Sidewinder G2 6.1.1 Administration Guide - Glossary of Technical ...

More documents

Recommendations

Info

Managing an HA cluster 16-30 High Availability
C HAPTER 17 Alarm Events and Responses About this chapter This chapter explains alarm events and assists you in configuring alarm events and event responses for your site. This chapter includes the following topics: Configuring alarm events and event responses “Configuring alarm events and event responses” on page 17-1 “Example alarm event scenario” on page 17-13 “Sample Strikeback results” on page 17-15 “Ignoring network probe attempts” on page 17-17 “Checking system status” on page 17-19 “Checking network status” on page 17-22 Sidewinder G2 alarm events (also referred to as auditbots) allow you to monitor your network for potentially threatening activities ranging from an attempted attack to an audit overflow. Using the Admin Console, you can configure how many events for a particular alarm must occur within a particular time frame before an event response is triggered. When activity that matches alarm event criteria is encountered, the event response you configured for that alarm event determines how the Sidewinder G2 will respond. The Sidewinder G2 can be configured to respond by notifying an administrator of the event via email or pager, as well as performing a Strikeback. You can configure Strikebacks to gather information about users who are making network access violations, and track down additional information regarding an attempted attack. You can also configure a Strikeback to ignore packets from a particular host for a specified period of time. The configuration options you select will depend mainly on your site’s security policy and to some extent on your own experiences using the features. You may want to start with the default options and make adjustments as necessary to meet your site’s needs. 17 Alarm Events and Responses 17-1
Page 1:
ADMINISTRATION GUIDE
Page 5 and 6:
Copyright © 2005 Secure Computing
Page 7 and 8:
Other Terms and Conditions This pro
Page 9 and 10:
Table of Contents Chapter 1: Introd
Page 11 and 12:
Table of Contents Enabling and disa
Page 13 and 14:
Table of Contents Creating SNMP App
Page 15 and 16:
Table of Contents About Sidewinder
Page 17 and 18:
Table of Contents Configuring the S
Page 19 and 20:
Table of Contents Active connection
Page 21 and 22:
Table of Contents RIP with the Side
Page 23 and 24:
Who should read this guide What is
Page 25 and 26:
Chapter title Description Chapter 1
Page 27 and 28:
Online help Where to find additiona
Page 29 and 30:
C HAPTER 1 Introduction About this
Page 31 and 32:
Figure 1-2. Protecting multiple net
Page 33 and 34:
The Type Enforced environment Table
Page 35 and 36:
Figure 1-3. Example of domain separ
Page 37 and 38:
Additional Sidewinder G2 operating
Page 39 and 40:
Proxy software and access control A
Page 41 and 42:
Page 43 and 44:
Page 45 and 46:
Page 47 and 48:
C HAPTER 2 Administrator’s Overvi
Page 49 and 50:
Figure 2-1. Sidewinder G2 administr
Page 51 and 52:
Figure 2-2. Admin Console Login win
Page 53 and 54:
Figure 2-3. Feature Notification wi
Page 55 and 56:
About the top portion of the Admin
Page 57 and 58:
Admin Console conventions Admin Con
Page 59 and 60:
Figure 2-5. File Editor window Abou
Page 61 and 62:
Figure 2-7. Backup File window Ente
Page 63 and 64:
Remote administration using Secure
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Figure 2-10. sshd Server Configurat
Page 71 and 72:
Administering Sidewinder G2 using T
Page 73 and 74:
C HAPTER 3 General System Tasks Abo
Page 75 and 76:
Figure 3-1. System Shutdown window
Page 77 and 78:
Setting up and maintaining administ
Page 79 and 80:
Figure 3-3. Administrator Informati
Page 81 and 82:
Changing passwords Setting the syst
Page 83 and 84:
Using system roles to access type e
Page 85 and 86:
Configuration file backup and resto
Page 87 and 88:
What is backed up and restored What
Page 89 and 90:
Configuration file backup and resto
Page 91 and 92:
Activating the Sidewinder G2 licens
Page 93 and 94:
From a workstation that has Web acc
Page 95 and 96:
Figure 3-8. Firewall License: Compa
Page 97 and 98:
Figure 3-10. Firewall License: Enro
Page 99 and 100:
Protected host licensing and the Ho
Page 101 and 102:
Figure 3-11. Determining which VPN
Page 103 and 104:
Table 3-3. Sidewinder G2 servers Se
Page 105 and 106:
Configuring the synchronization ser
Page 107 and 108:
Figure 3-14. Scanner: Advanced tab
Page 109 and 110:
Figure 3-15. Scanner: Signature tab
Page 111 and 112:
Configuring the shund server Figure
Page 113 and 114:
Figure 3-18. IDS Configuration: Shu
Page 115 and 116:
Figure 3-20. Software Management: I
Page 117 and 118:
Loading and installing patches 5. C
Page 119 and 120:
Loading and installing patches 3. S
Page 121 and 122:
Modifying the burb configuration 2.
Page 123 and 124:
Modifying the Configuration tab Mod
Page 125 and 126:
About the Aliases: New/ Modify Netw
Page 127 and 128:
Modifying the static route About th
Page 129 and 130:
About the SSL certificate fields fo
Page 131 and 132:
Figure 3-26. UPS Configuration wind
Page 133 and 134:
C HAPTER 4 Understanding Policy Con
Page 135 and 136:
Figure 4-2. Example of active rules
Page 137 and 138:
Policy configuration basics The fol
Page 139 and 140:
Rule elements Network objects—Ne
Page 141 and 142:
Figure 4-4. User Groups user group
Page 143 and 144:
Rule elements If an organization re
Page 145 and 146:
Example of a rule that uses a servi
Page 147 and 148:
Application Defenses You can also c
Page 149 and 150:
Proxy rule basics Table 4-4. Applic
Page 151 and 152:
Proxy rule basics the user request
Page 153 and 154:
Proxy rule basics Table 4-5 summari
Page 155 and 156:
Table 4-7. Proxy rules for sample c
Page 157 and 158:
Table 4-9. Proxy rules for the adva
Page 159 and 160:
Mutually exclusive rules for Transp
Page 161 and 162:
Figure 4-7. IP Filtering on non-TCP
Page 163 and 164:
Figure 4-8. IP Filtering on TCP/UDP
Page 165 and 166:
Setting the IP Filter NAT port rewr
Page 167 and 168:
Figure 4-11. "Source port" NAT IP F
Page 169 and 170:
C HAPTER 5 Creating Rule Elements A
Page 171 and 172:
Creating users and user groups Mod
Page 173 and 174:
About the Group Information tab Abo
Page 175 and 176:
About the User Password tab Creatin
Page 177 and 178:
Figure 5-4. User Group Membership w
Page 179 and 180:
Figure 5-6. New Network Object wind
Page 181 and 182:
Entering domain information Figure
Page 183 and 184:
Figure 5-9. IP Address network obje
Page 185 and 186:
About the Netmap Members window Cre
Page 187 and 188:
Figure 5-12. Network Object: netgro
Page 189 and 190:
Creating service groups Figure 5-14
Page 191 and 192:
C HAPTER 6 Configuring Application
Page 193 and 194:
Viewing Application Defense informa
Page 195 and 196:
Figure 6-2. Application Defense: We
Page 197 and 198:
Creating Web or Secure Web Applicat
Page 199 and 200:
Page 201 and 202:
Figure 6-5. Web/Secure Web: HTTP Re
Page 203 and 204:
Figure 6-6. Web/Secure Web: MIME/Vi
Page 205 and 206:
Page 207 and 208:
Page 209 and 210:
Creating Web Cache Application Defe
Page 211 and 212:
Creating Mail Application Defenses
Page 213 and 214:
Figure 6-10. Mail Size tab Creating
Page 215 and 216:
Creating Mail Application Defenses
Page 217 and 218:
Figure 6-12. Mail MIME/ Virus tab A
Page 219 and 220:
Configuring MIME filtering rules Cr
Page 221 and 222:
Creating Citrix Application Defense
Page 223 and 224:
Creating FTP Application Defenses F
Page 225 and 226:
Figure 6-16. Application Defenses:
Page 227 and 228:
Creating Multimedia Application Def
Page 229 and 230:
Figure 6-18. Application Defenses:
Page 231 and 232:
Creating SOCKS Application Defenses
Page 233 and 234:
Creating SNMP Application Defenses
Page 235 and 236:
Figure 6-22. Example of OID numberi
Page 237 and 238:
Figure 6-24. Application Defense Gr
Page 239 and 240:
Configuring connection properties d
Page 241 and 242:
C HAPTER 7 Creating Rules and Group
Page 243 and 244:
Viewing rules and rule groups You c
Page 245 and 246:
Entering information on the Proxy R
Page 247 and 248:
Creating proxy rules 5. [Optional]
Page 249 and 250:
Figure 7-4. Proxy Rule: Time tab Cr
Page 251 and 252:
Figure 7-5. Proxy Rule: Application
Page 253 and 254:
Figure 7-6. IP Filter Rules window
Page 255 and 256:
About the IP Filter Source/ Dest ta
Page 257 and 258:
Figure 7-8. IP Filter Time tab Crea
Page 259 and 260:
Creating and managing rule groups C
Page 261 and 262:
Figure 7-10. Modify Groups window A
Page 263 and 264:
Figure 7-11. Active Rules window Ab
Page 265 and 266:
Figure 7-13. IP Filter General Prop
Page 267 and 268:
C HAPTER 8 Configuring Proxies Abou
Page 269 and 270:
Proxy basics Important: Network att
Page 271 and 272:
Redirected proxy connections Config
Page 273 and 274:
Figure 8-2. Address redirection for
Page 275 and 276:
Standard Sidewinder G2 proxies Prox
Page 277 and 278:
Proxy Name Type and Port Descriptio
Page 279 and 280:
Proxy Name Type and Port Descriptio
Page 281 and 282:
Notes on selected proxy configurati
Page 283 and 284:
Notes on using the FTP proxy Notes
Page 285 and 286:
Sun RPC proxy considerations Notes
Page 287 and 288:
Figure 8-5. News server behind the
Page 289 and 290:
Page 291 and 292:
Page 293 and 294:
Page 295 and 296:
Proxy Name—Displays the name of t
Page 297 and 298:
Figure 8-7. ica proxy Advanced tab
Page 299 and 300:
Configuring connection ports Settin
Page 301 and 302:
C HAPTER 9 Setting Up Authenticatio
Page 303 and 304:
Administrator authentication Authen
Page 305 and 306:
Supported authentication methods Su
Page 307 and 308:
Supported authentication methods Wh
Page 309 and 310:
Authentication process overview Aut
Page 311 and 312:
Users, groups, and authentication C
Page 313 and 314:
Configuring authentication services
Page 315 and 316:
Figure 9-1. SSO Cached Authenticati
Page 317 and 318:
Figure 9-3. LDAP configuration wind
Page 319 and 320:
Figure 9-4. Password Configuration
Page 321 and 322:
Adding or modifying a RADIUS server
Page 323 and 324:
Figure 9-7. SecurID Configuration w
Page 325 and 326:
Figure 9-8. SNK Configuration windo
Page 327 and 328:
Adding or modifying a Windows domai
Page 329 and 330:
Configuring SSO b. In the Edit Logi
Page 331 and 332:
Setting up authentication for servi
Page 333 and 334:
Setting up authentication for admin
Page 335 and 336:
Allowing users to change their pass
Page 337 and 338:
. Select Manual Proxy Configuration
Page 339 and 340:
C HAPTER 10 Domain Name System (DNS
Page 341 and 342:
What is DNS? In a hosted DNS config
Page 343 and 344:
Figure 10-1. Mail exchanger example
Page 345 and 346:
Enabling and disabling your DNS ser
Page 347 and 348:
Managing your current DNS configura
Page 349 and 350:
Configuring hosted DNS servers Figu
Page 351 and 352:
Figure 10-6. DNS Server Configurati
Page 353 and 354:
Entering information on the Advance
Page 355 and 356:
Figure 10-7. DNS Zones window Confi
Page 357 and 358:
About the Zone List window About th
Page 359 and 360:
Figure 10-8. Master Zone Attributes
Page 361 and 362:
Adding a forward lookup sub-domain
Page 363 and 364:
Figure 10-9. Master Zone Contents t
Page 365 and 366:
Adding a new forward lookup entry C
Page 367 and 368:
Reconfiguring DNS Reconfiguring DNS
Page 369 and 370:
Figure 10-10. Reconfigure transpare
Page 371 and 372:
About the Reconfiguring DNS: Sidewi
Page 373 and 374:
Manually editing DNS configuration
Page 375 and 376:
C HAPTER 11 Electronic Mail About t
Page 377 and 378:
Overview of e-mail on Sidewinder G2
Page 379 and 380:
Sendmail differences on Sidewinder
Page 381 and 382:
Managing sendmail Managing sendmail
Page 383 and 384:
Figure 11-2. Reconfigure Mail windo
Page 385 and 386:
Figure 11-3. Sidewinder G2 mailerta
Page 387 and 388:
Configuring advanced antispam optio
Page 389 and 390:
Configuring the policy.cfg file Con
Page 391 and 392:
About the COPY action Configuring a
Page 393 and 394:
Configuring advanced anti-spam opti
Page 395 and 396:
Redirecting mail to a different des
Page 397 and 398:
Other sendmail features You can con
Page 399 and 400:
Figure 11-5. Type of relayed messag
Page 401 and 402:
Managing mail queues Managing mail
Page 403 and 404:
C HAPTER 12 Setting Up Web Services
Page 405 and 406:
Figure 12-3. Access to the internal
Page 407 and 408:
Figure 12-5. Option 2: The Web prox
Page 409 and 410:
Figure 12-7. Standard (transparent)
Page 411 and 412:
Using the HTTP proxy 4. Create an H
Page 413 and 414:
Using the Web proxy server Caching
Page 415 and 416:
Figure 12-10. Web proxy server wind
Page 417 and 418:
Figure 12-12. Web Proxy Server wind
Page 419 and 420:
Configuring Web Proxy Server HTTP f
Page 421 and 422:
Configuring browsers for the Web pr
Page 423 and 424:
Internet Explorer 5.x/6.x Configuri
Page 425 and 426:
1 C HAPTER 13 Configuring Virtual P
Page 427 and 428:
Protecting your information What ar
Page 429 and 430:
Sidewinder G2 VPN overview To preve
Page 431 and 432:
Configuring hardware acceleration f
Page 433 and 434:
Sidewinder G2 VPN overview Implemen
Page 435 and 436:
Configuring the ISAKMP server Figur
Page 437 and 438:
Configuring the Certificate server
Page 439 and 440:
Understanding virtual burbs Underst
Page 441 and 442:
Understanding virtual burbs You can
Page 443 and 444:
Figure 13-5. Client Address Pools A
Page 445 and 446:
Figure 13-6. Client Address Pools:
Page 447 and 448:
Page 449 and 450:
Page 451 and 452:
Adding or modifying a client identi
Page 453 and 454:
Configuring Certificate Management
Page 455 and 456:
Single certificate versus Certifica
Page 457 and 458:
About the Certificate Authorities t
Page 459 and 460:
Figure 13-8. Remote Identities tab
Page 461 and 462:
Figure 13-9. Firewall certificates
Page 463 and 464:
Page 465 and 466:
Page 467 and 468:
Figure 13-11. SSL Certificates tab
Page 469 and 470:
Figure 13-3. Load Certificate for P
Page 471 and 472:
Figure 13-13. Import Remote Certifi
Page 473 and 474:
Figure 13-14. Export Firewall Certi
Page 475 and 476:
Configuring VPN Security Associatio
Page 477 and 478:
Figure 13-16. Security Associations
Page 479 and 480:
Page 481 and 482:
Configuring password information on
Page 483 and 484:
Entering Certificate + Certificate
Page 485 and 486:
Entering Single Certificate informa
Page 487 and 488:
Page 489 and 490:
Example VPN Scenarios Example VPN S
Page 491 and 492:
Example VPN Scenarios How it is don
Page 493 and 494:
Example VPN Scenarios All clients
Page 495 and 496:
Example VPN Scenarios c. Click New.
Page 497 and 498:
The assumptions This VPN scenario a
Page 499 and 500:
Example VPN Scenarios 2. In the Adm
Page 501 and 502:
Example VPN Scenarios a. On the Cer
Page 503 and 504:
C HAPTER 14 Configuring the SNMP Ag
Page 505 and 506:
Figure 14-2. Community name within
Page 507 and 508:
SNMP and Sidewinder G2 IPSEC_FAILU
Page 509 and 510: Figure 14-3. MIBs supported by the
Page 511 and 512: Defining a community name Setting u
Page 513 and 514: Communication with systems in an ex
Page 515 and 516: C HAPTER 15 One-To-Many Clusters Ab
Page 517 and 518: Overview DNS services must be conf
Page 519 and 520: Figure 15-2. Sample network configu
Page 521 and 522: Configuring One-To-Many b. In the P
Page 523 and 524: Configuring One-To-Many 3. In the R
Page 525 and 526: About the Modify Primary Address wi
Page 527 and 528: Understanding the One-To-Many tree
Page 529 and 530: Understanding the One-To-Many tree
Page 531 and 532: C HAPTER 16 High Availability About
Page 533 and 534: HA configuration options HA configu
Page 535 and 536: You can configure failover HA in on
Page 537 and 538: Configuring HA — DNS configuratio
Page 539 and 540: Configuring HA 8. Select the HA con
Page 541 and 542: Configuring HA Cluster ID—Select
Page 543 and 544: Joining a Sidewinder G2 to an exist
Page 545 and 546: Configuring HA 8. Click Next. The S
Page 547 and 548: Removing the primary from an HA clu
Page 549 and 550: Figure 16-3. Special HA and Interfa
Page 551 and 552: About the Common Parameters tab Man
Page 553 and 554: Changing the multicast address Mana
Page 555 and 556: Figure 16-2. Local Parameters tab A
Page 557 and 558: Managing an HA cluster Scheduling a
Page 559: Connecting directly to a secondary/
Page 563 and 564: Table 17-1. Alarm event column desc
Page 565 and 566: Filter Name Description Configuring
Page 567 and 568: Configuring alarm events and event
Page 569 and 570: Figure 17-3. Event Response tab Abo
Page 571 and 572: Configuring alarm events and event
Page 573 and 574: Example alarm event scenario Exampl
Page 575 and 576: Sample Strikeback results Sample St
Page 577 and 578: Ignoring network probe attempts Ign
Page 579 and 580: Checking system status Checking sys
Page 581 and 582: Rlg0 7418 p2 IW+ 0:01.30.u (tcsh) t
Page 583 and 584: Network interfaces Checking network
Page 585 and 586: Checking network status ; Dig 2.1
Page 587 and 588: C HAPTER 18 Monitoring, Auditing, a
Page 589 and 590: Monitoring Sidewinder G2 status Fig
Page 591 and 592: Auditing on the Sidewinder G2 Audit
Page 593 and 594: Figure 18-3. Audit Viewing: View Mo
Page 595 and 596: Figure 18-4. Snapshot Audit Data wi
Page 597 and 598: Figure 18-5. Export Audit Data wind
Page 599 and 600: Figure 18-6. Audit Filtering tab Ab
Page 601 and 602: Filter Type Description Auditing on
Page 603 and 604: Example 2: Filtering for services a
Page 605 and 606: Field Description src_burb Specify
Page 607 and 608: Logging application messages using
Page 609 and 610: Generating and viewing reports usin
Page 611 and 612:
Figure 18-7. Firewall Reports windo
Page 613 and 614:
Report Type Description Generating
Page 615 and 616:
Report Type Description Generating
Page 617 and 618:
Using third party reporting tools U
Page 619 and 620:
Using third party reporting tools 3
Page 621 and 622:
A A PPENDIX A Command Line Referenc
Page 623 and 624:
Sidewinder G2 area Commands Area De
Page 625 and 626:
Page 627 and 628:
Page 629 and 630:
Page 631 and 632:
Working with files on the Sidewinde
Page 633 and 634:
Changing a file’s type (chtype) W
Page 635 and 636:
Understanding automatic (cron) jobs
Page 637 and 638:
Understanding automatic (cron) jobs
Page 639 and 640:
A A PPENDIX B Setting Up Network Ti
Page 641 and 642:
Figure B-2. Sidewinder G2 as an NTP
Page 643 and 644:
Figure B-4. NTP conflict: Sidewinde
Page 645 and 646:
Configuring NTP on a Sidewinder G2
Page 647 and 648:
A A PPENDIX C Configuring Dynamic R
Page 649 and 650:
Overview All OSPF routers on a netw
Page 651 and 652:
Figure C-3. Sidewinder G2 within OS
Page 653 and 654:
Figure C-5. OSPF Properties tab Abo
Page 655 and 656:
Figure C-6. OSPF Area tab Setting u
Page 657 and 658:
Authentication Information window F
Page 659 and 660:
Configuring "passive" OSPF Other im
Page 661 and 662:
A A PPENDIX D Configuring Dynamic R
Page 663 and 664:
RIP processing on the Sidewinder G2
Page 665 and 666:
RIP with the Sidewinder G2 using tr
Page 667 and 668:
If connection is lost between Route
Page 669 and 670:
Figure D-4. RIP with the Sidewinder
Page 671 and 672:
RIP with the Sidewinder G2 NOT usin
Page 673 and 674:
Configuring RIP on the Sidewinder G
Page 675 and 676:
Enabling/ disabling the routed serv
Page 677 and 678:
A A PPENDIX E Setting Up SmartFilte
Page 679 and 680:
Subscribing to the SmartFilter Cont
Page 681 and 682:
Figure E-1. SmartFilter window: Gen
Page 683 and 684:
Figure E-2. SmartFilter Advanced ta
Page 685 and 686:
Editing the SmartFilter files Table
Page 687 and 688:
Table E-2. Category Codes Editing t
Page 689 and 690:
A A PPENDIX F Basic Troubleshooting
Page 691 and 692:
Restoring access to the Admin Conso
Page 693 and 694:
Backing up system files The Sidewin
Page 695 and 696:
Performing an incremental backup Ba
Page 697 and 698:
Table F-2. Sidewinder G2 restore sc
Page 699 and 700:
Restoring system files Performing a
Page 701 and 702:
Table F-3. Restore Script Commands
Page 703 and 704:
To add hardware, follow these steps
Page 705 and 706:
Re-imaging your Sidewinder G2 Syste
Page 707 and 708:
If you forget your administrator pa
Page 709 and 710:
Interpreting beep patterns Interpre
Page 711 and 712:
What you hear What it means What yo
Page 713 and 714:
Troubleshooting proxy rules To dete
Page 715 and 716:
Starting the rule monitoring tool (
Page 717 and 718:
Troubleshooting High Availability T
Page 719 and 720:
Troubleshooting High Availability N
Page 721 and 722:
Troubleshooting High Availability N
Page 723 and 724:
Why did NTP stop? Troubleshooting N
Page 725 and 726:
R EFERENCE Glossary ACE/Server A se
Page 727 and 728:
Glossary BSD/OS The operation syste
Page 729 and 730:
Glossary event response A response
Page 731 and 732:
Glossary internal DNS Manages DNS i
Page 733 and 734:
Glossary network-layer proxy Also k
Page 735 and 736:
Glossary proxy A software agent tha
Page 737 and 738:
Glossary SecureOS The UNIX-based op
Page 739 and 740:
URL (universal resource locator) Gl
Page 741 and 742:
A R EFERENCE Index A record (addres
Page 743 and 744:
ackup_file_list 3-15 complete (full
Page 745 and 746:
checking 3-12 creator A-12 current
Page 747 and 748:
overview 1-12 IP sniffing 1-2 IP sp
Page 749 and 750:
NNTP 8-19 nntp proxy 8-11 non-trans
Page 751 and 752:
to operational kernel command 3-4 r
Page 753 and 754:
smartfilter.site file E-9 SMTP 11-2
Page 755 and 756:
certificate authority 13-27 certifi
Page 758:
The Sidewinder G2 ® Security Appli
show all

Sidewinder G2 6.1.1 Administration Guide - Glossary of Technical ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?