OmniVista SafeGuard
Manager
Release 3.0
Administration Guide
PART NUMBER: 005-0034 REV A1
PUBLISHED: MARCH 2007
ALCATEL-LUCENT
26801 WEST AGOURA ROAD
CALABASAS, CA 91301 USA (818) 880-3500
WWW.ALCATEL-LUCENT.COM
Alcatel-Lucent Proprietary
Copyright © 2007 Alcatel-Lucent. All rights reserved. This document may not be reproduced in whole or in part without the expressed written permission Alcatel-Lucent. Alcatel-Lucent ® and the AlcatelLucent logo are registered trademarks of Alcatel-Lucent. All other trademarks are the property of their respective owners.
2 |
OmniVista SafeGuard Manager Administration Guide |
|
|
Preface
About This Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Guide Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Conventions Used in This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Chapter 1: Getting Started
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Key Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 OmniVista SafeGuard Manager Client Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Starting the Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Installing the Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Logging In to the Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Navigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Dashboards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Menus. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Page Bar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Action Bar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Viewing Tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Modifying Your Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Adding a Device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Chapter 2: Installation and Setup
Installing the OmniVista SafeGuard Manager Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Upgrading the OmniVista SafeGuard Manager Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Pre-Upgrade Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Uninstalling the Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Starting the Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Shutting Down the Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
OmniVista SafeGuard Manager Administration Guide |
3 |
|
|
Contents
Installing the OmniVista SafeGuard Manager Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Logging into the OmniVista SafeGuard Manager Client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 Connecting Over Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Chapter 3: General Navigation
Viewing Visualization Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Viewing Table Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Navigating between Different Table Views. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Choosing Columns in a Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Searching and Sorting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 Searching Table Data Locally. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Sorting Table Data Locally. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Searching and Sorting Data in the Entire Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Exporting and Printing Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Using the Status Bar. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Chapter 4: Visualization
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Dashboards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 Security Incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 User Sessions with Incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 Network Awareness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Configuring Dashboards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 Defining Modules within a Dashboard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 Defining Bars within a Module. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Viewing Visualization Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78 Viewing Policy Incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 Viewing Malware Incidents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 Viewing Posture Incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 Viewing User Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Viewing Application Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 Viewing Application Instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 Viewing Application Flows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 Creating Policy Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Viewing Time-based Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 Additional Time-based Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 Viewing Active Data Against Historical Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
4 |
OmniVista SafeGuard Manager Administration Guide |
|
|
Contents
Chapter 5: Device Configuration
Managing Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Checking a Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Adding a New Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Configuring Device Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Application Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Application Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Network Zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Role Derivations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
LDAP Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Editing Device Objects. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Editing Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Templates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Creating a New Template. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Importing Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Deleting an Existing Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Polling a Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Synchronizing a Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Manually Synchronizing a Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Device Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Manage Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Manage Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Reboot Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Refresh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Other Actions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Execute Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
ICS Admin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Delete Visualization Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Update Template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Discard Non-template Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Understanding Device Management Display. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Recommended Device Management Workflow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Chapter 6: Query and Reports
Query . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Defining a Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Scheduling a Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Generating a Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
OmniVista SafeGuard Manager Administration Guide |
5 |
|
|
Contents
Chapter 7: Managing the Server
User Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 Authentication Guidelines. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176 Adding a New User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177 Enabling Dual-Admin or 4-Eye Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
File Repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179 Client Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
Server Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 Setting Visualization Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 Exporting the Database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186 Purging the Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188 Backing Up the Database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 Restoring the Database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 Mailing Malware and Report Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192 Periodic Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194 General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Chapter 8: Audit Logs and Statistics
Audit Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
OmniVista SafeGuard Manager Log Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Device Health . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Viewing Device Health Statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Server Health . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Viewing Server Health Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
Index
6 |
OmniVista SafeGuard Manager Administration Guide |
|
|
In this preface:
■About This Guide
■Conventions Used in This Guide
■Related Documentation
Preface
This guide describes the OmniVista SafeGuard Manager command center features, including how to use and navigate through different views. This guide also provides detailed installation procedures for the server and client.
The OmniVista SafeGuard Manager Administration Guide is for experienced network administrators who are responsible for installing, configuring, and maintaining the Alcatel-Lucent devices and OmniVista SafeGuard Manager command center.
The information in this guide is separated into several chapters to make it easy for you to find exactly what you are looking for.
Chapter |
Description |
|
|
Chapter 1, Getting Started |
Provides installation procedures and a brief overview |
|
of the key features of the OmniVista SafeGuard |
|
Manager command center. |
Chapter 2, Installation and |
Provides detailed installation and setup instructions. |
Setup |
|
Chapter 3, General |
Describes different navigation techniques such as, |
Navigation |
search and sorting. |
Chapter 4, Visualization |
Describes the configuration of dashboards and the |
|
checking of user activity, health of the host system, |
|
violation histories, and other network activity. |
Chapter 5, Device |
Provides instructions for configuring device objects |
Configuration |
and templates. |
Chapter 6, Query and Reports |
Describes the creation, printing, and viewing of |
|
reports on network traffic and incidents. |
Chapter 7, Managing the |
Describes client settings, user accounts, and user |
Server |
authentication. Additionally, it describes server |
|
settings: how to restore, purge, or back up the |
|
database and set up the OmniVista SafeGuard |
|
Manager mailer so email notifications can be sent |
|
on Malware events and reports. |
Chapter 8, Audit Logs and |
Provides audit log information and device and |
Statistics |
server health and statistics. |
|
|
8 |
OmniVista SafeGuard Manager Administration Guide |
|
|
Preface
This document uses the following conventions:
Italic |
Italics are used the first time a glossary term is introduced, |
|
|
|
for the titles of books, and for menu items. |
■ |
Bulleted lists |
Bulleted lists designate items of equal importance. |
1 |
Numbered lists |
Numbered lists designate a specific sequence of steps |
|
|
required to complete a procedure. |
Boldface type |
Boldface type is used for button names. |
|
Code |
Code excerpts and command line sequences are |
|
|
|
shown in this type face. |
Ellipsis.... |
Is used in code and argument syntax to indicate that |
|
|
|
inconsequential information is not shown. |
NOTE: Means readers pay special attention to the information. Notes contain helpful suggestions or references to materials covered in the guide.
CAUTION: Informs users to be careful of situation described in Cautions. In this situation, you could do something that could result in deletion of information or damage of equipment.
WARNING: Informs users of safety conditions. In this situation, you could do something that could result in bodily injury or electric shock.
OmniVista SafeGuard Manager Administration Guide |
9 |
|
|
Preface
■OmniAccess SafeGuard Controller Installation Guide
Describes the OmniAccess SafeGuard Controller. The guide provides detailed installation instructions and technical specifications for the OmniAccess SafeGuard Controller.
■OmniAccess SafeGuard OS Administration Guide
Provides concepts and configuration instructions for the major features of OmniAccess SafeGuard OS and its supported products, which includes End Point Validation (EPV) the integral component for using ICS.
■ICS Dissolvable Agent for SafeGuard Administration Guide
Describes how to configure the Integrity Clientless Security (ICS) module of the Alcatel-Lucent Network Admission Control (NAC).
Alcatel-Lucent publishes documents for Alcatel-Lucent customers at:
www.Alcatel-Lucent.com
10 |
OmniVista SafeGuard Manager Administration Guide |
|
|
chapter
1 |
Getting Started |
This section includes the following:
■Overview
■Key Features
■Getting Started
■Navigation
■Viewing Tips
■Modifying Your Password
■Adding a Device
Chapter 1: Getting Started
The OmniVista SafeGuard Manager command center provides centralized and easy-to- use management of one or more Alcatel-Lucent devices, enabling network administrators to perform basic configuration, management, and monitoring of several devices in a single interface. OmniVista SafeGuard Manager provides the foundation for gaining usage awareness and flagging network security incidents by users; it also enables global policy configuration with the ability to take real-time action from the control panel. Powerful predefined reports provide clear views on enterprise network health and user actions.
Unlike traditional network management systems that report at the MAC or IP level, OmniVista SafeGuard Manager maps events to the network users. A user is identified by the SafeGuard Controller enforcement devices during the authentication phase. This user ID is then bound to the MAC and IP addresses of the computer, such that, that any future communication from that machine is bound to the user ID. This allows an administrator to identify any user incidents or identify the location of the violating machine.
User-based features combined with drillable data navigation enable OmniVista SafeGuard Manager to communicate business information simply at a top level, yet the details are only a click away. This real-time correlation of network incident or awareness events to the user saves hours of manual association and custom scripting.
OmniVista SafeGuard Manager 3.0 supports the following:
■Devices: OAG 1000, OAG 2400, OAG 4048x
■SafeGuard platform: SafeGuard software release 3.0
The OmniVista SafeGuard Manager command center Release 3.0 supports the following features:
■Device Configuration—Allows you to manage devices with detailed views of devices and physical ports. Also keeps your network under a single management system allowing you to select actions on the canned policies and push down to devices.
■User Authentication—In addition to local database authentication, OmniVista SafeGuard Manager users can be authenticated using an external RADIUS server.
■Visualization Filters—Allows you to set up visualization filters such that you can selectively view events based on VLAN ID, application type, or user role.
■VLAN Filters—Allows you set up visualization filters based on VLAN IDs.
■Drillable Database Query—Allows you to execute pre-defined and custom queries.
12 |
OmniVista SafeGuard Manager Administration Guide |
|
|
Chapter 1: Getting Started
■Policy Creation Using Flows—Allows you to create policy filters from data available in an application flow.
■CSV/HTML Report Generator—Allows you to create customized reports with server-side Scheduler; these reports can be e-mailed and printed easily.
■Real-time Incident Dashboard—Displays total number of users, authenticated and unauthenticated, device health, and policy, posture, and malware incidents. Also displays incidents for unauthenticated users and top user roles with incidents/incident counts. Administrators can remove offending machines off the network and revoke user privileges by de-authenticating users.
■Real-time User Incident Dashboard—Displays authentication failures by users, users with policy, posture, and malware incidents, and top user roles with incidents.
■Real-time Awareness Dashboard—Displays top 10 user sessions by bandwidth, top 10 destinations, top 10 Web Sites, top 10 applications by flow count, bottom 10 applications by flow count, or top 10 applications by bandwidth.
■Audit Logs—Provides logs that indicate who did what and when and on which device. These logs are for user and device operations and can be helpful for auditing purposes.
■Device and Server Health—Allows you to collect, view, and store statistics relating to device or server health. These statistics are helpful in analyzing each device’s performance and its current connections.
■Software Upgrade—Allows you to upgrade the software version on the device.
■File Distribution—Allows you to manage files in a repository and distribute as necessary.
■Reboot—This feature allows you to reboot the selected device(s).
■Online Help—The online help feature is available using the F1 function key.
OmniVista SafeGuard Manager Administration Guide |
13 |
|
|
Chapter 1: Getting Started
The OmniVista SafeGuard Manager command center has client and server components. The server runs on a Windows server system, and the client runs on a Windows client system using Internet Explorer. The client can be deployed directly from the server using the Java Web Start technology.
To quickly get started with OmniVista SafeGuard Manager, you need the following:
■System Requirements
■OmniVista SafeGuard Manager Client Requirements
■Starting the Server
■Starting the Server
■Installing the Client
■Logging In to the Client
■Dashboards
■Menus
■Adding a Device
The following requirements are for OmniVista SafeGuard Manager server installation. The software installation enforces these requirements, and exits you out of the installation if the minimum requirements are not met. For more installation information, see Installing the OmniVista SafeGuard Manager Server.
■2-GB RAM
■60-GB free disk space
NOTE: The disk space is allocated as 5GB for installation and 55GB for data. Installation needs to be performed using the C drive and this drive should have a minimum of 5GB free space; however, data can be saved to the D drive that should have a minimum of 55GB space.
■Microsoft Windows Server 2003 (Enterprise, Standard, or Web Edition)
NOTE: Microsoft Windows Server 2003 should have SP1 installed. Alcatel-Lucent supports 32 bit versions only.
14 |
OmniVista SafeGuard Manager Administration Guide |
|
|
Chapter 1: Getting Started
■2.8-GHz processor speed
■2 processors
NOTE: The appliance that ships from Alcatel-Lucent meets all these requirements.
The OmniVista SafeGuard Manager client can be run on most Windows systems. Minimum requirements are:
■One of the following Windows platforms:
—Microsoft Windows Server 2000
—Microsoft Windows Server 2003 (Enterprise or Standard)
—Microsoft Windows XP Professional
■2.8-GHz single CPU
■512-MB RAM
■2-GB hard disk
■Internet Explorer 6.0 or higher
■Screen resolution of 1024 x 768 pixels
■Internet connectivity to install Java Web Start
OmniVista SafeGuard Manager Administration Guide |
15 |
|
|
Chapter 1: Getting Started
When you boot up the OmniVista SafeGuard Manager appliance, the OmniVista SafeGuard Manager server is started automatically. However, if you upgraded the software version or re-installed the software, you must manually start the server. For more information on installing, upgrading, or uninstalling, see Installation and Setup.
To manually start the server:
1Use the Windows shortcut from the Start menu, Programs > OmniVista SafeGuard Manager > Start Server.
A GUI window displays. This window performs checks to verify that all ports needed for the server are available, starts all the server components as Windows services, and informs you when the server is ready.
2Click OK to close the window.
The OmniVista SafeGuard Manager server runs in the background. If you now reboot the system, the server should come up automatically.
The OmniVista SafeGuard Manager client is based on Java Web Start technology, allowing you to install the client automatically with a single click over the network. For more information on client installation, see Installation and Setup.
To install the client:
1Launch Internet Explorer.
2Access the OmniVista SafeGuard Manager system by typing the following URL:
http://<server-ip-address>
If the client does not have Java Web Start already installed, you are prompted to install Java Runtime Environment (JRE). Follow the on-screen prompts using the default options to install JRE. Java Web Start is included with JRE.
NOTE: The automatic installation of JRE requires ActiveX controls to be enabled on your Internet Explorer. If ActiveX controls are not enabled, a “download Java Web Start” link displays. Internet Explorer also alerts you if ActiveX controls are not enabled and gives you an option to enable ActiveX controls. You can choose to enable ActiveX controls for automatic installation of Java Web Start, or you can download JRE version 1.5.0 by going to the download link. If you manually install Java Web Start, repeat Step 2.
After Java Web Start is installed, the OmniVista SafeGuard Manager client code is downloaded and installed. Java Web Start displays a dialog box informing you
16 |
OmniVista SafeGuard Manager Administration Guide |
|
|
Chapter 1: Getting Started
that the application is authored by Alcatel-Lucent and needs some privileges on your client system (Figure 1).
Figure 1 Security Warning
3Click Start. A prompt appears asking if you want to create a shortcut on the desktop.
4Select Yes to create a shortcut. If you select No, you can still launch the client using the URL from Step 2.
The client launches. See Logging In to the Client for information on logging procedures.
NOTE: Every time the OmniVista SafeGuard Manager client is launched, it compares its version with the OmniVista SafeGuard Manager server. If the client version is different than that of the server, the client automatically updates itself from the new version of the server.
OmniVista SafeGuard Manager Administration Guide |
17 |
|
|
Chapter 1: Getting Started
To log in to the client:
1Launch the client using either of the following methods:
—Double-click on the shortcut that was created on your desktop when you first installed the client.
—Invoke from Internet Explorer by typing the URL (http://ip-address-of-
OmniVistaSafeGuardManager-server).
—Launch from the start menu using start menu > OmniVista SafeGuard Manager > Client
NOTE: If you are launching the client from the server for the first time, you might be prompted to install certain applications. See
Installing the Client for more information.
The Login screen appears (Figure 2).
Figure 2 OmniVista SafeGuard Manager Client Login Screen
2In the Username field, type admin as the default user.
3In the Password field, type password.
18 |
OmniVista SafeGuard Manager Administration Guide |
|
|
Chapter 1: Getting Started
4Click Login. If you are logging in for the first time to the OmniVista SafeGuard Manager server, the Alcatel-Lucent License Agreement will be displayed. You must accept it to use OmniVista SafeGuard Manager.
NOTE: The license agreement is a one-time acknowledgement for each server and is not displayed for this client or any other client or this server.
The client is successfully launched, and the OmniVista SafeGuard Manager command center panel displays (Figure 3).
Figure 3 OmniVista SafeGuard Manager Dashboard
OmniVista SafeGuard Manager Administration Guide |
19 |
|
|
Chapter 1: Getting Started
When you log into the OmniVista SafeGuard Manager command center, a navigation panel displays that allows you to access the various features by simply clicking a button or using a menu item. You can navigate the OmniVista SafeGuard Manager command center using the following:
■Dashboards
■Menu Bar
■Page Bar
■Action Bar
Figure 4 OmniVista SafeGuard Manager Navigation Elements
Menu Bar
Page Bar
Action Bar
The OmniVista SafeGuard Manager command center has three dashboards that provide a high-level network summary. These dashboards can be used to further investigate either actionable user incidents or informational and user traffic patterns. For more information on how to use the visualization features of the dashboard, see Visualization. The three dashboards are:
■Incidents—Displays total number of users, authenticated and unauthenticated, device health, and policy, posture, and malware incidents. Administrators can remove offending machines off the network and revoke user privileges by deauthenticating users.
■User Incidents—Displays authentication failures by users, users with policy, posture, and malware incidents, and top user roles with incidents.
■Network Awareness—Displays various application usage patterns and statistics for active users, such as top 10 user sessions by bandwidth, top 10 user sessions with most blocked incidents, top 10 destinations, top 10 Web Sites, and so forth. The modules are automatically refreshed every 5 minutes.
20 |
OmniVista SafeGuard Manager Administration Guide |
|
|
Chapter 1: Getting Started
You can access the OmniVista SafeGuard Manager features by selecting menu commands that are located in the menu bar, which is the toolbar located at the top of the screen (Figure 4).
The OmniVista SafeGuard Manager Page Bar icons allow you to access the various features of OmniVista SafeGuard Manager while retaining the context as much as possible. The Page Bar icons provide a quick single-click action that is synonymous with the menu items:
Table 1 Navigating within OmniVista SafeGuard Manager
Page Bar |
Menu Sequence |
Key |
Displays View |
Description |
|
|
Icon |
Sequence |
|
||||
|
|
|
|
|
||
|
|
|
|
|
|
|
|
View > Go To > |
Ctrl + 0 |
Dashboards |
Displays Incidents, User Incidents, |
|
|
|
Dashboard |
|
|
and Global Awareness |
|
|
|
|
|
|
dashboards. |
|
|
|
View > Go To > |
Ctrl + 1 |
Policy |
Displays all policy incidents. |
|
|
|
Policy Incidents |
|
Incidents |
|
|
|
|
View > Go To > |
Ctrl + 2 |
Malware |
Displays all malware incidents. |
|
|
|
Malware Incidents |
|
Incidents |
|
|
|
|
View > Go To > |
Ctrl + 3 |
Posture |
Displays all posture Incidents. |
|
|
|
Posture Incidents |
|
Incidents |
|
|
|
|
View > Go To > |
Ctrl + 4 |
Users |
Displays network activity per user. |
|
|
|
Users |
|
|
|
|
|
|
View > Go To > |
Ctrl + 5 |
Applications |
Displays network activity per |
|
|
|
Applications |
|
|
application. |
|
|
|
View > Go To > |
Ctrl + 6 |
Application |
Displays the user bandwidth |
|
|
|
Application |
|
Instances |
usage for each user, application |
|
|
|
Instances |
|
|
type, destination port, and |
|
|
|
|
|
|
destination IP address. |
|
|
|
View > Go To > |
Ctrl + 7 |
Application |
Displays application flows for all |
|
|
|
Application Flows |
|
Flows |
application. |
|
|
|
View > Go To > |
Ctrl + 9 |
Reports |
Allows you to create and view |
|
|
|
Reports |
|
|
reports on network traffic |
|
|
|
|
|
|
patterns and anomalies. |
|
|
|
|
|
||||
|
|
|
|
|
|
|
OmniVista SafeGuard Manager Administration Guide |
|
21 |
|
|||
|
|
|
|
|
|
|
Chapter 1: Getting Started
Table 1 Navigating within OmniVista SafeGuard Manager (continued)
Page Bar |
Menu Sequence |
Key |
Displays View |
Description |
|
Icon |
Sequence |
||||
|
|
|
|||
|
|
|
|
|
|
|
View > Go To > |
Shift + 1 |
Config |
Enables you to manage Alcatel- |
|
|
Config |
|
Management |
Lucent devices, view inventory, |
|
|
Management |
|
|
and perform minimal |
|
|
|
|
|
configuration of the device |
|
|
|
|
|
system and ports. |
|
|
View > Go To > |
Shift + 2 |
Audit Logs |
Displays log entries that are |
|
|
Audit Logs |
|
|
relevant for auditing purposes. |
|
|
View > Go To > |
Shift + 3 |
Statistics |
Displays device and server health |
|
|
Statistics |
|
|
statistics. |
When you click on any of the Page Bar icons, a table view is displayed that shows the Navigation Tree on the left-side, the contents in the upper-half of the screen and details for the selected object in the lower-half of the screen. The Navigation Tree and the Action Bar change based on the action task selected in the Page Bar.
The Action Bar allows you to access commands, as you need them, by a simple click of a button.
To use the Action Bar, do any of the following:
■To choose a command from the bar, click the command button or Actions > command
■To view what a command does, position the mouse over the command button to see its tooltip.
■To close the Action Bar, choose View > Toolbars > Actions.
22 |
OmniVista SafeGuard Manager Administration Guide |
|
|
Chapter 1: Getting Started
The following tips expedite your navigation through the OmniVista SafeGuard Manager Manager panels and windows:
■Buttons in the Action Bar are used to execute actions. Select a row and then click the action button. If an action is not applicable for the selected row, the corresponding button is disabled.
■In the table views, some information about the table size is displayed above the table (the number of rows) and the alarm and infection status is displayed in the status bar below the table.
■You can search the data from the visualization database using filters. To view filters, click Find in the Action Bar. A free-form search field is displayed where you can type keywords to search data displayed in table views. To search the data from the database, click Database Search. A new search and sort header opens at the top of the table header. Click on the search bar of the column to specify the filtering criteria for that column. Click on the sort bar for the column to specify the sort criteria for that column. You can select multi-column sort order. After you have finished setting filters for one or more columns, click Refresh to see the new results. To clear all filters, click Clear. For more information on how to use the search and sort features, see General Navigation.
■Select a row to view detailed information on the selected row.
■Right-click on a row to display applicable actions.
OmniVista SafeGuard Manager Administration Guide |
23 |
|
|
Chapter 1: Getting Started
The Account Management feature of OmniVista SafeGuard Manager allows an administrator to perform basic modifications to user accounts, such as adding users, changing passwords, and configuring dual-admin.
To modify your password:
1Select Tools > OmniVista SafeGuard Manager Users > User Accounts... The Account Management window (Figure 5) displays.
Figure 5 Account Management Window
2Select one of the following Admin Login Setting:
■Standard—requires a single login and password
■Dual-admin—requires two logins and passwords
3Click Apply to apply the login setting.
NOTE: The Enabled checkbox shows the status of the user account. This is used to indicate whether the user can log in or not. For all user accounts, except admin, when an authentication method is changed from Radius to local, the account is set to “disabled”. The account remains in a disabled state until the administrator resets the password for the account.
4Select the “admin” user and click Modify to change the password for the “admin” user. The Modify User Account dialog box (Figure 6) displays.
24 |
OmniVista SafeGuard Manager Administration Guide |
|
|
Chapter 1: Getting Started
Figure 6 Modify User Account Dialog Box
5Modify the password, as needed, and click Modify Password.
6Click Modify Account if you are changing the admin role or user information.
NOTE: For more information on adding a new user or the different types of user roles, see User Accounts.
Before you can visualize any data, you need to add a device. For more information on device management, see Device Configuration.
To add a single device:
1Select the Device Configuration icon from the Page Bar or select the View > Go To > Config Management menu item.
2Click the New icon from the Action Bar.
3Select Single Device. The New Device (Figure 7) dialog box displays.
OmniVista SafeGuard Manager Administration Guide |
25 |
|
|
Chapter 1: Getting Started
Figure 7 New Device Dialog Box
4 Enter the following device attributes:
Table 2 Add Device Attributes
Attribute |
Description |
|
|
IP Address |
The Management IP address of the device. |
SNMP Community |
Simple Network Management Protocol (SNMP) read |
String (Read) |
community name that was configured when the |
|
device was initially set up. |
SNMP Community |
SNMP read/write community name that was |
(Read/Write) |
configured when the device was initially set up. |
Name |
Device name. |
Region |
Name of the region in which the device is located. |
Building |
Name of the building in which the device is located. |
Enable Application |
Click this box if you want to collect application flow |
Flow Collection |
data. |
Associated Template |
Select a template from the pull-down list that you |
|
want to associate with the device. For more |
|
information on templates, see Templates. |
|
|
26 |
OmniVista SafeGuard Manager Administration Guide |
|
|
Chapter 1: Getting Started
NOTE: Make sure that the attributes are specified correctly; otherwise, adding a device fails producing one of the following error messages, “Device unreachable,” or “Device is not a Alcatel-Lucent device,” or “Unable to communicate with IP Address.”
5Click OK to add the device. The add process reads the system configuration and the list of outstanding visualization events from the device using a combination of SNMP and Alcatel-Lucent proprietary OmniVista SafeGuard Manager Visualization Channel.
NOTE: The device periodically ages out the visualization data; therefore, some of the events may be lost by the time you add the device.
The device displays in the All Devices panel and the device objects display in the Device Hierarchy navigation tree.
NOTE: The device must be reachable with appropriate community strings for the device to be added.
To add multiple devices:
1Select the Device Configuration icon from the Page Bar or select the View > Go To > Config Management menu item.
2Click the New icon from the Action Bar.
3Select Multi Device. The Create Devices (Figure 8) dialog box displays. You can populate this table using either the Import From File or the Add Entry option.
Figure 8 Add Multiple Devices
OmniVista SafeGuard Manager Administration Guide |
27 |
|
|
Chapter 1: Getting Started
4Click Import From File to import a list of devices written in a specific format. For example:
#########################################################################
Name: Device List File #Purpose: For bulk device addition into OmniVista SafeGuard Manager Syntax of each line: # ip,read,readwrite,name,region,building,enable-flow-collection-in-true- false # # Example: 172.16.3.125,public,private,controller,R1,B1,true
#########################################################################
172.16.3.125,public,private,controller,R1,B1,true
172.16.1.53,public,private,switch,R1,B2,true
5Click Add Entry to add another entry in the table. This can be used to create a list.
6The following device attributes are displayed:
Table 3 Add Device Attributes
Attribute |
Description |
|
|
Select Device |
Select the Select Device checkbox to select all |
|
devices in the list. |
Device |
Show the device name with its IP address. |
IP Address |
The Management IP address of the device. |
SNMP Community |
Simple Network Management Protocol (SNMP) read |
String (Read) |
community name that was configured when the |
|
device was initially set up. |
SNMP Community |
SNMP read/write community name that was |
(Read/Write) |
configured when the device was initially set up. |
Device Name |
Device name. |
Action Status |
Status of the action you selected. |
|
|
7Click Clear Entries to clear all entries from the table.
8Click Execute. The server schedules and processes each entry and provides feedback and action detail in the Action Status column.
28 |
OmniVista SafeGuard Manager Administration Guide |
|
|
chapter
This section includes the following:
■Installing the OmniVista SafeGuard Manager Server
■Upgrading the OmniVista SafeGuard Manager Server
■Uninstalling the Server
■Starting the Server
■Shutting Down the Server
■Installing the OmniVista SafeGuard Manager Client
■Installing the OmniVista SafeGuard Manager Client
■Logging into the OmniVista SafeGuard Manager Client
■Connecting Over Firewall
Chapter 2: Installation and Setup
To install the OmniVista SafeGuard Manager server:
1Double-click the executable file (omnivista-safeguard-<version>.exe).
The Installation Wizard prepares Java Virtual Machine (JVM) and initializes the installation wizard. This could take a few seconds.
After the initialization process is completed, the Welcome screen displays (Figure 9).
Figure 9 Installation Welcome Screen
2 Click Next. The Alcatel-Lucent license agreement displays (Figure 10).
30 |
OmniVista SafeGuard Manager Administration Guide |
|
|