Alcatel-Lucent OMNIVISTA SAFEGUARD MANAGER User Manual

OmniVista SafeGuard Manager
Release 3.0
Administration Guide
PART NUMBER: 005-0034 REV A1
UBLISHED: MARCH 2007
P
A
LCATEL-LUCENT
26801 WEST AGOURA ROAD CALABASAS, CA 91301 USA (818) 880-3500
Alcatel-Lucent Proprietary
Copyright © 2007 Alcatel-Lucent. All rights reserved. This document may not be reproduced in whole or in part without the expressed written permission Alcatel-Lucent. Alcatel-Lucent ® and the Alcatel­Lucent logo are registered trademarks of Alcatel-Lucent. All other trademarks are the property of their respective owners.
2
OmniVista SafeGuard Manager Administration Guide

Contents

Preface
About This Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Guide Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
Conventions Used in This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Chapter 1: Getting Started
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Key Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
System Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
OmniVista SafeGuard Manager Client Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Starting the Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Installing the Client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
Logging In to the Client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
Navigation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Dashboards. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Menus. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
Page Bar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
Action Bar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Viewing Tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
Modifying Your Password. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Adding a Device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Chapter 2: Installation and Setup
Installing the OmniVista SafeGuard Manager Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
Upgrading the OmniVista SafeGuard Manager Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
Pre-Upgrade Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
Uninstalling the Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34
Starting the Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Shutting Down the Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36
OmniVista SafeGuard Manager Administration Guide
3
Contents
Installing the OmniVista SafeGuard Manager Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37
Logging into the OmniVista SafeGuard Manager Client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Connecting Over Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41
Chapter 3: General Navigation
Viewing Visualization Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44
Viewing Table Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Navigating between Different Table Views. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47
Choosing Columns in a Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48
Searching and Sorting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Searching Table Data Locally. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51
Sorting Table Data Locally. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51
Searching and Sorting Data in the Entire Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Exporting and Printing Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53
Using the Status Bar. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54
Chapter 4: Visualization
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Dashboards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57
Security Incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
User Sessions with Incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62
Network Awareness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Configuring Dashboards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Defining Modules within a Dashboard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69
Defining Bars within a Module. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .76
Viewing Visualization Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Viewing Policy Incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79
Viewing Malware Incidents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Viewing Posture Incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84
Viewing User Sessions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85
Viewing Application Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Viewing Application Instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Viewing Application Flows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90
Creating Policy Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91
Viewing Time-based Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Additional Time-based Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Viewing Active Data Against Historical Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
4
OmniVista SafeGuard Manager Administration Guide
Chapter 5: Device Configuration
Managing Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98
Checking a Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98
Adding a New Device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98
Configuring Device Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103
Application Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Application Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Network Zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .107
Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109
Role Derivations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .119
Roles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122
LDAP Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125
Editing Device Objects. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .127
Editing Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Templates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Creating a New Template. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .133
Importing Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .134
Contents
Deleting an Existing Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Polling a Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .137
Synchronizing a Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .137
Manually Synchronizing a Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Device Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138
Manage Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .139
Manage Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .144
Reboot Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .149
Refresh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .150
Other Actions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .152
Execute Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153
ICS Admin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .154
Delete Visualization Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .154
Update Template. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .155
Discard Non-template Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .156
Understanding Device Management Display. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Recommended Device Management Workflow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159
Chapter 6: Query and Reports
Query . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .162
Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166
Defining a Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166
Scheduling a Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .169
Generating a Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
OmniVista SafeGuard Manager Administration Guide
5
Contents
Chapter 7: Managing the Server
User Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .174
Authentication Guidelines. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Adding a New User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Enabling Dual-Admin or 4-Eye Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .178
File Repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
Client Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .182
Server Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .183
Setting Visualization Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .183
Exporting the Database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .186
Purging the Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .188
Backing Up the Database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .189
Restoring the Database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .191
Mailing Malware and Report Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .192
Periodic Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .194
General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195
Chapter 8: Audit Logs and Statistics
Audit Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
OmniVista SafeGuard Manager Log Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .199
Device Health . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .201
Viewing Device Health Statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .202
Server Health . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .204
Viewing Server Health Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .205
Index
6
OmniVista SafeGuard Manager Administration Guide

Preface

In this preface:
About This Guide
Conventions Used in This Guide
Related Documentation
Preface

About This Guide

This guide describes the OmniVista SafeGuard Manager command center features, including how to use and navigate through different views. This guide also provides detailed installation procedures for the server and client.

Intended Audience

The OmniVista SafeGuard Manager Administration Guide is for experienced network administrators who are responsible for installing, configuring, and maintaining the Alcatel-Lucent devices and OmniVista SafeGuard Manager command center.

Guide Overview

The information in this guide is separated into several chapters to make it easy for you to find exactly what you are looking for.
Chapter Description
Chapter 1, Getting Started Provides installation procedures and a brief overview
of the key features of the OmniVista SafeGuard Manager command center.
Chapter 2, Installation and Setup
Chapter 3, General Navigation
Chapter 4, Visualization Describes the configuration of dashboards and the
Chapter 5, Device Configuration
Chapter 6, Query and Reports Describes the creation, printing, and viewing of
Chapter 7, Managing the Server
Provides detailed installation and setup instructions.
Describes different navigation techniques such as, search and sorting.
checking of user activity, health of the host system, violation histories, and other network activity.
Provides instructions for configuring device objects and templates.
reports on network traffic and incidents. Describes client settings, user accounts, and user
authentication. Additionally, it describes server settings: how to restore, purge, or back up the database and set up the OmniVista SafeGuard Manager mailer so email notifications can be sent on Malware events and reports.
Chapter 8, Audit Logs and Statistics
8
Provides audit log information and device and server health and statistics.
OmniVista SafeGuard Manager Administration Guide

Conventions Used in This Guide

This document uses the following conventions:
Italic Italics are used the first time a glossary term is introduced,
for the titles of books, and for menu items.
Bulleted lists Bulleted lists designate items of equal importance.
1 Numbered lists Numbered lists designate a specific sequence of steps
required to complete a procedure. Boldface type Boldface type is used for button names. Code Code excerpts and command line sequences are
shown in this type face.
Ellipsis.... Is used in code and argument syntax to indicate that
inconsequential information is not shown.
Preface
NOTE: Means readers pay special attention to the information. Notes contain helpful suggestions or references to materials covered in the guide.
CAUTION: Informs users to be careful of situation described in Cautions. In this situation, you could do something that could result in deletion of information or damage of equipment.
WARNING: Informs users of safety conditions. In this situation, you could do something that could result in bodily injury or electric shock.
OmniVista SafeGuard Manager Administration Guide
9
Preface

Related Documentation

OmniAccess SafeGuard Controller Installation Guide
Describes the OmniAccess SafeGuard Controller. The guide provides detailed installation instructions and technical specifications for the OmniAccess SafeGuard Controller.
OmniAccess SafeGuard OS Administration Guide
Provides concepts and configuration instructions for the major features of OmniAccess SafeGuard OS and its supported products, which includes End Point Validation (EPV) the integral component for using ICS.
ICS Dissolvable Agent for SafeGuard Administration Guide
Describes how to configure the Integrity Clientless Security (ICS) module of the Alcatel-Lucent Network Admission Control (NAC).

Additional Resources

Alcatel-Lucent publishes documents for Alcatel-Lucent customers at:
www.Alcatel-Lucent.com
10
OmniVista SafeGuard Manager Administration Guide
chapter

Getting Started

1
This section includes the following:
Overview
Key Features
Getting Started
Navigation
Viewing Tips
Modifying Your Password
Adding a Device
Chapter 1: Getting Started

Overview

The OmniVista SafeGuard Manager command center provides centralized and easy-to­use management of one or more Alcatel-Lucent devices, enabling network administrators to perform basic configuration, management, and monitoring of several devices in a single interface. OmniVista SafeGuard Manager provides the foundation for gaining usage awareness and flagging network security incidents by users; it also enables global policy configuration with the ability to take real-time action from the control panel. Powerful predefined reports provide clear views on enterprise network health and user actions.
Unlike traditional network management systems that report at the MAC or IP level, OmniVista SafeGuard Manager maps events to the network users. A user is identified by the SafeGuard Controller enforcement devices during the authentication phase. This user ID is then bound to the MAC and IP addresses of the computer, such that, that any future communication from that machine is bound to the user ID. This allows an administrator to identify any user incidents or identify the location of the violating machine.
User-based features combined with drillable data navigation enable OmniVista SafeGuard Manager to communicate business information simply at a top level, yet the details are only a click away. This real-time correlation of network incident or awareness events to the user saves hours of manual association and custom scripting.
OmniVista SafeGuard Manager 3.0 supports the following:
Devices: OAG 1000, OAG 2400, OAG 4048x
SafeGuard platform: SafeGuard software release 3.0

Key Features

The OmniVista SafeGuard Manager command center Release 3.0 supports the following features:
Device Configuration—Allows you to manage devices with detailed views of
devices and physical ports. Also keeps your network under a single management system allowing you to select actions on the canned policies and push down to devices.
User Authentication—In addition to local database authentication, OmniVista
SafeGuard Manager users can be authenticated using an external RADIUS server.
12
Visualization Filters—Allows you to set up visualization filters such that you can
selectively view events based on VLAN ID, application type, or user role.
VLAN Filters—Allows you set up visualization filters based on VLAN IDs.
Drillable Database Query—Allows you to execute pre-defined and custom
queries.
OmniVista SafeGuard Manager Administration Guide
Chapter 1: Getting Started
Policy Creation Using Flows—Allows you to create policy filters from data
available in an application flow.
CSV/HTML Report Generator—Allows you to create customized reports with
server-side Scheduler; these reports can be e-mailed and printed easily.
Real-time Incident Dashboard—Displays total number of users, authenticated
and unauthenticated, device health, and policy, posture, and malware incidents. Also displays incidents for unauthenticated users and top user roles with incidents/incident counts. Administrators can remove offending machines off the network and revoke user privileges by de-authenticating users.
Real-time User Incident Dashboard—Displays authentication failures by users,
users with policy, posture, and malware incidents, and top user roles with incidents.
Real-time Awareness Dashboard—Displays top 10 user sessions by bandwidth,
top 10 destinations, top 10 Web Sites, top 10 applications by flow count, bottom 10 applications by flow count, or top 10 applications by bandwidth.
Audit Logs—Provides logs that indicate who did what and when and on which
device. These logs are for user and device operations and can be helpful for auditing purposes.
Device and Server Health—Allows you to collect, view, and store statistics
relating to device or server health. These statistics are helpful in analyzing each device’s performance and its current connections.
Software Upgrade—Allows you to upgrade the software version on the device.
File Distribution—Allows you to manage files in a repository and distribute as
necessary.
Reboot—This feature allows you to reboot the selected device(s).
Online Help—The online help feature is available using the F1 function key.
OmniVista SafeGuard Manager Administration Guide
13
Chapter 1: Getting Started

Getting Started

The OmniVista SafeGuard Manager command center has client and server components. The server runs on a Windows server system, and the client runs on a Windows client system using Internet Explorer. The client can be deployed directly from the server using the Java Web Start technology.
To quickly get started with OmniVista SafeGuard Manager, you need the following:
System Requirements
OmniVista SafeGuard Manager Client Requirements
Starting the Server
Starting the Server
Installing the Client
Logging In to the Client
Dashboards
Menus
Adding a Device

System Requirements

The following requirements are for OmniVista SafeGuard Manager server installation. The software installation enforces these requirements, and exits you out of the installation if the minimum requirements are not met. For more installation information, see Installing the OmniVista SafeGuard Manager Server.
2-GB RAM
60-GB free disk space
NOTE: The disk space is allocated as 5GB for installation and 55GB for data. Installation needs to be performed using the C drive and this drive should have a minimum of 5GB free space; however, data can be saved to the D drive that should have a minimum of 55GB space.
Microsoft Windows Server 2003 (Enterprise, Standard, or Web Edition)
14
NOTE: Microsoft Windows Server 2003 should have SP1 installed. Alcatel-Lucent supports 32 bit versions only.
OmniVista SafeGuard Manager Administration Guide
2.8-GHz processor speed
2 processors
NOTE: The appliance that ships from Alcatel-Lucent meets all these requirements.

OmniVista SafeGuard Manager Client Requirements

The OmniVista SafeGuard Manager client can be run on most Windows systems. Minimum requirements are:
One of the following Windows platforms:
Microsoft Windows Server 2000
Microsoft Windows Server 2003 (Enterprise or Standard)
Chapter 1: Getting Started
Microsoft Windows XP Professional
2.8-GHz single CPU
512-MB RAM
2-GB hard disk
Internet Explorer 6.0 or higher
Screen resolution of 1024 x 768 pixels
Internet connectivity to install Java Web Start
OmniVista SafeGuard Manager Administration Guide
15
Chapter 1: Getting Started

Starting the Server

When you boot up the OmniVista SafeGuard Manager appliance, the OmniVista SafeGuard Manager server is started automatically. However, if you upgraded the software version or re-installed the software, you must manually start the server. For more information on installing, upgrading, or uninstalling, see Installation and Setup.
To manually start the server:
1 Use the Windows shortcut from the Start menu, Programs > OmniVista SafeGuard
Manager > Start Server.
A GUI window displays. This window performs checks to verify that all ports needed for the server are available, starts all the server components as Windows services, and informs you when the server is ready.
2 Click OK to close the window.
The OmniVista SafeGuard Manager server runs in the background. If you now reboot the system, the server should come up automatically.

Installing the Client

The OmniVista SafeGuard Manager client is based on Java Web Start technology, allowing you to install the client automatically with a single click over the network. For more information on client installation, see Installation and Setup.
To install the client:
1 Launch Internet Explorer.
2 Access the OmniVista SafeGuard Manager system by typing the following URL:
http://<server-ip-address>
If the client does not have Java Web Start already installed, you are prompted to install Java Runtime Environment (JRE). Follow the on-screen prompts using the default options to install JRE. Java Web Start is included with JRE.
NOTE: The automatic installation of JRE requires ActiveX controls to be enabled on your Internet Explorer. If ActiveX controls are not enabled, a “download Java Web Start” link displays. Internet Explorer also alerts you if ActiveX controls are not enabled and gives you an option to enable ActiveX controls. You can choose to enable ActiveX controls for automatic installation of Java Web Start, or you can download JRE version 1.5.0 by going to the download link. If you manually install Java Web Start, repeat Step 2.
16
After Java Web Start is installed, the OmniVista SafeGuard Manager client code is downloaded and installed. Java Web Start displays a dialog box informing you
OmniVista SafeGuard Manager Administration Guide
Chapter 1: Getting Started
that the application is authored by Alcatel-Lucent and needs some privileges on your client system (Figure 1).
Figure 1 Security Warning
3 Click Start. A prompt appears asking if you want to create a shortcut on the
desktop.
4 Select Yes to create a shortcut. If you select No, you can still launch the client
using the URL from Step 2.
The client launches. See Logging In to the Client for information on logging procedures.
NOTE: Every time the OmniVista SafeGuard Manager client is launched, it compares its version with the OmniVista SafeGuard Manager server. If the client version is different than that of the server, the client automatically updates itself from the new version of the server.
OmniVista SafeGuard Manager Administration Guide
17
Chapter 1: Getting Started

Logging In to the Client

To log in to the client:
1 Launch the client using either of the following methods:
Double-click on the shortcut that was created on your desktop when you first
installed the client.
Invoke from Internet Explorer by typing the URL (http://ip-address-of-
OmniVistaSafeGuardManager-server).
Launch from the start menu using start menu > OmniVista SafeGuard
Manager > Client
NOTE: If you are launching the client from the server for the first time, you might be prompted to install certain applications. See
Installing the Client for more information.
The Login screen appears (Figure 2).
Figure 2 OmniVista SafeGuard Manager Client Login Screen
2 In the Username field, type
admin as the default user.
18
3 In the Password field, type
password.
OmniVista SafeGuard Manager Administration Guide
4 Click Login. If you are logging in for the first time to the OmniVista SafeGuard
Manager server, the Alcatel-Lucent License Agreement will be displayed. You must accept it to use OmniVista SafeGuard Manager.
NOTE: The license agreement is a one-time acknowledgement for each server and is not displayed for this client or any other client or this server.
The client is successfully launched, and the OmniVista SafeGuard Manager command center panel displays (Figure 3).
Figure 3 OmniVista SafeGuard Manager Dashboard
Chapter 1: Getting Started
OmniVista SafeGuard Manager Administration Guide
19
Menu Bar
Page Bar
Action Bar
Chapter 1: Getting Started

Navigation

When you log into the OmniVista SafeGuard Manager command center, a navigation panel displays that allows you to access the various features by simply clicking a button or using a menu item. You can navigate the OmniVista SafeGuard Manager command center using the following:
Dashboards
Menu Bar
Page Bar
Action Bar
Figure 4 OmniVista SafeGuard Manager Navigation Elements

Dashboards

The OmniVista SafeGuard Manager command center has three dashboards that provide a high-level network summary. These dashboards can be used to further investigate either actionable user incidents or informational and user traffic patterns. For more information on how to use the visualization features of the dashboard, see Visualization. The three dashboards are:
Incidents—Displays total number of users, authenticated and unauthenticated,
User Incidents—Displays authentication failures by users, users with policy,
Network Awareness—Displays various application usage patterns and statistics
device health, and policy, posture, and malware incidents. Administrators can remove offending machines off the network and revoke user privileges by de­authenticating users.
posture, and malware incidents, and top user roles with incidents.
for active users, such as top 10 user sessions by bandwidth, top 10 user sessions with most blocked incidents, top 10 destinations, top 10 Web Sites, and so forth. The modules are automatically refreshed every 5 minutes.
20
OmniVista SafeGuard Manager Administration Guide

Menus

You can access the OmniVista SafeGuard Manager features by selecting menu commands that are located in the menu bar, which is the toolbar located at the top of the screen (Figure 4).

Page Bar

The OmniVista SafeGuard Manager Page Bar icons allow you to access the various features of OmniVista SafeGuard Manager while retaining the context as much as possible. The Page Bar icons provide a quick single-click action that is synonymous with the menu items:
Table 1 Navigating within OmniVista SafeGuard Manager
Chapter 1: Getting Started
Page Bar Icon
Menu Sequence
View > Go To > Dashboard
View > Go To > Policy Incidents
View > Go To > Malware Incidents
View > Go To > Posture Incidents
View > Go To > Users
View > Go To > Applications
View > Go To > Application Instances
Key Sequence
Ctrl + 0 Dashboards Displays Incidents, User Incidents,
Ctrl + 1 Policy
Ctrl + 2 Malware
Ctrl + 3 Posture
Ctrl + 4 Users Displays network activity per user.
Ctrl + 5 Applications Displays network activity per
Ctrl + 6 Application
Displays View Description
and Global Awareness dashboards.
Displays all policy incidents.
Incidents
Displays all malware incidents.
Incidents
Displays all posture Incidents.
Incidents
application.
Displays the user bandwidth
Instances
usage for each user, application type, destination port, and destination IP address.
View > Go To > Application Flows
View > Go To > Reports
OmniVista SafeGuard Manager Administration Guide
Ctrl + 7 Application
Ctrl + 9 Reports Allows you to create and view
Flows
Displays application flows for all application.
reports on network traffic patterns and anomalies.
21
Chapter 1: Getting Started
Table 1 Navigating within OmniVista SafeGuard Manager (continued)
Page Bar Icon
Menu Sequence
View > Go To > Config Management
View > Go To > Audit Logs
View > Go To > Statistics
When you click on any of the Page Bar icons, a table view is displayed that shows the Navigation Tree on the left-side, the contents in the upper-half of the screen and details for the selected object in the lower-half of the screen. The Navigation Tree and the Action Bar change based on the action task selected in the Page Bar.

Action Bar

Key Sequence
Shift + 1 Config
Shift + 2 Audit Logs Displays log entries that are
Shift + 3 Statistics Displays device and server health
Displays View Description
Enables you to manage Alcatel-
Management
Lucent devices, view inventory, and perform minimal configuration of the device system and ports.
relevant for auditing purposes.
statistics.
The Action Bar allows you to access commands, as you need them, by a simple click of a button.
To use the Action Bar, do any of the following:
To choose a command from the bar, click the command button or Actions >
command
To view what a command does, position the mouse over the command button to
see its tooltip.
To close the Action Bar, choose View > Toolbars > Actions.
22
OmniVista SafeGuard Manager Administration Guide

Viewing Tips

The following tips expedite your navigation through the OmniVista SafeGuard Manager Manager panels and windows:
Buttons in the Action Bar are used to execute actions. Select a row and then click
the action button. If an action is not applicable for the selected row, the corresponding button is disabled.
In the table views, some information about the table size is displayed above the
table (the number of rows) and the alarm and infection status is displayed in the status bar below the table.
You can search the data from the visualization database using filters. To view
filters, click Find in the Action Bar. A free-form search field is displayed where you can type keywords to search data displayed in table views. To search the data from the database, click Database Search. A new search and sort header opens at the top of the table header. Click on the search bar of the column to specify the filtering criteria for that column. Click on the sort bar for the column to specify the sort criteria for that column. You can select multi-column sort order. After you have finished setting filters for one or more columns, click Refresh to see the new results. To clear all filters, click Clear. For more information on how to use the search and sort features, see General Navigation.
Chapter 1: Getting Started
Select a row to view detailed information on the selected row.
Right-click on a row to display applicable actions.
OmniVista SafeGuard Manager Administration Guide
23
Chapter 1: Getting Started

Modifying Your Password

The Account Management feature of OmniVista SafeGuard Manager allows an administrator to perform basic modifications to user accounts, such as adding users, changing passwords, and configuring dual-admin.
To modify your password:
1 Select Tools > OmniVista SafeGuard Manager Users > User Accounts... The Account
Management window (Figure 5) displays.
Figure 5 Account Management Window
2 Select one of the following Admin Login Setting:
Standard—requires a single login and password
Dual-admin—requires two logins and passwords
3 Click Apply to apply the login setting.
NOTE: The Enabled checkbox shows the status of the user account.
This is used to indicate whether the user can log in or not. For all user accounts, except admin, when an authentication method is changed from Radius to local, the account is set to “disabled”. The account remains in a disabled state until the administrator resets the password for the account.
4 Select the “admin” user and click Modify to change the password for the “admin”
user. The Modify User Account dialog box (Figure 6) displays.
24
OmniVista SafeGuard Manager Administration Guide
Chapter 1: Getting Started
Figure 6 Modify User Account Dialog Box
5 Modify the password, as needed, and click Modify Password.
6 Click Modify Account if you are changing the admin role or user information.
NOTE: For more information on adding a new user or the different
types of user roles, see User Accounts.

Adding a Device

Before you can visualize any data, you need to add a device. For more information on device management, see Device Configuration.
To add a single device:
1 Select the Device Configuration icon from the Page Bar or select the View > Go To >
Config Management menu item.
2 Click the New icon from the Action Bar.
3 Select Single Device. The New Device (Figure 7) dialog box displays.
OmniVista SafeGuard Manager Administration Guide
25
Chapter 1: Getting Started
Figure 7 New Device Dialog Box
4 Enter the following device attributes:
Table 2 Add Device Attributes
Attribute Description
IP Address The Management IP address of the device. SNMP Community
String (Read)
SNMP Community (Read/Write)
Name Device name. Region Name of the region in which the device is located. Building Name of the building in which the device is located. Enable Application
Flow Collection Associated Template Select a template from the pull-down list that you
Simple Network Management Protocol (SNMP) read community name that was configured when the device was initially set up.
SNMP read/write community name that was configured when the device was initially set up.
Click this box if you want to collect application flow data.
want to associate with the device. For more information on templates, see Templates.
26
OmniVista SafeGuard Manager Administration Guide
Chapter 1: Getting Started
NOTE: Make sure that the attributes are specified correctly; otherwise, adding a device fails producing one of the following error messages, “Device unreachable,” or “Device is not a Alcatel-Lucent device,” or “Unable to communicate with IP Address.”
5 Click OK to add the device. The add process reads the system configuration and
the list of outstanding visualization events from the device using a combination of SNMP and Alcatel-Lucent proprietary OmniVista SafeGuard Manager Visualization Channel.
NOTE:
some of the events may be lost by the time you add the device.
The device displays in the All Devices panel and the device objects display in the Device Hierarchy navigation tree.
NOTE:
strings for the device to be added.
To add multiple devices:
1 Select the Device Configuration icon from the Page Bar or select the View > Go To >
Config Management menu item.
2 Click the New icon from the Action Bar.
3 Select Multi Device. The Create Devices (Figure 8) dialog box displays. You can
populate this table using either the Import From File or the Add Entry option.
Figure 8 Add Multiple Devices
The device periodically ages out the visualization data; therefore,
The device must be reachable with appropriate community
OmniVista SafeGuard Manager Administration Guide
27
Chapter 1: Getting Started
4 Click Import From File to import a list of devices written in a specific format. For
example:
######################################################################### Name: Device List File #Purpose: For bulk device addition into OmniVista SafeGuard Manager Syntax of each line: # ip,read,readwrite,name,region,building,enable-flow-collection-in-true­false # # Example: 172.16.3.125,public,private,controller,R1,B1,true #########################################################################
172.16.3.125,public,private,controller,R1,B1,true
172.16.1.53,public,private,switch,R1,B2,true
5 Click Add Entry to add another entry in the table. This can be used to create a list.
6 The following device attributes are displayed:
Table 3 Add Device Attributes
Attribute Description
Select Device Select the Select Device checkbox to select all
devices in the list. Device Show the device name with its IP address. IP Address The Management IP address of the device. SNMP Community
String (Read)
Simple Network Management Protocol (SNMP) read
community name that was configured when the
device was initially set up. SNMP Community
(Read/Write)
SNMP read/write community name that was
configured when the device was initially set up. Device Name Device name. Action Status Status of the action you selected.
7 Click Clear Entries to clear all entries from the table.
8 Click Execute. The server schedules and processes each entry and provides
feedback and action detail in the Action Status column.
28
OmniVista SafeGuard Manager Administration Guide
chapter

Installation and Setup

2
This section includes the following:
Installing the OmniVista SafeGuard Manager Server
Upgrading the OmniVista SafeGuard Manager Server
Uninstalling the Server
Starting the Server
Shutting Down the Server
Installing the OmniVista SafeGuard Manager Client
Installing the OmniVista SafeGuard Manager Client
Logging into the OmniVista SafeGuard Manager Client
Connecting Over Firewall
Chapter 2: Installation and Setup

Installing the OmniVista SafeGuard Manager Server

To install the OmniVista SafeGuard Manager server:
1 Double-click the executable file (
The Installation Wizard prepares Java Virtual Machine (JVM) and initializes the installation wizard. This could take a few seconds.
After the initialization process is completed, the Welcome screen displays (Figure 9).
Figure 9 Installation Welcome Screen
omnivista-safeguard-<version>.exe).
30
2 Click Next. The Alcatel-Lucent license agreement displays (Figure 10).
OmniVista SafeGuard Manager Administration Guide
Loading...
+ 180 hidden pages