Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide. Sourcefire Sensor on Nokia v4.8

Similar documents
Nokia Intrusion Prevention with Sourcefire. Appliance Quick Setup Guide

Nokia Horizon Manager Release Notes. Version1.4 SP1

Intellisync Mobile Suite Client Guide. S60 3rd Edition Platform

Nokia Intellisync Mobile Suite Client Guide. S60 Platform, 3rd Edition

Nokia Intellisync Mobile Suite Client Guide. Palm OS Platform

Nokia Horizon Manager Release Notes. Version 1.8

Nokia IP VPN Gateway Getting Started Guide. Version 6.3

Check Point VPN-1 Pro NGX IPv6Pack for Nokia Getting Started Guide. Check Point VPN-1 Pro NGX IPv6Pack Nokia IPSO 3.9 or 4.0

Nokia Intellisync Mobile Suite Release Notes. Version 8.0 SP3 Maintenance Release 1

Check Point for Nokia IPSO Getting Started Guide. Check Point NGX R62 Nokia IPSO 3.9, 4.1 and 4.2

Release Notes for Nokia IPSO-LX 7.2

Nokia Client Release Notes. Version 2.0

Nokia Horizon Manager Version 1.3 Quick Start Guide

Nokia Secure Access System Getting Started Guide. Version 3.2

Recovery Guide for Cisco Digital Media Suite 5.4 Appliances

Release Notes for Nortel Real-time Threat Intelligence Sensors 3.1

NetApp SolidFire Element OS. Setup Guide. Version March _A0

Replacing drives for SolidFire storage nodes

Cisco UCS C-Series IMC Emulator Quick Start Guide. Cisco IMC Emulator 2 Overview 2 Setting up Cisco IMC Emulator 3 Using Cisco IMC Emulator 9

Call Connect for Cisco Release Notes. Version 1.1.3

Cisco TelePresence Supervisor MSE 8050

Cluster and SVM Peering Express Guide

Videoscape Distribution Suite Software Installation Guide

StorageGRID Webscale NAS Bridge Management API Guide

Nokia Intellisync Mobile Suite Linux Installation Guide. Version 8.5

Nokia IP200 Series Security Platform Installation Guide

Cisco TelePresence Video Communication Server. Getting started

iscsi Configuration for ESXi using VSC Express Guide

SonicWall Web Application Firewall 2.0. AWS Deployment Guide

Nokia Secure Access System v3.3 New Features Guide. Including New Features from v3.1 and v3.2

Cisco TelePresence Video Communication Server. Getting started

Cluster Switch Setup Guide for Cisco Switches. May _A0_UR006

Cisco TelePresence VCS CE1000 Appliance

SonicWall Secure Mobile Access SMA 500v Virtual Appliance 8.6. Getting Started Guide

Veritas Storage Foundation and High Availability Solutions HA and Disaster Recovery Solutions Guide for Microsoft SharePoint Server

Cisco Meeting Management

Cisco CSPC 2.7x. Configure CSPC Appliance via CLI. Feb 2018

Cisco Business Edition 6000 Installation Guide, Release 10.0(1)

Replacing a PCIe card

Replacing a PCIe card

Release Notes for Nortel Real-time Threat Intelligence Software for TPS Intrusion Sensors 3.1

Creating and Installing SSL Certificates (for Stealthwatch System v6.10)

CounterACT 7.0 Single CounterACT Appliance

Symantec Enterprise Vault Technical Note

NetApp AltaVault Cloud-Integrated Storage Appliances

PDF SHARE FORMS. Online, Offline, OnDemand. PDF forms and SharePoint are better together. PDF Share Forms Enterprise 3.0.

Product Support Notice

AOS-W 6.4. Quick Start Guide. Install the Switch. Initial Setup Using the WebUI Setup Wizard

Product Support Notice

Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at

Cisco CSPC 2.7.x. Quick Start Guide. Feb CSPC Quick Start Guide

Release Notes for Cisco Virtualization Experience Client 2111/2211 PCoIP Firmware Release 4.0.2

Installing Enterprise Switch Manager

ESI Voice Router Public-Installation Guide

Symantec Enterprise Security Manager JRE Vulnerability Fix Update Guide

Downloading and Licensing. (for Stealthwatch System v6.9.1)

Polycom RealPresence Resource Manager System, Virtual Edition

SAML SSO Okta Identity Provider 2

For more information, see "Provision APs for Mesh" on page 6 6. Connect your APs to the network. See "Install the APs" on page 6

Cisco TelePresence MCU MSE 8510

Cisco TelePresence ISDN GW MSE 8321

QUICK START GUIDE. SMS 2500iX Appliance.

Symantec Endpoint Protection Integration Component User's Guide. Version 7.0

SOFTWARE LICENSE LIMITED WARRANTY

SonicWALL CDP 2.1 Agent Tool User's Guide

Symantec Protection Center Getting Started Guide. Version 2.0

NetApp HCI Network Setup Guide

Partner Pre-Install Checklist: Common Service Platform Collector (CSP-C) for Smart Portal 0.5

Installing Enterprise Switch Manager

Cisco TelePresence TelePresence Server MSE 8710

NNMi Integration User Guide for CiscoWorks Network Compliance Manager 1.6

Cisco TelePresence IP GW MSE 8350

Direct Upgrade Procedure for Cisco Unified Communications Manager Releases 6.1(2) 9.0(1) to 9.1(x)

Avaya VPN Client Software Release 10.05_100

Product Support Notice

AltaVault Cloud Integrated Storage Installation and Service Guide for Virtual Appliances

60s and 100s Installation Guide

Cisco TelePresence MCU MSE 8510

CounterACT 7.0. Quick Installation Guide for a Single Virtual CounterACT Appliance

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark. For Red Hat Enterprise Linux 5

Product Support Notice

OnCommand Unified Manager 7.2: Best Practices Guide

Cisco Jabber IM for iphone Frequently Asked Questions

Cisco Jabber for Android 10.5 Quick Start Guide

NetApp Cloud Volumes Service for AWS

Documentation Roadmap for Cisco Prime LAN Management Solution 4.2

Veritas Storage Foundation and High Availability Solutions Getting Started Guide

GoldSim License Portal A User s Guide for Managing Your GoldSim Licenses

Upgrade Express Guide

Security Gateway Virtual Edition

Hyper-V - Windows 2012 and 8. Virtual LoadMaster for Microsoft Hyper-V on Windows Server 2012, 2012 R2 and Windows 8. Installation Guide

Cisco CIMC Firmware Update Utility User Guide

Installing the Shrew Soft VPN Client

Procedure for Updating LRRS Software and Installing LS-35-R Series License Files

E-Series Cabling E-Series Hardware

Product Support Notice

Nimsoft Monitor. controller Guide. v5.7 series

AltaVault Cloud Integrated Storage Installation and Service Guide for Cloud Appliances

Oracle Auto Service Request

Product Release Information

Transcription:

Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide Sourcefire Sensor on Nokia v4.8 Part No. N450000774 Rev 001 Published September 2008

COPYRIGHT 2008 Nokia. All rights reserved. Rights reserved under the copyright laws of the United States. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the United States Government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013. Notwithstanding any other license agreement that may pertain to, or accompany the delivery of, this computer software, the rights of the United States Government regarding its use, reproduction, and disclosure are as set forth in the Commercial Computer Software-Restricted Rights clause at FAR 52.227-19. IMPORTANT NOTE TO USERS This software and hardware is provided by Nokia Inc. as is and any express or implied warranties, including, but not limited to, implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall Nokia, or its affiliates, subsidiaries or suppliers be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of such damage. Nokia reserves the right to make changes without further notice to any products herein. TRADEMARKS Nokia is a registered trademark of Nokia Corporation. Other products mentioned in this document are trademarks or registered trademarks of their respective holders. 080101 2 Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide

Nokia Contact Information Corporate Headquarters Web Site Telephone http://www.nokia.com 1-888-477-4566 or 1-650-625-2000 Fax 1-650-691-2170 Mail Address Nokia Inc. 313 Fairchild Drive Mountain View, California 94043-2215 USA Regional Contact Information Americas Nokia Inc. 313 Fairchild Drive Mountain View, CA 94043-2215 USA Tel: 1-877-997-9199 Outside USA and Canada: +1 512-437-7089 email: info.ipnetworking_americas@nokia.com Europe, Middle East, and Africa Nokia House, Summit Avenue Southwood, Farnborough Hampshire GU14 ONG UK Tel: UK: +44 161 601 8908 Tel: France: +33 170 708 166 email: info.ipnetworking_emea@nokia.com Asia-Pacific 438B Alexandra Road #07-00 Alexandra Technopark Singapore 119968 Tel: +65 6588 3364 email: info.ipnetworking_apac@nokia.com Nokia Customer Support Web Site: Email: Americas https://support.nokia.com/ tac.support@nokia.com Europe Voice: 1-888-361-5030 or 1-613-271-6721 Voice: +44 (0) 125-286-8900 Fax: 1-613-271-8782 Fax: +44 (0) 125-286-5666 Asia-Pacific Voice: +65-67232999 Fax: +65-67232897 050602 Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide 3

4 Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide

About This Document This document describes how to quickly set up a Nokia Intrusion Prevention with Sourcefire appliance to the point where it can start being managed by the Sourcefire Defense Center for Nokia. It describes the minimum configuration you need to do to set up the appliance. For information on additional configuration you might want to perform, see the Nokia Intrusion Prevention with Sourcefire User s Guide, available on the product CD that came with your appliance. About Nokia Intrusion Prevention with Sourcefire Nokia Intrusion Prevention with Sourcefire combines intrusion and vulnerability management technologies to provide real-time network security. Based on the Sourcefire 3D System, Nokia Intrusion Prevention with Sourcefire enables you to access the condition of the network in real time, update and enforce policies, monitor and manage vulnerabilities, and respond quickly to security threats. Nokia Intrusion Prevention with Sourcefire consists of the following components: Sourcefire 3D Sensor on Nokia consists of the Sourcefire Sensor on Nokia application running on a Nokia Intrusion Prevention with Sourcefire appliance. A Sourcefire 3D Sensor on Nokia can be deployed to run one or more of the following: Sourcefire Intrusion Prevention System (IPS) IPS monitors your network for attacks that might affect the availability, integrity, or confidentiality of hosts on the network. Sourcefire Real-Time Network Awareness (RNA) RNA provides active real-time network discovery and vulnerability analysis. Sourcefire Real-Time User Awareness (RUA) RUA allows you to correlate threat, endpoint, and network intelligence with user identity information. Sourcefire Defense Center for Nokia a standalone server that provides correlation of intrusion events with network and host attributes and flow data, as well as scalable centralized management of distributed 3D Sensors. For more information about Nokia Intrusion Prevention with Sourcefire and its components, see the Nokia Intrusion Prevention with Sourcefire User s Guide. Before You Begin Before you begin installing and configuring your Nokia appliance, plan how you will deploy the Nokia Intrusion Prevention with Sourcefire components as part of a network and enterprise security plan. The Nokia Intrusion Prevention with Sourcefire User s Guide provides information on intrusion prevention considerations, on network deployment scenarios, and on the use of network devices, such as hubs, switches, and taps, to connect your sensor. Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide 5

Setup Overview The following figure presents an overview of the steps to follow when you set up a Nokia IPS appliance so that it can be managed as a Sourcefire 3D Sensor on Nokia by the Defense Center. Each step is described in more detail in the following pages. Start 1 Install the appliance 2 Perform the initial configuration 3 Log into Nokia Network Voyager 4 Configure DNS 5 Configure system time 6 Enable Sourcefire Sensor software 7Set up management by Defense Center Setup complete! Next steps are done from the Defense Center 6 Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide

Step 1 Install the Appliance The following procedure describes the main steps you need to take to install your appliance. If you need more help, refer to the appropriate Nokia IPxxx Intrusion Prevention with Sourcefire Installation Guide, which is available on the product CD that came with your appliance. To install the appliance 1. Unpack the appliance and store packing material that you might require for later shipping. 2. Read any documents packed with the appliance. In addition, read the Release Notes for IPSO-LX, which is available on the product CD or on the Nokia support Web site. 3. Make a note of the serial number of the appliance, which is located on the Product Tracking I.D. Label on the bottom or on the side of the appliance. You need the serial number to obtain an Intrusion Prevention System (IPS) feature license. 4. Install the appliance in the equipment rack and connect power. 5. Connect the supplied RJ-45 cable to the console port. You need to have a console connection to perform the initial configuration, which includes assigning a management IP address. DHCP is not supported. 6. Connect the cable for the management interface as follows: On a Nokia IP2450 IPS, use any port on slot 4. On a Nokia IP690 IPS, use the first or second port on slot 4. On a Nokia IP390 IPS, use any one of the four built-in Ethernet ports, labeled ETH-1 through ETH-4. On a Nokia IP290 IPS, use any one of the six built-in Ethernet ports, labeled 1 through 6. Nokia IP2450 IPS Nokia IP690 IPS Nokia IP390 IPS Any port on Slot 4 Any built-in port Nokia IP290 IPS Port 1 or 2 on Slot 4 Any built-in port 7. Connect cables to the remaining Ethernet ports that you want to use as sensing interfaces. Because the Sourcefire application requires a dedicated management interface, the management interface cannot be used as a sensing interface. For more information on connecting sensing interfaces to network devices and on cabling, see the Nokia Intrusion Prevention with Sourcefire User s Guide, available on the product CD that came with your appliance. Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide 7

Step 2 Perform the Initial Configuration When you turn on your appliance for the first time, a console wizard automatically runs that prompts you to provide initial configuration information. The information you need to supply includes: The local hostname for the appliance. The name you choose can include alphanumeric characters, dashes (-), and periods (.). The case-sensitive password for the admin user account. The admin user has complete read/ write privileges for all IPSO-LX features that can be configured through Nokia Network Voyager, a Web-based element management interface. The case-sensitive password for the root user account. The physical interface to be used for the management interface, its IP address, and network mask length. The IP address of the default gateway for the appliance. To perform the initial configuration 1. Establish a console connection to the appliance, using a terminal or terminal emulation program with the following port settings: 9600 bps 8 data bits No parity 1 stop bit 2. The initial configuration begins with the following prompt: Hostname? If the Hostname? prompt does not appear on the console, see the Nokia IPxxx Intrusion Prevention with Sourcefire Installation Guide for your appliance for troubleshooting suggestions. 3. Answer the prompts for hostname, user admin password, and user root password. 4. When you see the following message, type 1. You can configure your system in two ways: 1) configure an interface and use our Web-based Voyager via a remote browser 2) configure an interface using CLI after reboot Please enter a choice [ 1-2, q ]: 8 Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide

5. Select the physical interface that will be used for the management interface: Select an interface from the following for configuration: 1) eth1 2) eth2 3) eth3 4) eth4 5) quit this menu Enter choice [1-5]: The list of interfaces that you see depends on the NICs that are installed. Built-in port names take the form ethn, while ports on NICs take the form eth-snpn. For example, eth-s4p1 is the ethernet port in chassis slot 4, port 1. Type the number for the interface you want to configure. This interface should be the same interface as you connected the management cable to. 6. When prompted, enter the IP address and subnetwork mask length. 7. When you see the following message, type y (the default option): Do you wish to set the default route [ y ]? 8. When prompted, enter the IP address of the default router for this interface. 9. When prompted to configure speed and duplex mode, you can either: Configure speed and duplex mode, thereby turning off auto-negotiation. Do this if you do not want to use Ethernet auto-negotiation. Enter Return to bypass this step. Do this if you want to leave auto-negotiation on. 10. When asked to confirm the interface parameters, type y. The system will continue booting. When it is completed, the login prompt will appear. Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide 9

Step 3 Log into Nokia Network Voyager After the appliance reboots, you are ready to continue configuring it by using Network Voyager. Note As part of configuring the appliance with Network Voyager, do not enable the network interfaces that will be used as sensing interfaces. The interfaces should be administratively down. The only interface that should be enabled is the management interface. To use Network Voyager 1. Start a Web browser on a workstation that can connect to the appliance. 2. Enter the IP address you assigned to the management interface during the initial configuration. If you use HTTPS to make the connection, you need to enter the SSL port number, 8443. For example: https://10.10.10.10:8443. If you use HTTP, you are automatically redirected to HTTPS and the correct SSL port. You do not need to enter the port number. 3. Because SSL is enabled, you will receive warning messages about the sample certificate on the system. Accept the connection. The Network Voyager log in page appears. 4. Log in as admin and use the password that you assigned to the admin user. 10 Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide

Step 4 Configure DNS If you will be identifying the Defense Center that manages this sensor by hostname, rather than an IP address, you need to configure DNS and specify a DNS server. To configure DNS 1. Choose System Configuration > DNS in the Network Voyager navigation tree. 2. Enter the following information into the following fields: Search list field enter a list of domain names that might be appended to names users enter when trying to connect. Separate each name with a space. The maximum length of the entire search list is 256 characters. The maximum number of items in the search list is 6. Server fields enter the IP address of a host running a DNS server. The optional secondary and tertiary servers are used if the primary (or secondary) server fails to respond. 3. Click Submit. Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide 11

Step 5 Configure NTP You must ensure that time is synchronized between the Defense Center and the 3D Sensors it manages. Nokia recommends that you do so by configuring the appliance to use NTP for continuous time synchronization with an NTP time server. You can configure the Defense Center itself to be the NTP time server. To enable NTP 1. Choose Router Services > NTP from the tree view. 2. In the Add New NTP Server text field, enter the IP address for an NTP server and click Add. The server appears in the NTP Servers table. 3. Configure parameters for the server. Usually, you only need to select the Use check box and you can accept the default settings for all other parameters. 4. Add additional NTP servers if desired. 5. Click Enable NTP. 6. Click Submit. If you also want to set the time zone, which by default is set to GMT, you can do so from the Time and Date Configuration page (System Configuration > Time). The Time and Date page also allows you to set the time and date by retrieving it once from a time server. Because it can take a while for the time synchronization to occur after you enable NTP, you might want to initially set the time and date using this method and then enable NTP for continuous time synchronization. 12 Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide

Step 6 Enable the Sourcefire Sensor on Nokia Software The Sourcefire Sensor on Nokia software comes preinstalled on your appliance. You need only to enable it. To enable the Sourcefire Sensor on Nokia software 1. Select System Configuration > Packages > Manage Packages from the tree view. 2. Click the Enable check box for the Sourcefire Sensor on Nokia package. 3. Click the Submit button. After a short wait, a message appears tell you that the package has been registered. Note Although the message suggests a reboot might be necessary, you do not need to reboot the sensor. After the Sourcefire Sensor on Nokia package is enabled, a link to the Sourcefire Sensor Configuration page appears in the Network Voyager tree view. Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide 13

Step 7 Set Up Management by the Defense Center To configure management by the Defense Center, you must specify the management interface to use, the IP address of the Defense Center, and provide registration information for security purposes. When you finish the procedure below, the sensor will be ready to be registered with the Defense Center. Further configuration of the sensor is done on the Defense Center. To set up communications with the Defense Center 1. Select the Sourcefire Sensor link from the tree view. 2. Provide the following information on the Sourcefire Sensor Configuration page: Management Interface the interface that will be used for Defense Center communications. You can choose only from the interfaces that are in the Up status. Management Host the IP address or host name of the Defense Center. Use a host name if your network uses DHCP to assign IP addresses. Registration Key a one-time-use registration key that you define and that you must provide when you add the sensor to the Defense Center. Unique NAT ID an optional alphanumeric value you can define as an additional security check. If you specify an ID, you will have to provide this ID when you add the sensor to the Defense Center. This ID is useful in a network environment that uses network address translation and more than one host could have the same IP address. Management Port the TCP port number you want to use for communications between the Defense Center and the sensor. The default value is 8305/tcp. All appliances in your deployment should use the same port number. 3. Click the Submit button. 14 Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide

Next Steps At the point, further configuration of the sensor takes place on the Defense Center. The next steps you take depend on whether you need to set up the Defense Center that manages the sensor or you will be adding the sensor to an existing Defense Center. The following two sections provide a broad outline of the steps you might take in either scenario. For more information, consult the Nokia Intrusion Prevention User s Guide or the Sourcefire 3D System on Nokia User Guide. To Set Up the Defense Center and Finish Configuring the Sensor 1. Install other Nokia sensors you might have and perform the initial set up of these sensors as described in steps 1 through 7 of this guide. 2. Install the Defense Center that manages the sensors and establish network connectivity to it. For installation instructions, see the Sourcefire Defense Center for Nokia Installation Guide, which is available on the Sourcefire Documentation and Restore CD that shipped with your Defense Center. 3. Open a browser and log in to the Defense Center. When you log in to the Defense Center for the first time, the Install page appears. This page allows you to perform basic configuration of your Defense Center, install the needed licenses for your Nokia Intrusion Prevention products, and register all the sensors you set up in step 1. 4. Fill out the Install page. Nokia IPS products require the following licenses: A base product license. Each Defense Center requires a base product license. A separate IPS software license must be installed for each sensor running IPS. A single RNA Host license is necessary to receive RNA events from any sensor running RNA. As long as the host limits are not exceeded, a single RNA Host license allows the Defense Center to receive events from multiple sensors with RNA. A single RUA User license is required to monitor information on users. As long as the user limits are not exceeded, a single RUA license allows the Defense Center to receive user login events from multiple sensors with RUA. A single NetFlow license is required if you gather flow data from Netflow devices. The license specifies how many NetFlow devices you can use to gather flow data. Instructions for what information is required to obtain the licenses is available at the Licensing Web site, which is accessible through a link on the Defense Center Install page. 5. After the Defense Center finishes registering your sensors, update the Defense Center and Sourcefire Sensor on Nokia software on the sensors if they are not running the latest patch. Patches are available from the Nokia Support Web site. To upload the patch to the Defense Center and then install it, go to Operations > Update. 6. Modify the sensor configuration as needed. Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide 15

After registration, all Nokia IPS sensors are configured with a single IPS detection engine that has a passive interface set assigned to it. This passive interface set normally contains all the interfaces on the appliance except the management interface. If you need to modify the default configuration for example, you want to configure an inline with fail open interface set or you want to add an RNA detection engine see Chapter 3 of the Nokia Intrusion Prevention with Sourcefire User s Guide, which is available on your product CD, for instructions on how to do so. If you don t need to modify the default configuration, all you need to do is to install a passive IPS detection policy on the sensors, if you did not already instruct the Defense Center to do so as part of the initial registration. To install an IPS policy, go to Policy and Response > IPS > Detection and Prevention > Create Policy. For instructions, see Chapter 3 of the Nokia Intrusion Prevention with Sourcefire User s Guide. To Add the Sensor to an Existing Defense Center 1. Log in to the Defense Center that will be managing the sensor. 2. On the Defense Center, add the appropriate feature licenses by going to Operations > System Settings > License > Add New License. If you are running IPS on the sensor, you must add an IPS feature license for the sensor. Whether you need to add a new RNA or RUA feature license depends on whether you still will stay within the limits for hosts or users on your existing license. 3. Register the sensor on the Defense Center by going to Operations > Sensors > New Sensor. When the sensor is registered to the Defense Center, it will have the default configuration of all interfaces (except the management interface) combined into a single passive interface set that is assigned to a single IPS detection engine. 4. Install as needed any software patches or upgrades to the Sourcefire Sensor on Nokia software. Patches are available from the Nokia Support Web site. To upload the patch to the Defense Center and then install it on the sensors, go to Operations > Update. 5. If the default configuration of the sensor meets your needs, install a passive IPS policy on the sensor by going to Policy and Response > IPS > Detection and Prevention. When the policy finishes installing, your sensor will be in operation, monitoring for intrusion events. 6. If the default configuration doesn t meet your needs, modify the sensor configuration and then install the appropriate policies on the sensor. For more information, see Chapter 3 of the Nokia Intrusion Prevention with Sourcefire User s Guide. 16 Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide

For Further Information In addition to this guide, the following documentation is available on the CD that came with your Nokia appliance and on the Nokia Support Web site: Nokia Intrusion Prevention with Sourcefire User s Guide provides an overview of the Nokia Intrusion Prevention with Sourcefire components, describes how to plan the deployment of the components, and how to set up and manage a Sourcefire 3D Sensor on Nokia. Administrator s Guide for Nokia IPSO-LX describes how to configure and manage appliances running IPSO-LX. Release Notes for Nokia IPSO-LX contains a list of new features for the current Nokia IPSO-LX release, upgrade and initial configuration instructions, and known limitations. This document might be available only on the Nokia Support Web site. CLI Reference Guide for Nokia IPSO-LX describes the commands that you can implement from the command-line interface (CLI) for IPSO-LX. Nokia IPxxxx Intrusion Prevention with Sourcefire Installation Guide describes how to install and maintain the appliance. The following documentation is available on the Documentation and Restore CD that came with your Sourcefire Defense Center for Nokia or on the Nokia Support Web site: Sourcefire Defense Center for Nokia Installation Guide describes how to install and initially configure the Defense Center. Sourcefire 3D System for Nokia User Guide describes how to use the Defense Center to manage sensors, create detection policies, evaluate intrusion events, and so on. Sourcefire 3D System for Nokia Release Notes describes known issues for the Defense Center for Nokia and for the Sourcefire Sensor on Nokia. This document might be available only on the Nokia Support Web site. Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide 17

18 Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide

We Welcome Your Comments Nokia Business Security Products is interested in improving our documentation to better serve you. Please feel free to send comments and suggestions to docfeedback@nokia.com. If you are using Adobe Acrobat Reader 6.0 or later, we invite you to provide feedback to us by using the following form. How satisfied are you with the help you received from this document? Feel free to elaborate on your answer: Where did you find this document? If you chose other, where did you get the document? Was the document easy to find? Feel free to enter suggestions for improving this document: May we contact you at your e-mail address if we have questions about your feedback? Note: This form is returned to us through your e-mail. We respect your privacy and will not use your e-mail address for any other purpose than communication about this form.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback