Nokia Intrusion Prevention with Sourcefire. Appliance Quick Setup Guide

Similar documents
Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide. Sourcefire Sensor on Nokia v4.8

Nokia Horizon Manager Release Notes. Version1.4 SP1

Intellisync Mobile Suite Client Guide. S60 3rd Edition Platform

Nokia Intellisync Mobile Suite Client Guide. S60 Platform, 3rd Edition

Nokia Intellisync Mobile Suite Client Guide. Palm OS Platform

Nokia Horizon Manager Release Notes. Version 1.8

Nokia IP VPN Gateway Getting Started Guide. Version 6.3

Check Point VPN-1 Pro NGX IPv6Pack for Nokia Getting Started Guide. Check Point VPN-1 Pro NGX IPv6Pack Nokia IPSO 3.9 or 4.0

Check Point for Nokia IPSO Getting Started Guide. Check Point NGX R62 Nokia IPSO 3.9, 4.1 and 4.2

Nokia Intellisync Mobile Suite Release Notes. Version 8.0 SP3 Maintenance Release 1

Release Notes for Nokia IPSO-LX 7.2

Nokia Horizon Manager Version 1.3 Quick Start Guide

Recovery Guide for Cisco Digital Media Suite 5.4 Appliances

Nokia Client Release Notes. Version 2.0

Cisco TelePresence Supervisor MSE 8050

Nokia Secure Access System Getting Started Guide. Version 3.2

Cisco UCS C-Series IMC Emulator Quick Start Guide. Cisco IMC Emulator 2 Overview 2 Setting up Cisco IMC Emulator 3 Using Cisco IMC Emulator 9

Call Connect for Cisco Release Notes. Version 1.1.3

Release Notes for Nortel Real-time Threat Intelligence Sensors 3.1

NetApp SolidFire Element OS. Setup Guide. Version March _A0

iscsi Configuration for ESXi using VSC Express Guide

StorageGRID Webscale NAS Bridge Management API Guide

Videoscape Distribution Suite Software Installation Guide

Cluster and SVM Peering Express Guide

Replacing drives for SolidFire storage nodes

Cisco TelePresence MCU MSE 8510

Nokia IP200 Series Security Platform Installation Guide

Cisco TelePresence Video Communication Server. Getting started

Cisco CSPC 2.7x. Configure CSPC Appliance via CLI. Feb 2018

Cisco TelePresence ISDN GW MSE 8321

Cisco TelePresence Video Communication Server. Getting started

Cisco TelePresence TelePresence Server MSE 8710

Cisco Business Edition 6000 Installation Guide, Release 10.0(1)

Replacing a PCIe card

SonicWall Web Application Firewall 2.0. AWS Deployment Guide

Nokia Intellisync Mobile Suite Linux Installation Guide. Version 8.5

Creating and Installing SSL Certificates (for Stealthwatch System v6.10)

Cisco TelePresence MCU MSE 8510

NetApp AltaVault Cloud-Integrated Storage Appliances

Nokia Secure Access System v3.3 New Features Guide. Including New Features from v3.1 and v3.2

Veritas Storage Foundation and High Availability Solutions HA and Disaster Recovery Solutions Guide for Microsoft SharePoint Server

Cluster Switch Setup Guide for Cisco Switches. May _A0_UR006

Cisco Meeting Management

SonicWall Secure Mobile Access SMA 500v Virtual Appliance 8.6. Getting Started Guide

Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at

Product Support Notice

Cisco TelePresence IP GW MSE 8350

Replacing a PCIe card

ESI Voice Router Public-Installation Guide

Symantec Enterprise Vault Technical Note

Symantec Protection Center Getting Started Guide. Version 2.0

QUICK START GUIDE. SMS 2500iX Appliance.

SOFTWARE LICENSE LIMITED WARRANTY

Cisco TelePresence VCS CE1000 Appliance

Product Support Notice

Product Support Notice

Cisco CSPC 2.7.x. Quick Start Guide. Feb CSPC Quick Start Guide

Release Notes for Cisco Virtualization Experience Client 2111/2211 PCoIP Firmware Release 4.0.2

Downloading and Licensing. (for Stealthwatch System v6.9.1)

SAML SSO Okta Identity Provider 2

60s and 100s Installation Guide

For more information, see "Provision APs for Mesh" on page 6 6. Connect your APs to the network. See "Install the APs" on page 6

AltaVault Cloud Integrated Storage Installation and Service Guide for Virtual Appliances

Product Support Notice

AOS-W 6.4. Quick Start Guide. Install the Switch. Initial Setup Using the WebUI Setup Wizard

CounterACT 7.0 Single CounterACT Appliance

NNMi Integration User Guide for CiscoWorks Network Compliance Manager 1.6

Direct Upgrade Procedure for Cisco Unified Communications Manager Releases 6.1(2) 9.0(1) to 9.1(x)

Cisco Terminal Services (TS) Agent Guide, Version 1.1

Installing Enterprise Switch Manager

CounterACT 7.0. Quick Installation Guide for a Single Virtual CounterACT Appliance

Product Support Notice

Symantec Endpoint Protection Integration Component User's Guide. Version 7.0

SOURCEFIRE 3D SYSTEM RELEASE NOTES

Partner Pre-Install Checklist: Common Service Platform Collector (CSP-C) for Smart Portal 0.5

Oracle Auto Service Request

Cisco Jabber for Android 10.5 Quick Start Guide

The following topics explain how to get started configuring Firepower Threat Defense. Table 1: Firepower Device Manager Supported Models

HCI File Services Powered by ONTAP Select

Product Release Information

Documentation Roadmap for Cisco Prime LAN Management Solution 4.2

Polycom RealPresence Resource Manager System, Virtual Edition

Cisco Prime Network Registrar IPAM 8.3 Quick Start Guide

Replacing the NVDIMM battery

Installing Enterprise Switch Manager

Symantec Enterprise Security Manager JRE Vulnerability Fix Update Guide

Disaster Recovery Guide

Quick Start Guide for Cisco Prime Network Registrar IPAM 8.0

Hyper-V - Windows 2012 and 8. Virtual LoadMaster for Microsoft Hyper-V on Windows Server 2012, 2012 R2 and Windows 8. Installation Guide

Cisco Terminal Services (TS) Agent Guide, Version 1.1

Cisco Terminal Services (TS) Agent Guide, Version 1.0

Procedure for Updating LRRS Software and Installing LS-35-R Series License Files

NetApp HCI Network Setup Guide

Cisco Business Edition 6000 Installation Guide, Release 10.6

Product Support Notice

SonicWall Secure Mobile Access

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark. For Red Hat Enterprise Linux 5

PDF SHARE FORMS. Online, Offline, OnDemand. PDF forms and SharePoint are better together. PDF Share Forms Enterprise 3.0.

Deploying Devices. Cisco Prime Infrastructure 3.1. Job Aid

Installation and Configuration Guide

Transcription:

Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide Part Number N450000567 Rev 001 Published September 2007

COPYRIGHT 2007 Nokia. All rights reserved. Rights reserved under the copyright laws of the United States. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the United States Government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013. Notwithstanding any other license agreement that may pertain to, or accompany the delivery of, this computer software, the rights of the United States Government regarding its use, reproduction, and disclosure are as set forth in the Commercial Computer Software-Restricted Rights clause at FAR 52.227-19. IMPORTANT NOTE TO USERS This software and hardware is provided by Nokia Inc. as is and any express or implied warranties, including, but not limited to, implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall Nokia, or its affiliates, subsidiaries or suppliers be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of such damage. Nokia reserves the right to make changes without further notice to any products herein. TRADEMARKS Nokia is a registered trademark of Nokia Corporation. Other products mentioned in this document are trademarks or registered trademarks of their respective holders. 070101 2 Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide

Nokia Contact Information Corporate Headquarters Web Site Telephone http://www.nokia.com 1-888-477-4566 or 1-650-625-2000 Fax 1-650-691-2170 Mail Address Nokia Inc. 313 Fairchild Drive Mountain View, California 94043-2215 USA Regional Contact Information Americas Nokia Inc. 313 Fairchild Drive Mountain View, CA 94043-2215 USA Tel: 1-877-997-9199 Outside USA and Canada: +1 512-437-7089 email: info.ipnetworking_americas@nokia.com Europe, Middle East, and Africa Nokia House, Summit Avenue Southwood, Farnborough Hampshire GU14 ONG UK Tel: UK: +44 161 601 8908 Tel: France: +33 170 708 166 email: info.ipnetworking_emea@nokia.com Asia-Pacific 438B Alexandra Road #07-00 Alexandra Technopark Singapore 119968 Tel: +65 6588 3364 email: info.ipnetworking_apac@nokia.com Nokia Customer Support Web Site: Email: Americas https://support.nokia.com/ tac.support@nokia.com Europe Voice: 1-888-361-5030 or 1-613-271-6721 Voice: +44 (0) 125-286-8900 Fax: 1-613-271-8782 Fax: +44 (0) 125-286-5666 Asia-Pacific Voice: +65-67232999 Fax: +65-67232897 050602 Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide 3

4 Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide

About This Document This document describes how to quickly set up a Nokia Intrusion Prevention with Sourcefire appliance to operate as a Sourcefire 3D Sensor on Nokia. It describes the minimum configuration you need to do to set up the appliance. For information on additional configuration you might want to perform, see the Nokia Intrusion Prevention with Sourcefire User s Guide, available on the product CD that came with your appliance. About Nokia Intrusion Prevention with Sourcefire Nokia Intrusion Prevention with Sourcefire combines intrusion and vulnerability management technologies to provide real-time network security. Based on the Sourcefire 3D System, Nokia Intrusion Prevention with Sourcefire enables you to access the condition of the network in real time, update and enforce policies, monitor and manage vulnerabilities, and respond quickly to security threats. Nokia Intrusion Prevention with Sourcefire consists of the following components: Sourcefire 3D Sensor on Nokia consists of the Sourcefire Sensor on Nokia application running on a Nokia Intrusion Prevention with Sourcefire appliance. A Sourcefire 3D Sensor on Nokia can be deployed to run any or all of the following: Sourcefire Intrusion Prevention System (IPS) IPS monitors your network for attacks that might affect the availability, integrity, or confidentiality of hosts on the network. Sourcefire Real-Time Network Awareness (RNA) RNA provides active realtime network discovery and vulnerability analysis. Sourcefire Real-Time User Awareness (RUA) RUA allows you to correlate threat, endpoint, and network intelligence with user identity information. Sourcefire Defense Center for Nokia a standalone server that provides correlation of intrusion events with network and host attributes and flow data, as well as scalable centralized management of distributed 3D Sensors. For more information about Nokia Intrusion Prevention with Sourcefire and its components, see the Nokia Intrusion Prevention with Sourcefire User s Guide. Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide 5

Before You Begin Plan Your Deployment Before you begin installing and configuring your Nokia appliance, plan how you will deploy the Nokia Intrusion Prevention with Sourcefire components as part of a network and enterprise security plan. The Nokia Intrusion Prevention with Sourcefire User s Guide provides information on intrusion prevention considerations, on network deployment scenarios, and on the use of network devices, such as hubs, switches, and taps, to connect your sensor. Set Up the Defense Center You should set up your Defense Center before you install and configure your 3D Sensors. To set up the Defense Center, see the first two chapters of the Sourcefire Defense Center for Nokia Installation Guide. This guide is available on the Documentation and Restore CD that is shipped with the Defense Center. Nokia appliances can be configured to synchronize time with an NTP time server. A recommended way to achieve time synchronization between 3D Sensors and the Defense Center is to configure the Defense Center to be an NTP server that can serve time to the sensors. To do so, when you configure the system policy for the Defense Center during the initial setup, set the Serve Time via NTP field to enabled. 6 Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide

Setup Overview The following figure presents an overview of the steps to follow when you set up a Nokia appliance to operate as a 3D Sensor. Each step is described in more detail in the following pages. Start 1 Install the appliance 2 Perform the initial configuration 3 Configure DNS 4 Configure system time 5 Enable Sourcefire Sensor software 6Set up communication with Defense Center 7 Add sensor to Defense Center 8 Install licenses 9 Update sensor software 10 Configure detection engine Setup Complete! Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide 7

1 Install the Appliance The following procedure describes the main steps you need to take to install your appliance. If you need more help, refer to the appropriate Nokia IPxxx Intrusion Prevention with Sourcefire Installation Guide, which is available on the product CD that came with your appliance. To install the appliance 1. Check the contents of the carton against the packing list to make sure that you received all of the items you ordered. Store any packing material that you might require for later shipping. 2. Read any documents packed with the appliance. In addition, read the Release Notes for IPSO-LX, which is available on the CD that came with your appliance or on the Nokia support Web site. 3. Make a note of the serial number of the appliance, which is located on the Product Tracking I.D. Label on the bottom or side of the appliance. You will need the serial number to obtain a license for the Intrusion Prevention System (IPS) software. 4. Install the appliance in the equipment rack. 5. Connect the cables as follows: Connect the supplied RJ-45 cable to the console port. You need to have a console connection to perform the initial configuration. DHCP is not supported. Connect the cable for the management interface as follows: On a Nokia IP690 IPS, use the first or second port on slot 4. On a Nokia IP290 IPS or IP390 IPS, use any one of the built-in Ethernet ports. Connect cables to the remaining Gigabit Ethernet ports that you want to use as sensing interfaces. Because the Sourcefire application requires a dedicated management interface, the management interface cannot be used as a sensing interface. For more information on connecting sensing interfaces to network devices and on cabling, see the Nokia Intrusion Prevention with Sourcefire User s Guide, available on the product CD that came with your appliance. 8 Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide

2 Perform the Initial Configuration When you turn on your appliance for the first time, a console wizard automatically runs that prompts you to provide initial configuration information. The information you need to supply includes: The local hostname for the appliance. The name you choose can include alphanumeric characters, dashes (-), and periods (.). The case-sensitive password for the admin user account. The admin user has complete read/write privileges for all IPSO-LX features that can be configured through Nokia Network Voyager, a Web-based element management interface. The case-sensitive password for the root user account. The physical interface to be used for the management interface, its IP address, and network mask length. The IP address of the default gateway for the appliance. To perform the initial configuration 1. Establish a console connection to the appliance, using a terminal or terminal emulation program with the following port settings: 9600 bps 8 data bits No parity 1 stop bit 2. The initial configuration begins with the following prompt: Hostname? If the Hostname? prompt does not appear on the console, see the Nokia IPxxx Intrusion Prevention with Sourcefire Installation Guide for your appliance for troubleshooting suggestions. 3. Answer the prompts for hostname, user admin password, and user root password. 4. When you see the following message, type 1. You can configure your system in two ways: 1) configure an interface and use our Web-based Voyager via a remote browser 2) configure an interface using CLI after reboot Please enter a choice [ 1-2, q ]: Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide 9

5. Select the physical interface that will be used for the management interface: Select an interface from the following for configuration: 1) eth1 2) eth2 3) eth3 4) eth4 5) quit this menu Enter choice [1-5]: The list of interfaces that you see depends on the NICs that are installed. Built-in port names take the form ethn, while ports on NICs take the form eth-snpn. For example, eth-s4p1 is the ethernet port in chassis slot 4, port 1. Type the number for the interface you want to configure. This interface should be the same interface as you connected the management cable to. 6. When prompted, enter the IP address and subnetwork mask length. 7. When you see the following message, type y (the default option): Do you wish to set the default route [ y ]? 8. When prompted, enter the IP address of the default router for this interface. 9. When prompted to configure speed and duplex mode, you can either: Configure speed and duplex mode, thereby turning off auto-negotiation. Do this if you do not want to use Ethernet auto-negotiation. Enter Return to bypass this step. Do this if you want to leave auto-negotiation on. 10. When asked to confirm the interface parameters, type y. The system will continue booting. When it is completed, the login prompt will appear. 10 Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide

3 Configure DNS After the appliance reboots, you are ready to continue configuring it by using Network Voyager. If you will be identifying the Defense Center that manages this sensor by hostname, rather than an IP address, you need to configure DNS and specify a DNS server. To use Network Voyager 1. Start a Web browser on a workstation that can connect to the appliance. 2. Enter the IP address you assigned to the management interface during the initial configuration. If you use HTTPS to make the connection, you need to enter the SSL port number, 8443. For example: https://10.10.10.10:8443. If you use HTTP, you are automatically redirected to HTTPS and the correct SSL port. You do not need to enter the port number. Because SSL is enabled, you will receive warning messages about the sample certificate on the system. Accept the connection. 3. Log in as admin and use the password that you assigned to the admin user. Note As part of configuring the appliance with Network Voyager, do not enable the network interfaces that will be used as sensing interfaces. The interfaces should be administratively down. The only interface that should be enabled is the management interface. To configure DNS 1. Choose System Configuration > DNS in the Network Voyager navigation tree. 2. Enter the following information into the following fields: Search list field enter a list of domain names that might be appended to names users enter when trying to connect. Separate each name with a space. The maximum length of the entire search list is 256 characters. The maximum number of items in the search list is 6. Server fields enter the IP address of a host running a DNS server. The optional secondary and tertiary servers are used if the primary (or secondary) server fails to respond. 3. Click Submit. Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide 11

4 Configure System Time You must ensure that time is synchronized between the Defense Center and the 3D Sensors it manages. Nokia recommends that you do so by configuring the appliance to use NTP for continuous time synchronization with an NTP time server. You can configure the Defense Center itself to be the NTP time server. Because it can take a while for the time synchronization to occur after you enable NTP, you might want to first manually set the time and date by accessing the NTP server once and then enable NTP for continuous time synchronization. To set system time once 1. Choose System Configuration > Time from the tree view. 2. Select the appropriate time zone in the Time Zone list box. 3. Either set the time manually or specify a time server: To set the time manually, enter the time and date units to change. You do not need to fill in all fields; blank fields default to their existing values. Specify hours in 24-hour format. To set the time using an NTP time server, enter the name or IP address of the time server in the NTP Time Server text box. Choosing this option sets the time once; it does not update the time on a regular basis. 4. Click Submit. To enable NTP 1. Choose Router Services > NTP from the tree view. 2. In the Add New NTP Server text field, enter the IP address for an NTP server and click Add. The server appears in the NTP Servers table. 3. Configure parameters for the server. Usually, you only need to select the Use check box and you can accept the default settings for all other parameters. 4. Add additional NTP servers if desired. 5. Click Enable NTP. 6. Click Submit. 12 Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide

5 Enable the Sourcefire Sensor on Nokia Software The Sourcefire Sensor on Nokia software comes preinstalled on your appliance. You need only to enable it. To enable the Sourcefire Sensor on Nokia software 1. Select System Configuration > Packages > Manage Packages from the tree view. 2. Click the Enable check box for the Sourcefire Sensor on Nokia package. 3. Click the Submit button. After a short wait, a message appears tell you that the package has been registered. Note Although the message suggests a reboot might be necessary, you do not need to reboot the sensor. After the Sourcefire Sensor on Nokia package is enabled, a link to the Sourcefire Sensor Configuration page appears in the Network Voyager tree view. Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide 13

6 Set Up Communications with Defense Center Establishing the connection between a 3D Sensor and the Defense Center is a two-step process. You need to: 1. Set up communications with the Defense Center on the sensor. 2. Add the sensor to the Defense Center. To set up communications on the sensor, you must specify the management interface to use, the IP address of the Defense Center, and provide registration information for security purposes. Once you have done this, you can add the sensor to the Defense Center, using the registration information you supplied on sensor. To set up communications with the Defense Center 1. Select the Sourcefire Sensor link from the tree view. 2. Provide the following information on the Sourcefire Sensor Configuration page: Management Interface the interface that will be used for Defense Center communications. You can choose only from the interfaces that are in the Up status. Management Host the IP address or host name of the Defense Center. Use a hostname rather than an IP address if your network uses DHCP to assign IP addresses. Registration ID an optional alphanumeric value you can define as an additional security check. If you specify an ID, you will have to provide this ID when you add the sensor to the Defense Center. This ID is useful in a network environment that uses network address translation and more than one host could have the same IP address. Registration Key a one-time-use registration key that you define and that you must provide when you add the sensor to the Defense Center. Management Port the TCP port number you want to use for communications between the Defense Center and the sensor. The default value is 8305/tcp. All appliances in your deployment should use the same port number. 3. Click the Submit button. 14 Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide

7 Add the 3D Sensor to the Defense Center You are now ready to add the 3D Sensor to the sensors managed by the Defense Center. After you complete this procedure, communications between the Defense Center and the sensor are established and you can start managing the sensor from the Defense Center. To add the sensor to the Defense Center 1. Log in to the Defense Center. 2. Select Operations from the main menu bar, then click Sensors. 3. On the Managed Sensors page, click New Sensors. 4. Provide the following information on the Sensor Administration page: Host the IP address of the sensor. Registration ID Enter the registration ID if you defined one. Registration Key Enter the registration key. Store Events and Packets Only on the Defense Center Because you can store data on only the Defense Center and not the sensor, this check box is selected automatically. You cannot change this setting for Sourcefire Sensors on Nokia. Prohibit Packet Transfer to the Defense Center You can prevent packet data from being stored on the Defense Center by checking this check box. Note If you elect to prohibit sending packet data, the data is not retained. Packet data is often important for forensic analysis. Add to Group Select the group, if any, you want the sensor to belong to. 5. Click the Add button. The sensor is added to the Defense Center. It can take up to two minutes for the Defense Center to verify the sensor heartbeat and establish communication. You can view the sensor status on the Defense Center Sensors page (Operations > Sensors). Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide 15

8 Install the Licenses You cannot receive events from any 3D Sensor until the appropriate feature license is installed on the Defense Center. The licenses required are as follows: An IPS software license for each sensor the running the Sourcefire Intrusion Prevention System (IPS). An RNA Host license to receive RNA events from any sensor running Real-time Network Awareness (RNA). As long as the host limits are not exceeded, a single RNA Host license allows the Defense Center to receive events from multiple sensors. For example, if your Defense Center will be managing three different Sourcefire 3D Sensors on Nokia, with two of them running IPS and all three running RNA, then you must add two IPS software licenses and a single RNA Host license that is large enough to cover the number of hosts monitored by the three sensors in aggregate. An RUA license to receive RUA events from any sensor running Real-time User Awareness (RUA). As long as the user limits are not exceeded, a single RUA license allows the Defense Center to receive user login events from multiple sensors with RUA. Obtain and install a license as follows: 1. Use the Nokia serial number to obtain a license from the Web-based licensing center, as described in To obtain the license below. For an IPS software license, use the appliance serial number, which is available on the Product Tracking I.D. Label that is on the bottom or side of your sensor unit. For an RNA Host license or an RUA license, use the serial number you received in the entitlement email from Nokia. 2. Add the license to the Defense Center, as described in To add the license below. To obtain the license 1. From the Defense Center, select Operations > System Settings. The Information page appears. 2. On the Information page, click License. The License page appears. 3. On the License page, click Add New License. The Add Feature License page appears. 4. Click the Get License button. 16 Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide

The Licensing Center Web site appears. Note If your web browser cannot access the Internet, copy down the license key at the bottom of the Add Feature License page. Switch to a browser on a host that can access the Internet and go to https://www.keyserver.nokia.sourcefire.com. 5. Follow the on-screen instructions for obtaining a feature license. Note The Licensing Center Web site accepts 12-digit serial numbers only. Add leading zeros to your Nokia feature serial number to make it a 12-digit number. For example, for an IPS software license, add a leading zero to your appliance serial number. If your appliance serial number is 93060305299, enter it as 093060305299. 6. The feature license will be sent to you in an email. When you receive your license, you can then add it to the Defense Center as described in the next procedure. To add the license 1. Copy the license from the email. 2. Return to the Add Feature License page, if you are not already there. 3. In the License field, paste the license provided to you by email. 4. Click the Verify License button to make sure the license has been copied correctly and is valid. A message appears stating whether the license has been verified or not. 5. If the license has been verified, click the Submit License button. Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide 17

9 Update the Sensor Software Before you start modifying the sensor configuration and applying policies to the sensor, you should check for software updates and update the software if necessary. Sourcefire releases patches to the sensor software, vulnerability database updates (VDBs) for sensors running RNA, and security enhancement updates (SEUs) for IPS policies. If your Defense Center has an internet connection, you can download and install updates from the Defense Center. For downloading and installing sensor software patches and VDBs, go to Operations > Update. For SEU updates, go to Policy & Response > IPS > SEU. Sensor software updates, SEUs, and VDBs are also available for download at the Nokia Support Web site. You can then use the Defense Center to upload them and install them. For more information, see the Sourcefire 3D System for Nokia User Guide. 18 Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide

10 Configure the Detection Engines At this point, your Sourcefire 3D Sensor on Nokia is set up in the following default configuration: All the available network interfaces, excluding the management interface, are combined in a single passive interface set. (To be considered available, an interface must be administratively disabled.) A single IPS detection engine is created, which uses the default passive interface set. If the default configuration of your sensor matches your deployment needs, you can start receiving events from the sensor as soon as you apply a passive IPS policy to your detection engine. From the Defense Center, you can select Policy & Response > IPS > Detection & Prevention to create and apply a passive IPS policy. For more information, see Creating Intrusion Policies in the Sourcefire 3D System for Nokia User Guide. Changing the Default Configuration Your deployment might require a different configuration from the default configuration. For example, you might be deploying your sensor inline with fail open interfaces, which would require creating an inline with fail open interface set. Or you might want to also run RNA or RUA over the default passive interface set. To change the default configuration, you can: Edit the default interface set and create new interface sets. By removing interfaces from the default interface set, you make those interfaces available for inclusion in other interface sets that you create for example, an inline interface set. The new interface set can then be assigned to the default detection engine or to a new detection engine that you create. To begin configuring interface sets, select Operations > Configuration > Detection Engines > Interface Sets. Edit the existing default detection engine or create a new detection engine. For example, if you are deploying your sensor inline, you can edit the IPS default detection engine to use an inline interface set, rather than the default passive interface set. Or you can create a new detection engine to run RNA or RUA. To begin editing or creating detection engines, select Operations > Configuration > Detection Engines > Detection Engines. Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide 19

Note The number of detection engines available to you depends on which Nokia appliance model you are using. Create IPS or RNA policies. Before a detection engine can start sending IPS or RNA events to the Defense Center, it must have a policy installed. Default IPS policies are supplied that you can use as a basis for your IPS policy. You should also configure the RNA settings in the system policy. RUA detection engines do not require a policy. To begin creating or applying detection policies, select Policy & Response and then either IPS or RNA, depending on the type of policy. The Sourcefire 3D System for Nokia User Guide provides information on how to create and change interface sets, detection engines, and detection policies. 20 Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide

For Further Information In addition to this guide, the following documentation is available on the CD that came with your Nokia appliance and on the Nokia Support Web site: Nokia Intrusion Prevention with Sourcefire User s Guide provides an overview of the Nokia Intrusion Prevention with Sourcefire components, describes how to plan the deployment of the components, and how to set up and manage a Sourcefire 3D Sensor on Nokia. Administrator s Guide for Nokia IPSO-LX describes how to configure and manage appliances running IPSO-LX. Release Notes for Nokia IPSO-LX contains a list of new features for the current Nokia IPSO-LX release, upgrade and initial configuration instructions, and known limitations. This document might be available only on the Nokia Support Web site. CLI Reference Guide for Nokia IPSO-LX describes the commands that you can implement from the command-line interface (CLI) for IPSO-LX. Nokia IPxxx Intrusion Prevention with Sourcefire Installation Guide describes how to install and maintain the appliance. The following documentation is available on the Documentation and Restore CD that came with your Sourcefire Defense Center for Nokia or on the Nokia Support Web site: Sourcefire Defense Center for Nokia Installation Guide describes how to install and initially configure the Defense Center. Sourcefire 3D System for Nokia User Guide describes how to use the Defense Center to manage sensors, create detection policies, evaluate intrusion events, and so on. Sourcefire 3D System for Nokia Release Notes describes known issues for the Defense Center for Nokia. This document might be available only on the Nokia Support Web site. Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide 21

22 Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback