Sidewinder G2 6.1.2 Administration Guide - Glossary of Technical ...

More documents

Recommendations

Info

Chapter 19: Auditing and Reporting Auditing on the Sidewinder G2 544 Attack Description system critical and severe Creating custom audit filters The Custom option in the Filter By field allows you to define a custom filter to view more specialized audit information. The basic structure includes specifying: • The type or facility for which you want to search, using one of the following formats: – name (AUDIT_T_TYPE as in AUDIT_T_ATTACK, AUDIT_F_FACILITY as in AUDIT_F_LOGIN) – short message (attack, login) – short message prepended with classification indicator (t_attack, f_login) Note: This format appears in audit records and is useful when copying or pasting directly from audit output. • Additional fields to further specify the audit results. Fields can be separated by Boolean operators (and, or, not) and grouped by parentheses. The following examples demonstrate the basic structure used to create custom audit filters. Note: Table 34 provides a list of the available fields (for example, facility, type, service, user, etc.) that you can use to filter your audit search. Example 1: Filtering for login records The following example shows the format used to display all system login records (successful and unsuccessful): facility f_login Detects critical and severe system events including power failures, hardware failures, critical and severe software failures, failover events, license expiration, log overflows, and IPSEC errors. Critical system events indicate a component or subsystem stopped working, that the system is going down (expectedly or unexpectedly), or that the system is not expected to work again without intervention. Severe attacks indicate something is occurring that an administrator should know. system shutdown Detects when a UPS is running out of battery power or has been on battery power for the estimated battery time. If you want to view login records for a specific user, you would include a user name, as follows: facility f_login and username Josephine
Example 2: Filtering for services and users Chapter 19: Auditing and Reporting Auditing on the Sidewinder G2 The following example shows the format used to display HTTP network traffic audit records for a user named Lloyd: type t_attack and cmd httpp and username Lloyd where: • type t_attack — This field will filter audit records for all attack events. • cmd httpp — This field will filter the attack audit events to include only HTTP service records. • username Lloyd — This field will filter the HTTP attack events to include only events that are specific to actions performed by user name “Lloyd.” Example 3: Filtering for specific ports and IP addresses The following example shows the format used to display all network probe events on port 37337 and subnet 192.168.124.0/24 originating from burbs 3 or 4. Enter text on one line: type t_netprobe and dst_port 37337 and dst_ip 192.168.124.0/ 24 and (src_burb 3 or src_burb 4) where: • type t_netprobe — This field will filter audit records for all network probe events. • dst_port 37337 — This field will filter the network probe events to include only records with a destination port of 37337. • dst_ip 192.168.124.0/24 — This field will filter the network probe events to include only records with a destination IP address of 192.168.124.0/24. • (src_burb 3 or src_burb 4) — This information will filter the network probe events to include only records with a source burb of 3 or 4. Example 4: Excluding information in a filter You can explicitly exclude certain types of audit information by placing the word “not” in front of a field. For example, the custom filter shown below will display all audit records EXCEPT attack records originating for the source IP address 172.17.9.28: not type t_attack and src_ip 172.17.9.28 where: • not type t_attack — This field will exclude any attack-based audit events. • src_ip 172.17.9.28 — This field will filter the non-attack audit events for records with a source address of 172.17.9.28. 545
Page 1:
ADMINISTRATION GUIDE
Page 5 and 6:
Copyright © 2006 Secure Computing
Page 7 and 8:
Other Terms and Conditions This pro
Page 9 and 10:
CONTENTS Preface . . . . . . . . .
Page 11 and 12:
Table of Contents Modifying the sta
Page 13 and 14:
Table of Contents Configuring the S
Page 15 and 16:
Table of Contents About mail exchan
Page 17 and 18:
Table of Contents Configuring and d
Page 19 and 20:
Table of Contents CHAPTER 20 IPS At
Page 21 and 22:
Table of Contents APPENDIX F Basic
Page 23 and 24:
PREFACE Who should read this guide
Page 25 and 26:
Online help Preface The Sidewinder
Page 27 and 28:
1 CHAPTER Introduction In this chap
Page 29 and 30:
Figure 2: Protecting multiple netwo
Page 31 and 32:
Chapter 1: Introduction The Type En
Page 33 and 34:
Type Enforced attributes Chapter 1:
Page 35 and 36:
Figure 4: Multiple Type Enforced ar
Page 37 and 38:
Chapter 1: Introduction Additional
Page 39 and 40:
Chapter 1: Introduction Additional
Page 41 and 42:
Network Services Sentry (NSS) Chapt
Page 43 and 44:
2 CHAPTER Administrator’s Overvie
Page 45 and 46:
Admin Console basics Chapter 2: Adm
Page 47 and 48:
Figure 7: Admin Console Login windo
Page 49 and 50:
Figure 9: Main Admin Console menu M
Page 51 and 52:
Admin Console conventions Chapter 2
Page 53 and 54:
Figure 11: Open File window Opening
Page 55 and 56:
Figure 14: Find/Replace window Ente
Page 57 and 58:
Chapter 2: Administrator’s Overvi
Page 59 and 60:
Chapter 2: Administrator’s Overvi
Page 61 and 62:
Figure 15: sshd Server Configuratio
Page 63 and 64:
To access the trusted Telnet server
Page 65 and 66:
3 CHAPTER General System Tasks In t
Page 67 and 68:
Figure 16: System Shutdown window E
Page 69 and 70:
Setting up and maintaining administ
Page 71 and 72:
Figure 18: Administrator Informatio
Page 73 and 74:
Changing passwords Setting the syst
Page 75 and 76:
Using system roles to access type e
Page 77 and 78:
Figure 20: Configuration file backu
Page 79 and 80:
Chapter 3: General System Tasks Con
Page 81 and 82:
Activating the Sidewinder G2 licens
Page 83 and 84:
Chapter 3: General System Tasks Act
Page 85 and 86:
Figure 23: Firewall License: Compan
Page 87 and 88:
Figure 25: Firewall License: Enroll
Page 89 and 90:
Chapter 3: General System Tasks Pro
Page 91 and 92:
Enabling and disabling servers Figu
Page 93 and 94:
Server Name Notes Chapter 3: Genera
Page 95 and 96:
Configuring virus scanning services
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Figure 32: IDS Server window About
Page 103 and 104:
Figure 34: Software Management: Sum
Page 105 and 106:
Chapter 3: General System Tasks Loa
Page 107 and 108:
Chapter 3: General System Tasks Loa
Page 109 and 110:
Modifying the interface configurati
Page 111 and 112:
About the Interface Status window M
Page 113 and 114:
Chapter 3: General System Tasks Mod
Page 115 and 116:
About the Aliases: New/Modify Netwo
Page 117 and 118:
About the Static: Route window Conf
Page 119 and 120:
About the SSL certificate fields fo
Page 121 and 122:
Enabling/disabling the UPS server C
Page 123 and 124:
4 CHAPTER Understanding Policy Conf
Page 125 and 126:
Figure 45: Example of active rules
Page 127 and 128:
Chapter 4: Understanding Policy Con
Page 129 and 130:
Page 131 and 132:
Figure 47: User Groups user group n
Page 133 and 134:
Figure 48: Netgroup Subnet objects
Page 135 and 136:
Application Defenses Table 11: Samp
Page 137 and 138:
Page 139 and 140:
Page 141 and 142:
Simple proxy rule examples Chapter
Page 143 and 144:
Page 145 and 146:
Table 17: Proxy rules for the advan
Page 147 and 148:
IP Filter rule basics Chapter 4: Un
Page 149 and 150:
Page 151 and 152:
Figure 52: Example network Chapter
Page 153 and 154:
Figure 53: Normal NAT IP Filter rul
Page 155 and 156:
Page 157 and 158:
5 CHAPTER Creating Rule Elements In
Page 159 and 160:
Chapter 5: Creating Rule Elements C
Page 161 and 162:
About the Group Information tab Abo
Page 163 and 164:
About the User Password tab Chapter
Page 165 and 166:
About the User Group Membership win
Page 167 and 168:
Figure 60: New Network Object windo
Page 169 and 170:
Figure 62: Host network object wind
Page 171 and 172:
Figure 63: IP Address network objec
Page 173 and 174:
Figure 65: Subnet network object wi
Page 175 and 176:
Figure 67: Group Membership window
Page 177 and 178:
About the Service Groups window Cha
Page 179 and 180:
6 CHAPTER Configuring Application D
Page 181 and 182:
Chapter 6: Configuring Application
Page 183 and 184:
Page 185 and 186:
Page 187 and 188:
About the URL Control tab Chapter 6
Page 189 and 190:
Figure 73: Web/Secure Web: HTTP Rep
Page 191 and 192:
Figure 74: Web/Secure Web: MIME/Vir
Page 193 and 194:
Page 195 and 196:
Figure 76: Web/Secure Web: SmartFil
Page 197 and 198:
Page 199 and 200:
Page 201 and 202:
About the Keyword Search tab Chapte
Page 203 and 204:
Figure 81: Mail (Sendmail) MIME/Vir
Page 205 and 206:
Configuring MIME filtering rules Ch
Page 207 and 208:
Creating Mail (SMTP proxy) Defenses
Page 209 and 210:
Figure 84: Mail (SMTP proxy): Desti
Page 211 and 212:
Creating Citrix Application Defense
Page 213 and 214:
Configuring the FTP Enforcements ta
Page 215 and 216:
Configuring Virus/Spyware filtering
Page 217 and 218:
Creating IIOP Application Defenses
Page 219 and 220:
Configuring the H.323 Filter tab Ch
Page 221 and 222:
About the Service Name (SID): New S
Page 223 and 224:
Creating SOCKS Application Defenses
Page 225 and 226:
Figure 95: SNMP v1: OID Editing win
Page 227 and 228:
Creating Standard Application Defen
Page 229 and 230:
Configuring connection properties C
Page 231 and 232:
Configuring connection ports Chapte
Page 233 and 234:
7 CHAPTER Configuring Network Defen
Page 235 and 236:
Figure 100: Network Defense window
Page 237 and 238:
About the Network Defenses: TCP tab
Page 239 and 240:
Configuring the UDP Network Defense
Page 241 and 242:
Configuring the ICMP Network Defens
Page 243 and 244:
Configuring the ARP Network Defense
Page 245 and 246:
8 CHAPTER Creating Rules and Rule G
Page 247 and 248:
About the Duplicate Rule Name windo
Page 249 and 250:
Chapter 8: Creating Rules and Rule
Page 251 and 252:
Figure 110: Proxy Rule: Authenticat
Page 253 and 254:
Entering information on the Time ta
Page 255 and 256:
Figure 113: IP Filter Rules window
Page 257 and 258:
Figure 114: IP Filter Rules Source/
Page 259 and 260:
Figure 115: IP Filter Time tab Abou
Page 261 and 262:
Chapter 8: Creating Rules and Rule
Page 263 and 264:
Figure 117: Modify Groups window Ch
Page 265 and 266:
Selecting your active policy rules
Page 267 and 268:
Figure 120: IP Filter General Prope
Page 269 and 270:
9 CHAPTER Configuring Proxies In th
Page 271 and 272:
Chapter 9: Configuring Proxies Prox
Page 273 and 274:
Redirected proxy connections Chapte
Page 275 and 276:
Figure 123: Port redirection for in
Page 277 and 278:
Proxy Name Type and Port Descriptio
Page 279 and 280:
Proxy Name Type and Port Descriptio
Page 281 and 282:
Notes on selected proxy configurati
Page 283 and 284:
Notes on using the FTP proxy Chapte
Page 285 and 286:
HTTP/HTTPS considerations Chapter 9
Page 287 and 288:
Figure 124: News server in front of
Page 289 and 290:
About the T.120 proxy Chapter 9: Co
Page 291 and 292:
Chapter 9: Configuring Proxies Note
Page 293 and 294:
Figure 126: Proxies window About th
Page 295 and 296:
Figure 127: ica proxy Advanced tab
Page 297 and 298:
Configuring connection ports Chapte
Page 299 and 300:
10 CHAPTER Setting Up Authenticatio
Page 301 and 302:
Administrator authentication Chapte
Page 303 and 304:
Supported authentication methods Ch
Page 305 and 306:
SafeWord authentication Chapter 10:
Page 307 and 308:
Chapter 10: Setting Up Authenticati
Page 309 and 310:
Users, groups, and authentication C
Page 311 and 312:
Page 313 and 314:
Figure 131: SSO Cached Authenticati
Page 315 and 316:
Page 317 and 318:
Figure 133: Password Configuration
Page 319 and 320:
Entering information on the RADIUS
Page 321 and 322:
Adding or modifying a SafeWord serv
Page 323 and 324:
Figure 137: SNK Configuration windo
Page 325 and 326:
Entering information on the Windows
Page 327 and 328:
Entering information on the Single
Page 329 and 330:
Setting up authentication for servi
Page 331 and 332:
Setting up authentication for Web s
Page 333 and 334:
Page 335 and 336:
Page 337 and 338:
11 CHAPTER DNS (Domain Name System)
Page 339 and 340:
About Sidewinder hosted DNS Chapter
Page 341 and 342:
Figure 140: Mail exchanger example
Page 343 and 344:
Advanced configurations Enabling an
Page 345 and 346:
Figure 141: Transparent DNS Configu
Page 347 and 348:
Chapter 11: DNS (Domain Name System
Page 349 and 350:
Entering information on the Forward
Page 351 and 352:
Adding an IP address Figure 146: DN
Page 353 and 354:
About the Zone List window About th
Page 355 and 356:
Figure 147: Master Zone Attributes
Page 357 and 358:
Adding a forward lookup sub-domain
Page 359 and 360:
Figure 148: Master Zone Contents ta
Page 361 and 362:
Adding a new forward lookup entry C
Page 363 and 364:
Table 26: DNS configuration options
Page 365 and 366:
Figure 150: Reconfiguring Sidewinde
Page 367 and 368:
About the Reconfiguring DNS: Sidewi
Page 369 and 370:
DNS message logging Chapter 11: DNS
Page 371 and 372:
12 CHAPTER Electronic Mail In this
Page 373 and 374:
Chapter 12: Electronic Mail Overvie
Page 375 and 376:
Sendmail differences on Sidewinder
Page 377 and 378:
Reconfiguring mail Figure 152: Reco
Page 379 and 380:
Managing sendmail Figure 153: sendm
Page 381 and 382:
Chapter 12: Electronic Mail Editing
Page 383 and 384:
Figure 155: Spamfilter: Whitelist C
Page 385 and 386:
Chapter 12: Electronic Mail Configu
Page 387 and 388:
About the COPY action Chapter 12: E
Page 389 and 390:
Chapter 12: Electronic Mail Configu
Page 391 and 392:
Other sendmail features Creating a
Page 393 and 394:
5 Save the changes you made to file
Page 395 and 396:
Allowing or denying mail on a user
Page 397 and 398:
Chapter 12: Electronic Mail Managin
Page 399 and 400:
13 CHAPTER Setting Up Web Services
Page 401 and 402:
Figure 158: Access to your Web serv
Page 403 and 404:
Figure 161: Option 2: The Web proxy
Page 405 and 406:
Setting up Web access using the HTT
Page 407 and 408:
Using the Web proxy server Figure 1
Page 409 and 410:
Configuring the Web proxy server Fi
Page 411 and 412:
Figure 168: Web Proxy Server window
Page 413 and 414:
Configuring Web Proxy Server HTTP f
Page 415 and 416:
Configuring browsers for the Web pr
Page 417 and 418:
Certain browsers on UNIX Chapter 13
Page 419 and 420:
14 CHAPTER Configuring Virtual Priv
Page 421 and 422:
Protecting your information What ar
Page 423 and 424:
Authenticating IKE VPNs Chapter 14:
Page 425 and 426:
Configuring a VPN client Chapter 14
Page 427 and 428:
Authentication Summary Automatic ke
Page 429 and 430:
Chapter 14: Configuring Virtual Pri
Page 431 and 432:
Understanding virtual burbs Chapter
Page 433 and 434:
Create the virtual burb Configure p
Page 435 and 436:
About the Client Address Pools wind
Page 437 and 438:
Adding or modifying a subnet addres
Page 439 and 440:
Figure 178: Client Address Pools: F
Page 441 and 442:
Adding or modifying a client identi
Page 443 and 444:
Table 28: Supported X.500 Attribute
Page 445 and 446:
Single certificate versus Certifica
Page 447 and 448:
Adding a Certificate Authority Chap
Page 449 and 450:
Figure 180: Remote Identities tab A
Page 451 and 452:
Figure 181: Firewall certificates A
Page 453 and 454:
Figure 182: Remote certificates def
Page 455 and 456:
Page 457 and 458:
Selecting a new proxy certificate I
Page 459 and 460:
Figure 185: Import Firewall Certifi
Page 461 and 462:
Page 463 and 464:
Exporting both the certificate and
Page 465 and 466:
About the Security Associations win
Page 467 and 468:
Page 469 and 470:
Configuring password information on
Page 471 and 472:
Entering Certificate + Certificate
Page 473 and 474:
Entering Manual information on the
Page 475 and 476:
Entering information on the Advance
Page 477 and 478:
Figure 191: VPN between two corpora
Page 479 and 480:
Figure 192: One VPN association per
Page 481 and 482:
Page 483 and 484:
Figure 193: One VPN association for
Page 485 and 486:
Page 487 and 488:
Page 489 and 490:
15 CHAPTER Configuring the SNMP Age
Page 491 and 492:
Figure 195: Community name within a
Page 493 and 494:
Figure 196: MIBs supported by the S
Page 495 and 496:
Defining a community name Defining
Page 497 and 498:
Communication with systems in an ex
Page 499 and 500:
16 CHAPTER One-To-Many Clusters In
Page 501 and 502:
Considerations when using One-To-Ma
Page 503 and 504:
Configuring One- To-Many Chapter 16
Page 505 and 506:
Figure 201: One To Many Management
Page 507 and 508:
Chapter 16: One-To-Many Clusters Co
Page 509 and 510:
Chapter 16: One-To-Many Clusters Co
Page 511 and 512:
Chapter 16: One-To-Many Clusters Un
Page 513 and 514:
17 CHAPTER High Availability In thi
Page 515 and 516:
HA configuration options Chapter 17
Page 517 and 518:
You can configure failover HA in on
Page 519 and 520: Configuring the heartbeat burbs Cha
Page 521 and 522: Chapter 17: High Availability Confi
Page 527 and 528: Removing a secondary/standby from a
Page 529 and 530: Managing an HA cluster Features tha
Page 531 and 532: Chapter 17: High Availability Manag
Page 533 and 534: Changing the multicast address Chap
Page 535 and 536: About the Local Parameters tab Chap
Page 537 and 538: Chapter 17: High Availability Manag
Page 539 and 540: 18 CHAPTER Monitoring In this chapt
Page 541 and 542: About the dashboard Viewing device
Page 543 and 544: Figure 211: System information: Dis
Page 545 and 546: Figure 213: Network Traffic: Interf
Page 547 and 548: Viewing IPS attack and system event
Page 549 and 550: Figure 218: Attacks by Service wind
Page 551 and 552: Monitoring Sidewinder G2 status usi
Page 553 and 554: finger Chapter 18: Monitoring Monit
Page 555 and 556: dig Chapter 18: Monitoring Monitori
Page 557 and 558: 19 CHAPTER Auditing and Reporting I
Page 559 and 560: Auditing on the Sidewinder G2 Chapt
Page 561 and 562: Figure 221: Audit Viewing: View Mod
Page 563 and 564: Chapter 19: Auditing and Reporting
Page 565 and 566: Figure 224: Audit Veiwing: Filterin
Page 567 and 568: Attack Description Application Defe
Page 569: Attack Description Chapter 19: Audi
Page 573 and 574: Understanding audit messages Chapte
Page 577 and 578: Generating reports using the Admin
Page 579 and 580: Figure 226: Show Report window Tabl
Page 581 and 582: Report type Description Chapter 19:
Page 583 and 584: Report type Description Table 37: A
Page 585 and 586: Generating reports using Sidewinder
Page 589 and 590: 20 CHAPTER IPS Attack and System Ev
Page 591 and 592: About the IPS Attack Responses wind
Page 593 and 594: Attack Description Application Defe
Page 595 and 596: Chapter 20: IPS Attack and System E
Page 597 and 598: Figure 230: Attack Responses: Setti
Page 599 and 600: Figure 232: System Responses Modify
Page 601 and 602: Event Description system critical a
Page 603 and 604: Figure 233: System Responses: Respo
Page 605 and 606: Sidewinder G2 SNMP traps Chapter 20
Page 607 and 608: Chapter 20: IPS Attack and System E
Page 609 and 610: A APPENDIX Command Line Reference I
Page 611 and 612: Sidewinder G2 area Commands Area De
Page 621 and 622:
About editing Sidewinder G2 files A
Page 623 and 624:
Changing file types in the operatio
Page 625 and 626:
etc/monthly Appendix A: Command Lin
Page 627 and 628:
CRL and certificate retrieval cron
Page 629 and 630:
B APPENDIX Setting Up Network Time
Page 631 and 632:
Figure 235: Sidewinder G2 as an NTP
Page 633 and 634:
Figure 237: NTP conflict: Sidewinde
Page 635 and 636:
Using command line: Appendix B: Set
Page 637 and 638:
C APPENDIX Configuring Dynamic Rout
Page 639 and 640:
Figure 238: Three OSPF protocol pha
Page 641 and 642:
Figure 240: Sidewinder G2 within OS
Page 643 and 644:
Figure 242: OSPF Properties tab Abo
Page 645 and 646:
Configuring the OSPF Area: Interfac
Page 647 and 648:
Configuring the OSPF Areas: Network
Page 649 and 650:
D APPENDIX Configuring Dynamic Rout
Page 651 and 652:
RIP processing on the Sidewinder G2
Page 653 and 654:
Appendix D: Configuring Dynamic Rou
Page 655 and 656:
RIP with Sidewinder G2 not using tr
Page 657 and 658:
Page 659 and 660:
Page 661 and 662:
Enabling/ disabling the routed serv
Page 663 and 664:
E APPENDIX Setting Up SmartFilter S
Page 665 and 666:
4 Click Evaluate this version. 5 Co
Page 667 and 668:
Figure 252: SmartFilter for Web and
Page 669 and 670:
Appendix E: Setting Up SmartFilter
Page 671 and 672:
F APPENDIX Basic Troubleshooting In
Page 673 and 674:
Restoring access to the Admin Conso
Page 675 and 676:
Appendix F: Basic Troubleshooting B
Page 677 and 678:
Restoring system files Appendix F:
Page 679 and 680:
8 [Conditional] If needed, change p
Page 681 and 682:
Appendix F: Basic Troubleshooting R
Page 683 and 684:
Adding hardware to an active Sidewi
Page 685 and 686:
Recovering when the licensed NIC fa
Page 687 and 688:
What to do if the boot process fail
Page 689 and 690:
If you forget your administrator pa
Page 691 and 692:
Interpreting beep patterns Table 45
Page 693 and 694:
Troubleshooting proxy rules Appendi
Page 695 and 696:
Appendix F: Basic Troubleshooting T
Page 697 and 698:
Understanding FTP and Telnet connec
Page 699 and 700:
Active firewall list: 10.10.10.7 St
Page 701 and 702:
Appendix F: Basic Troubleshooting T
Page 703 and 704:
Why did NTP stop? Appendix F: Basic
Page 705 and 706:
GLOSSARY ACE/Server A server made b
Page 707 and 708:
Glossary burb A set of one or more
Page 709 and 710:
Glossary external DNS External DNS
Page 711 and 712:
ISAKMP (internet security associati
Page 713 and 714:
ODBC (Open Database Connectivity) G
Page 715 and 716:
eference implementation An IETF ter
Page 717 and 718:
Glossary subnet A network addressin
Page 719 and 720:
INDEX A A record (address record) 3
Page 721 and 722:
B backup backup_file_list 51 comple
Page 723 and 724:
domains access 7 Admn 8 checking 49
Page 725 and 726:
Internet server 317 InterNIC 529 IP
Page 727 and 728:
networks connections report 527 int
Page 729 and 730:
R RADIUS authentication 281, 292 Re
Page 731 and 732:
Sidewinder G2 Enterprise Manager xx
Page 733 and 734:
user passwords 137 users changing p
Page 736:
The Sidewinder G2 ® Security Appli
show all

Sidewinder G2 6.1.2 Administration Guide - Glossary of Technical ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?