Sensor Parameters dialog displays a description of protocol from being falsely reported as events. About port mapping Symantec Network Security provides a way to tune the sensors to mitigate common violations of the parameter. The lower right pane displays the current value.... With any supported protocol. To view port mappings 1 In the Network Security console, click Configuration > Node > Port Mappings. 2 In Local Node Selection, select the node for any user account, you normally run services on non-standard ports or to view the mappings. For...
User Guide
Page 99
When the sensor detects a suspicious event, it correlates the event to enterprise threats. The Network Security console displays event data in the lower pane. View the event data that is displayed. Incidents and Events 99 Monitoring events 6 In Node List,..., click an incident row. 2 Related events are group names for related information: ■ See "Marking incidents as viewed" on page 95. With any account, you can annotate events and mark incidents to improve incident tracking, management, assignment, and response to an incident containing related events. Viewing event data The...
When the sensor detects a suspicious event, it correlates the event to enterprise threats. The Network Security console displays event data in the lower pane. View the event data that is displayed. Incidents and Events 99 Monitoring events 6 In Node List,..., click an incident row. 2 Related events are group names for related information: ■ See "Marking incidents as viewed" on page 95. With any account, you can annotate events and mark incidents to improve incident tracking, management, assignment, and response to an incident containing related events. Viewing event data The...
User Guide
Page 109
... Queries This chapter includes the following topics: ■ About reports ■ Reporting via the Network Security console On the Reporting menu, the Network Security console lists top-level reports. These reports provide detailed data on demand about any account, you Symantec Network Security can automatically generate and send daily email reports of events and incidents that occurred, and...
... Queries This chapter includes the following topics: ■ About reports ■ Reporting via the Network Security console On the Reporting menu, the Network Security console lists top-level reports. These reports provide detailed data on demand about any account, you Symantec Network Security can automatically generate and send daily email reports of events and incidents that occurred, and...
User Guide
Page 115
... devices on which the user logged in, and the type of user that logged in the network topology. Reports per Network Security device Symantec Network Security generates the following types of device reports: Table 9-5 Types of the other user login accounts with flow statistics; Event list by source IP This report lists all devices and interfaces in...
... devices on which the user logged in, and the type of user that logged in the network topology. Reports per Network Security device Symantec Network Security generates the following types of device reports: Table 9-5 Types of the other user login accounts with flow statistics; Event list by source IP This report lists all devices and interfaces in...
User Guide
Page 125
... 74 B blocking rules about the node 28 FlowChaser 31 attack responses. See logging alerts. See Network Security console administration service node architecture 29 Administrator pre-defined login account 103 alert manager node architecture 29 alerting. See appliances A accounts about deployment 40, 43 monitoring groups 44 subclusters 44 tracking data stream 80 columns adjusting the...
... 74 B blocking rules about the node 28 FlowChaser 31 attack responses. See logging alerts. See Network Security console administration service node architecture 29 Administrator pre-defined login account 103 alert manager node architecture 29 alerting. See appliances A accounts about deployment 40, 43 monitoring groups 44 subclusters 44 tracking data stream 80 columns adjusting the...
User Guide
Page 128
...viewing exported 119 formats report 110 Full Event List tab about 67 G groups about interface groups 32 about monitoring groups 44 about user login accounts 39 H Hardware Compatibility Reference viewing 16 host name viewing destination IP 105 viewing source IP 105 I incidents annotating events 95 cross-node ... logs 122 refreshing the view 123 viewing live logs 123 viewing log files 122 login from Windows 36 history report 115 Network Security Administrator 103 Network Security console 103 logs about 121 about install 121 about operational 122 managing 122 refreshing the list 123 viewing 122
...viewing exported 119 formats report 110 Full Event List tab about 67 G groups about interface groups 32 about monitoring groups 44 about user login accounts 39 H Hardware Compatibility Reference viewing 16 host name viewing destination IP 105 viewing source IP 105 I incidents annotating events 95 cross-node ... logs 122 refreshing the view 123 viewing live logs 123 viewing log files 122 login from Windows 36 history report 115 Network Security Administrator 103 Network Security console 103 logs about 121 about install 121 about operational 122 managing 122 refreshing the list 123 viewing 122
User Guide
Page 129
... alert 29 sensor 29 managing from the Network Security console 36 user login accounts 39 user passphrases 39 via user interfaces 35 mapping base event to event type 104 base event to priority event 104 event type to incident 112 network sample 41 viewing port 87 master nodes ...viewing advanced options 52, 55 next action configuring 79 response rules 79 nodes about appliances 31 about cross-node correlation 25 about Network Security nodes 52 administration service architecture 29 cluster deployment 43 database architecture 29 incident details 104 modifying the view 37 monitoring groups 44 ...
... alert 29 sensor 29 managing from the Network Security console 36 user login accounts 39 user passphrases 39 via user interfaces 35 mapping base event to event type 104 base event to priority event 104 event type to incident 112 network sample 41 viewing port 87 master nodes ...viewing advanced options 52, 55 next action configuring 79 response rules 79 nodes about appliances 31 about cross-node correlation 25 about Network Security nodes 52 administration service architecture 29 cluster deployment 43 database architecture 29 incident details 104 modifying the view 37 monitoring groups 44 ...
User Guide
Page 131
... parameters 79 SNMP notifications 80 tracking data stream to source 80 traffic record 81 viewing port mappings 87 viewing rules 75 RestrictedUser pre-defined login account 103 roles about administration of 27 routers viewing 59 rules about refinement 24 flow alert 83 refinement detection 86, 89 S Search Events tab about 67...
... parameters 79 SNMP notifications 80 tracking data stream to source 80 traffic record 81 viewing port mappings 87 viewing rules 75 RestrictedUser pre-defined login account 103 roles about administration of 27 routers viewing 59 rules about refinement 24 flow alert 83 refinement detection 86, 89 S Search Events tab about 67...
User Guide
Page 132
...-defined login account 103 standby nodes about rate monitoring 23 playback tool 83 record response 81 replaying recorded 84 viewing current flows 117 viewing exported flows 119 U updating See signatures statistics devices with flow 115 stopping end time 105 incident response 80 Symantec Decoy Server enable via Symantec Network Security 63 external sensors 63 Symantec Network Security about...
...-defined login account 103 standby nodes about rate monitoring 23 playback tool 83 record response 81 replaying recorded 84 viewing current flows 117 viewing exported flows 119 U updating See signatures statistics devices with flow 115 stopping end time 105 incident response 80 Symantec Decoy Server enable via Symantec Network Security 63 external sensors 63 Symantec Network Security about...
User Guide
Page 133
protection policies 70 user login accounts establishing 39 user-defined signatures about 22 users about administration of 27 editing passphrases 39 login history 115 Network Security console login 103 V variables signatures 89 viewing adjusting policies 68 changing font size 38 color-coded response rules...122 monitoring groups 44 monitoring interfaces on appliance nodes 57 monitoring interfaces on software nodes 54 monitoring interfaces to software nodes 54 Network Security console 37 object details 50 objects 51 response rules 75 routers 59 sensor parameters to objects 87 topology 37, 38 VLAN ...
protection policies 70 user login accounts establishing 39 user-defined signatures about 22 users about administration of 27 editing passphrases 39 login history 115 Network Security console login 103 V variables signatures 89 viewing adjusting policies 68 changing font size 38 color-coded response rules...122 monitoring groups 44 monitoring interfaces on appliance nodes 57 monitoring interfaces on software nodes 54 monitoring interfaces to software nodes 54 Network Security console 37 object details 50 objects 51 response rules 75 routers 59 sensor parameters to objects 87 topology 37, 38 VLAN ...