Yoggie YMS User Manual
Legal Notice
ii | Yoggie Management Server™
Legal Notice
©
Copyright 2006-2008. Yoggie Security Systems Ltd. All rights reserved.
Any and all intellectual property rights related to the Yoggie Management Server™
product belongs solely to Yoggie Security Systems Ltd. and its licensors, and may
not be used in any manner except as explicitly permitted by Yoggie Security
Systems Ltd., in the Terms of Use Agreement.
The technology and products described in this material are protected by registered
and/or pending patents of Yoggie Security Systems Ltd. and/or its licensors.
Yoggie™, Yoggie logo, Yoggie.com™, Yoggie Gatekeeper™, Yoggie Pico™, Yoggie
SOHO™, Gatekeeper Pro™, Gatekeeper Pico Pro™, Yoggie Pico Personal™, Yoggie
Pico Pro™, Yoggie Firestick Pico™, Yoggie Management Server™ are trademarks
or registered trademarks of Yoggie Security Systems Ltd. All other trademarks,
service marks, and logos appearing in this material or on the product belong to
their respective owners.
Q1 2008
YFUM001.00
Safety Instructions
User Guide | iii
Safety Instructions
Use the following safety guidelines to help ensure your own personal safety and to
help protect your system and working environment from potential damage.
The power supply in your Yoggie Management Server™ device may produce
high voltages and energy hazards, which can cause bodily harm. Unless you are
instructed otherwise by Yoggie Security Systems Ltd, only trained service
technicians are authorized to remove the covers and access any components inside
the system.
Keep your system away from radiation and heat sources.
Do not block cooling vents or air intakes.
If any of the following conditions occur, disconnect the product from the power
source and replace the part, or contact your trained service provider:
The power cable or plug is damaged.
An object has fallen into the product.
The product has been exposed to water.
The product has been dropped or damaged.
The product does not operate properly when you follow the operating
instructions.
Table of Contents
iv | Yoggie Management Server™
Table of Contents
TABLE OF FIGURES ..................................................................................... 6
ABOUT THIS USER GUIDE ........................................................................... 8
INTRODUCTION .......................................................................................... 9
USI N G T HE YOGGI E MANAGEMENT SE RVER ™ .........................................................9
TECHNICAL SPECIFICATIONS .......................................................................... 11
GETTING STARTED.................................................................................... 12
PACKAGE CONTENTS .................................................................................... 12
INSTALLING .............................................................................................. 12
POWERING UP THE YMS ............................................................................... 13
CONNECTING TO YOUR NE TW ORK .................................................................... 14
LOGGING IN ............................................................................................. 14
INITIAL SETUP AND REGISTRA TI ON ................................................................... 16
YMS PAGE ELEMENTS .................................................................................. 20
DISCONNECTING ........................................................................................ 21
MANAGING THE YMS DEVICE .................................................................... 22
YMS PREFERENCES ..................................................................................... 22
Configuring the Time Zone ............................................................... 22
Configuring the Corporate Password .................................................. 22
Configuring an External IP Address ................................................... 23
Configuring Display Preferences ........................................................ 23
MANAGING USER S ...................................................................................... 25
Adding a User ................................................................................ 25
Modifying User Properties ................................................................ 26
Deleting a User............................................................................... 26
MANAGING GATEKEEPER DEVICES ........................................................... 27
VIEWING SECURITY LOGS ............................................................................. 27
DISABLING/ENABLING A GATEKEEPER DEVICE ...................................................... 29
UNREGISTERING A GATEKEEPER DEVICE ............................................................. 29
MANAGING CORPORATE SECURITY .......................................................... 30
MANAGING GROUPS .................................................................................... 31
Adding a Group .............................................................................. 31
Using Directory Services .................................................................. 33
Modifying Group Properties .............................................................. 34
Table of Contents
User Guide | v
Deleting a Group ............................................................................ 34
MANAGING SEC URIT Y PROFILES ...................................................................... 36
Adding a Security Profile .................................................................. 36
Modifying Profile Properties .............................................................. 37
Deleting a Security Profile ................................................................ 38
MANAGING POLI CIE S ................................................................................... 38
Adding a Policy ............................................................................... 38
Modifying Policy Properties ............................................................... 38
Deleting a Policy ............................................................................. 39
DISABLING PROTECTION ............................................................................... 39
CONFIGURING POLICY PARAMETERS ....................................................... 41
CONFIGURING FIR EWA LL SETTINGS .................................................................. 42
Rules ................................................................................................................................. 42
Blacklist and Whitelist ..................................................................... 44
Enabling Port Forwarding ................................................................. 45
CONFIGURING IDS/IPS SETTINGS ................................................................... 47
CONFIGURING VPN SETTIN GS ........................................................................ 47
Generic VPN ................................................................................... 48
Cisco VPN ...................................................................................... 48
CONFIGURING ANT I-VIRUS SETTINGS ............................................................... 49
CONFIGURING ANT I-SPA M SETTINGS ................................................................ 50
CONFIGURING WEB FILT ERI NG SETTINGS ........................................................... 51
LOGGING AND REPORTING ....................................................................... 52
VIEWING THE SY S T EM LOG ............................................................................ 52
VIEWING THE SE CU RI TY LOG .......................................................................... 53
CRE ATING RE POR TS .................................................................................... 55
REPORT EXAMPLES ...................................................................................... 57
About this User Guide
Using the Yoggie Management Server™
6 | Yoggie Management Server™
Table of Figures
Figure 1 – Yoggie Corporate Security Solution ...................................................... 10
Figure 2 – YMS Device: rear panel ....................................................................... 13
Figure 3 – YMS Device: front panel ..................................................................... 13
Figure 6 – Welcome page .................................................................................. 16
Figure 7 – Time Settings page ............................................................................ 16
Figure 8 – Network Settings page ....................................................................... 17
Figure 9 – External IP Address page ................................................................... 18
Figure 10 – Set Administrator Password page ...................................................... 19
Figure 11 – YMS Page Elements ......................................................................... 20
Figure 12 – Time Zone and Corporate Password page ........................................... 22
Figure 13 – Network Settings page ..................................................................... 23
Figure 14 – Display Preferences ......................................................................... 24
Figure 15 – Users page ..................................................................................... 25
Figure 16 – Edit User page ................................................................................ 26
Figure 17 – Gatekeeper Devices ......................................................................... 27
Figure 18 – Gatekeeper Device Detail ................................................................. 28
Figure 19 – Security Log.................................................................................... 28
Figure 20 – YMS Security Element ...................................................................... 30
Figure 21 – Gatekeeper Groups .......................................................................... 31
Figure 22 – Group Editor ................................................................................... 32
Figure 23 – Directory Services ........................................................................... 33
Figure 24 - Security Profiles ............................................................................... 36
Figure 25 – Security Profile Details ..................................................................... 37
Figure 26 – Policy Editor .................................................................................... 38
Figure 27 – Password Generator ......................................................................... 39
Figure 28 – Firewall Policy: Rules ....................................................................... 42
Figure 29 – Firewall Policy: Rule Editor ................................................................ 43
Figure 30 – Firewall Policy: Blacklist .................................................................... 44
Figure 31 – Firewall Policy: Whitelist ................................................................... 45
Figure 32 – Firewall Policy: Port Forwarding ......................................................... 46
Figure 33 – IDS/IPS Policy ................................................................................. 47
Figure 34 – VPN Policy: Generic ......................................................................... 48
Figure 35 – VPN Policy: Cisco ............................................................................. 49
Figure 36 – Anti-Virus Policy .............................................................................. 49
Figure 37 - Anti-Spam Policy .............................................................................. 50
Figure 38 – Web-Filtering Policy ......................................................................... 51
Figure 39 – System Logs ................................................................................... 52
Figure 40 - System Log: Individual Entry ............................................................. 53
Figure 41 – Security Log.................................................................................... 53
Figure 42 – Security Log: Individual Entry ........................................................... 54
Figure 43 – YMS Reports ................................................................................... 55
Figure 44 - Report Query Form: Security Summary .............................................. 56
About this User Guide
Using the Yoggie Management Server™
User Guide | 7
Figure 45 – Security Summary Report (Text and Chart) ........................................57
Figure 46 – Security Summary Report (Bar Chart) ................................................58
Figure 47 – Web-Filtering Category Summary Report (Pie Chart) ............................59
Figure 48 – Registration Report (Text) ................................................................59
About this User Guide
Using the Yoggie Management Server™
8 | Yoggie Management Server™
About this User Guide
The following User Guide provides installation and usage instructions for the
Yoggie Management Server™.
Style and Syntax Conventions
Verdana
Regular text.
Arial Bold
Names of fields and other page components.
Arial Italics
Special terms, the first time they appear.
Monospace
Bold
Text entered by the user on the computer page.
Not e s , which offer an additional explanation or a hint on how to
overcome a common problem.
Wa rn i ng s , which indicate extra caution needed in order to avoid
potential problems.
Introduction
Using the Yoggie Management Server™
User Guide | 9
Introduction
The Yoggie Management Server™ (YMS) is a robust security-management
appliance installed in the server room of an organization. It offers a central
security solution for the management and monitoring of the organization’s Yoggie
security mini-computers, also known as Gatekeepers.
Using the Yoggie Management Server™
Gatekeeper devices provide remote and mobile user protection against Internet
threats anytime, anywhere. The IT manager must continuously monitor and
manage the fleet of Gatekeeper devices from a remote central point, to enforce
corporate-level security.
A single YMS unit offers remote central management of up to 5,000 Gatekeeper
units. A YMS unit monitors and logs the Gatekeeper units’ activity in real time, and
ensures uninterrupted protection by keeping the Gatekeeper units up to date with
the latest security and firmware updates. A YMS unit extends the IT manager’s
ability to easily enforce security policies on various groups in the organization,
using a Web-based management console without requiring any agent installation.
YMS supports day-to-day administration tasks, such as generation of daily security
reports, disabling of lost or stolen Gatekeeper devices, and so on.
In a common network setup, Gatekeeper units are plugged into laptops belonging
to different groups in the organization. Most of these laptops are located outside
the corporate network. The corporate YMS is visible to both the external users and
to the internal LAN users. After Gatekeeper units are registered to the YMS, they
report logs and details to the YMS, and receive security and firmware updates
from the YMS. The network setup is illustrated in the following diagram:
Introduction
Using the Yoggie Management Server™
10 | Yoggie Management Server™
Figure 1 – Yoggie Corporate Security Solution
Introduction
Technical Specifications
User Guide | 11
Technical Specifications
Component
Description
CPU Board
Supports Intel® P4 processor 2.8 GHz
Intel® 845GV chipset with 400/533MHz FSB
System Memory
1GB DDR 200/266 on two 184-pin DIMM socket
Ethernet Port
Two 32-bit/33MHz Gigabit/Fast Ethernet ports
PCI Expansion
Two PCI expansion slots for development
Storage Device
Tw o 3 .5’ HD D
Compact Flash
Disk on Module (DOM)
Serial Port
One DB9 (for system console)
One 2x5 pin-connector
LEDs
Indicators for power status and storage access
Ethernet AC/LNK and speed status
IDE
Two IDE connectors - one 40-pin and one 44-pin
USB
Pin header on-board for two USB devices
VGA
Built-in on-board VGA pin-connector
Power
Full-range 220W ATX PSU
Dimensions
Height: 44 mm (1.73 in)
Width: 430 mm (16.83 in)
Depth: 390 mm (15.35 in)
Weight
5.6 kg (12.33 lb) Net
Operating temperature
5° to 40° C (67° to 130° F)
Storage temperature
0° to 70° C (58° to 184° F)
Operating humidity
20% to 90% RH
Storage humidity
5% to 95% RH
Certification
CE/FCC/UL
Getting Started
Package Contents
12 | Yoggie Management Server™
Getting Started
Getting started consists of Yoggie Management Server™ installation, power up,
connection, initial setup, and registration procedures. This chapter also describes
how to deploy the YMS in the corporate network.
Package Contents
Yoggie Management Server™ device
Power cable
User Guide CD
Installing
The YMS device is shipped fully assembled and covered. The YMS device includes
two mounting brackets built into the sides of the device housing.
To prepare the YMS for a 19" rack installation:
1. Fasten the mounting brackets to the side rails of the rack, using two screws on
each side (not included).
Ensure that proper grounding is provided for the rack assembly, to prevent
potential electrical problems in the devices mounted on the rack.
Do not remove the covers for any purpose, during the installation procedure.
To ensure easy access during installation and maintenance, leave sufficient
space behind the rack.
Getting Started
Powering Up the YMS
User Guide | 13
Powering Up the YMS
Before turning on the YMS device, connect the device to a power source using the
power cable provided.
Verify that the unit is grounded according to regulations.
Figure
2 –
YMS Device: rear panel
To power up the YMS device:
1. On the rear panel, turn on the power switch.
The device powers up immediately. The lights on the front panel of the device
indicate the status of the unit, as follows:
The blue LED in the Yoggie logo and the green LED are illuminated if the
device has power.
The red LED is illuminated if there is hard disk activity.
2. The device takes up to two minutes to fully load.
Figure 3 – YMS Device: front panel
US B Po r ts
Power
socket
Power
switch
COM1
LAN2 LAN1
blue LED
red LED
green LED
Getting Started
Connecting to Your Network
14 | Yoggie Management Server™
Connecting to Your Network
To connect the YMS to your network, you will need two RJ-45 network cables (not
included in the package). The network cables should be connected to the rear
panel of the YMS device.
To connect the network cables to the rear panel:
1. Connect the RJ-45 cable from the PC to the right port, labeled L AN 2, using
either a 10 MB or a 100 MB Fast Ethernet. This link is used for management.
2. Connect the RJ-45 cable from the network link to the left port, labeled L AN 1 ,
using either a 10 MB or a 100 MB Fast Ethernet Connection. This link is used for
communication with the Gatekeeper devices.
3. Check the connectivity indicators on the rear panel of the device. The LAN 1 and
LAN 2 link LEDs should be illuminated in green.
Gatekeeper units can be plugged into traveling or remote laptops that are directly
or remotely connected to the corporate network. To allow safe communication
with the Gatekeeper devices, the YMS must be installed in the network DMZ with
two additional rules on the corporate Firewall:
External: An y > YM S External Public I P Ad d r e s s YMS TCP/UDP port 5222
Internal: L A N > YMS Private IP address YMS TCP/UDP port 5222 and YMS TCP
443
In corporate networks which use two firewalls (Internal and External), add
the External rule to the External Firewall, and add the Internal rule to the Internal
Firewall.
External users can see the YMS, using its External Public IP Address (YMS External
IP), while LAN users can connect to the YMS using its private IP address (YMS IP
address). (See Initial Setup and Registration below.)
Logging In
The YMS Management Console provides access to YMS configuration through your
Web browser. You can monitor Gatekeeper activity, manage and enforce corporate
security policy, view and print security reports and logs, manage system and user
settings, and more. You can access the YMS from the PC in one of the following
ways:
Direct connection: The YMS is connected to the PC directly through the YMS
management interface L A N 2 . Default management IP settings are
1.1.1.1 Class C.
Network connection: The YMS is connected to the LAN under the same
network subnet as the PC, through the LA N 1 physical interface.
Getting Started
Logging In
User Guide | 15
The first time the Super Admin user logs in to the YMS, connecting to the
YMS is possible only directly through LAN 2 , the management interface.
To connect to the YMS using a direct connection:
1. Connect the PC to the YMS using a crossed network cable:
Connect one end to the PC network port.
Connect the other end to the YMS L A N 2 port.
2. In the PC, configure the network interface to include the following network
settings:
IP Address: 1.1.1.9
Subnet Mask: 255.255.255.0
3. Access the management console, by opening a Web browser and typing the
following URL: https://1.1.1.1.
To connect to the YMS through the network:
1. Connect the YMS to the network, using the L A N 1 port.
2. Verify that the YMS has received an IP address belonging to the corporate LAN.
To log in to YMS:
1. Open a Web browser and type the following URL:
https://<Management IP|YMS IP>
2. Type your username and password and click Login.
Default credentials are:
User Name: admin
Password: admin
Getting Started
Initial Setup and Registration
16 | Yoggie Management Server™
The Welcome page appears.
Figure 4 – Welcome page
3. Click Next to enter the Initial Setup and Registration Wizard.
Initial Setup and Registration
The first time the Super Admin user logs in, the Initial Setup wizard begins and the
Time Settings page appears.
Figure 5 – Time Settings page
Getting Started
Initial Setup and Registration
User Guide | 17
To set up and register the Yoggi Management Server:
1. In Timezone, select your time zone.
2. Click Next.
The Initial Setup Network Settings page appears.
Figure 6 – Network Settings page
3. Select one of the following options:
Obtain network settings automatically – all the settings are acquired
automatically from the network DHCP server. Proceed to the next step.
Obtain network settings manually – all the settings are acquired manually
(that is, by the user typing values for the settings).
Type values for the following settings:
IP Address: The IP address you would like to assign to the YMS.
Subnet Mask: The subnet mask of the network to which the YMS is
connected.
Gateway: The network gateway address.
DNS: The network DNS server address.
Alternate DNS: The network secondary DNS server address (optional).
Loading...