Network Security Platform NTBA Appliance T-600 and T

Network Security Platform NTBA Appliance T-600 and T
NTBA Appliance T-1200 and T-600 Quick Start Guide
Revision B
McAfee Network Security Platform
This guide is a high-level description of how to install and configure McAfee® Network
Threat Behavior Analysis Appliance T-1200 and T-600. For more detailed installation
information, refer to the NTBA Administration Guide.
1
Verify the shipment
Check for these contents that are shipped with the McAfee Network Threat Behavior
Analysis Appliance (NTBA Appliance).
•
NTBA Appliance
•
Accessory kit containing:
•
NTBA Appliance Quick Start Guide
•
Lockable front bezel with key
•
Power cords (2)
•
Console cable (1)
•
System diagnostic USB flash drive
•
System restore (recovery / image re-installation) USB flash drive
•
Tool-less slide rail (2)
•
Chassis cable management arm
If any of the contents from the preceding list are missing or damaged, contact
McAfee support at http://mysupport.mcafee.com.
2
Download documentation
Download the product documentation for the NTBA Appliance.
1
Go to McAfee ServicePortal at http://support.mcafee.com and click Knowledge Center.
2
Enter a product name, select a version, then click Search to display list of
documents.
1
3
3
Download these documents.
•
McAfee Network Threat Behavior Analysis Release Notes
•
McAfee Network Threat Behavior Analysis Administration Guide
Install the mounting rails
Position the mounting rails correctly and install them at same levels.
a
At the front of the rack, position one of the mounting rails so that its mounting bracket aligns
with the required rack holes. Clip the rail into the rack.
Figure 1 Slide rail installation
b
At the back of the rack, pull the back mounting-bracket (extending the mounting rail) so that it
aligns with the required rack holes.
c
Clip the rail to the rack and secure it.
d
Repeat these steps to secure the second mounting rail to the rack.
e
Make sure that the mounting rails are at the same level on each side of the rack.
Make sure that you follow the safety warnings. When identifying where you want the
NTBA Appliance to go in the rack, remember that you should always load the rack from
the bottom up. If you are installing multiple NTBA Appliances, start with the lowest
available position first.
Install the NTBA Appliance in the mounting rails
1
With help from another person, lift the NTBA Appliance so that the side rails at the back of the
NTBA Appliance are aligned with the mounting rails in the rack, then push the NTBA Appliance
into the mounting rails until it stops.
Lifting the NTBA Appliance and attaching it to the rack is a two-person job.
2
2
Use a screwdriver to fix a screw through the front and back rack holes to secure the system to
the rack.
3
Attach the provided cable management arm if required.
4
Attach the lockable bezel to protect the front panel if required.
4
Front panel features and indicators T-1200
The front panel features and indicators of NTBA Appliance T-1200 are as follows:
Figure 2 Front panel T-1200
Item
Description
0-11
Hard Drive Bays (12)
12
Front Control Panel
Front Control Panel options
1
Power button with integrated indicator light
2
Hard Drive Activity indicator light
3
System ID button integrated with indicator light
4
System Cold Reset button
5
System NIC 4 Activity indicator light
6
System NIC 3 Activity indicator light
7
Non-maskable interrupt (NMI) button
8
System Status indicator light
9
System NIC 2 Activity indicator light
10
System NIC 1 Activity indicator light (Management port)
3
5
Back panel features and indicators T-1200
The T-1200 NTBA Appliance has three collection ports and one management port. For cabling, use
ports 1 to 10 in the back panel.
The collection ports connect to the network infrastructure that generates the NetFlow data from the
routers and McAfee® Network Security Sensor (Sensor)s. The three collection ports can be used to
distribute the NetFlow data from different routers and Sensors. The management port connects to a
network device that in turn connects to the Manager. The NTBA Appliance is managed through the
Manager.
Figure 3 Back panel T-1200
4
Item
Description
1
Power supply 1
2
Power supply 2
3
Management port (1)
4-6
Collection ports (3)
7
Video connector
8
Console port
9
USB ports (3)
10
Remote Management Module (RMM4 NIC) port
11
Add-in card slots
6
Front panel features and indicators T-600
The front panel features and indicators of NTBA Appliance T-600 are as follows:
Figure 4 Front panel T-600
Item
Description
0-3
Hard drive bays (4)
4
Front Control Panel
5
USB ports (2)
6
Video connector
Front Control Panel options
1
System ID button integrated with indicator light
2
Non-maskable interrupt (NMI) button
3
System NIC 1 Activity indicator light (Management port)
4
System NIC 3 Activity indicator light
5
System Status indicator light
6
Power button with integrated indicator light
7
Hard Drive Activity indicator light
8
System Cold Reset button
9
System NIC 4 Activity indicator light
10
System NIC 2 Activity indicator light
5
7
Back panel features and indicators T-600
The T-600 NTBA Appliance has three collection ports and one management port. For cabling, use
ports 1 to 10 in the back panel.
Figure 5 Back panel T-600
8
Item
Description
1
Power supply 1
2
Power supply 2
3
Management port (1)
4-6
Collection ports (3)
7
Video connector
8
Console port
9
USB ports (3)
10
Remote Management Module (RMM4 NIC) port
11
Add-in card slots
Hardware specifications
These are the hardware specifications for T-1200 and T-600.
Table 1 Hardware specifications
6
Appliance model
T-1200
T-600
Form factor
2U
1U
Width
17.244 in (438 mm)
17.244 in (438 mm)
Depth
27.87 in (707.8 mm) 27.93 in (709.37 mm)
Height
3.45 in (87.6 mm)
1.7 in (43.2 mm)
Maximum weight
21.6 kg (47.65 lbs)
14.96 kg (33 lbs)
Redundant power supply
750W
750W
Estimated inlet power utilization (worst case scenario) 666W
402W
Quiescent power utilization (@ 120V)
230W
140W
Flows per second (fps)
100000
60000
9
Environmental requirements
These are the system level operating and non-operating environmental limits.
Table 2 NTBA Appliance environmental requirements
Parameter
Limits
Environment
Operating Temperature
+10°C to +35°C with the maximum rate of change not to exceed
10°C per hour
Non- Operating Temperature
-40°C to +70°C
Non- Operating Humidity
50% to 90%, non-condensing at 35°C
Acoustic noise
Sound power: 7.0 BA in an idle state at typical office ambient
temperature. (23 +/- 2°C)
Shock, operating
Half sine, 2 g peak, 11 milliseconds
Shock, unpackaged
Trapezoidal, 25 g, velocity change 136 inches/second (≥40 lbs to
<80 lbs)
Shock, packaged
Non-palletized free fall in height 18 inches (≥40 lbs to <80 lbs)
Vibration, unpackaged
5 Hz to 500 Hz, 2.20 g RMS random
Vibration, packaged
5 Hz to 500 Hz, 1.09 g RMS random
ESD, Air Discharged
12 kV
ESD, Contact Discharge
8 kV
System Cooling Requirement in
BTU/Hr
T-1200: 2280 BTU/Hr
T-600: 1370 BTU/Hr
10 Connect the console ports
a
Plug a console cable (RJ45 to DB9 serial) to the console port at the back panel of the NTBA
Appliance.
b
Connect the other end of the cable directly to the serial port of the PC or Terminal Server you
will be using to configure the NTBA Appliance (for example, a PC running correctly configured
Windows HyperTerminal software.)
7
You must connect directly to the console for initial configuration. You can't configure the NTBA
Appliance remotely.
The required settings for HyperTerminal are:
Name
Setting
Baud rate
115200
Number of Bits
8
Parity
None
Stop Bits
1
Control Flow
None
The procedure for cabling the console port of NTBA Appliance T-1200 and T-600 is
similar.
11 Connect the power cables
Connect one end of the power cable to the NTBA Appliance. Plug the other end of the power cable
into a grounded electrical outlet or a separate power source such as an uninterrupted power supply
(UPS) or a power distribution unit (PDU).
When you connect power to the appliance, the appliance will immediately turn on and boot
up.
12 Install the Manager software
a
Prepare the system according to the requirements outlined in the McAfee® Network Security
Platform Installation Guide and McAfee Network Security Platform Release Notes.
b
Close all open applications.
c
Insert the Manager CD into the appropriate drive of the Windows server that you want to use as
your Manager server. Follow the instructions in the Installation Wizard as it guides you through the
entire process.
You must have administrator rights on the target Windows server to install the Manager
software.
A MySQL database is included with the Manager and is installed (embedded)
automatically on your target Windows server during this process.
13 Add the NTBA Appliance to the Manager
Adding an NTBA Appliance to the Manager enables the Manager to accept communication from a
physically installed and network-connected Appliance. After communication has been established, the
8
Manager allows editing of the Appliance configuration. The alert data is available in the Threat
Analyzer and Report queries.
You can add a device by selecting Devices | <Admin Domain Name> | Global | Add and Remove Devices
but it is recommended to use the Add Device Wizard to add all devices (except Virtual HIP
Sensors) and to establish the trust between the Manager and the device.
a
The Add Device Wizard window is displayed after the Manager Initialization Wizard is completed.
McAfee recommend to first add an Appliance to the Manager.
Select Devices | <Admin Domain Name> | Global | Add Device Wizard.
The Preparation page is displayed.
b
Click Next.
The Add New Device page is displayed.
c
Enter the device name.
The name must begin with a letter and can contain alphanumeric characters, hyphens,
underscores and periods. The length of the name is not configurable.
d
Select the Device Type as NTBA Appliance.
e
Enter the Shared Secret (repeat at Confirm Shared Secret).
The device name and shared secret are case-sensitive. The Device Name and Shared Secret must also
be entered on the device command line interface (CLI) during physical installation and
initialization. If not, the Appliance will not be able to register itself with the Manager.
The shared secret must be a minimum of 8 characters in length: the length of the shared secret is not
configurable. The shared secret cannot start with an exclamation mark or have any spaces. The
characters that can be used while creating a shared secret are as follows:
•
26 alpha: upper and lower case (a,b,c,...z and A, B, C,...Z)
•
10 digits: 0 1 2 3 4 5 6 7 8 9
•
32 symbols: ~ ` ! @ # $ % ^ & * ( ) _ + - = [ ] { } \ | ; : " ' , . <? /
f
For a NTBA Appliance, the Updating mode is set to Online.
g
[Optional] Enter the Contact Information and Location.
h
Click Next.
The Trust Establishment page is displayed.
9
i
Follow the instructions on the page to complete the command line interface (CLI) setup and click
Check Trust.
Using the command line interface (CLI), enter the necessary information for the Appliance
identification and communication as described in the McAfee Network Security Platform
Installation Guide.
If you set up the NTBA Appliance first, after the Manager addition, you need to return
to the Appliance to reset the shared secret key and begin Appliance-to-Manager
communication.
j
Click Next.
The Next button is enabled once the trust between the Appliance and the Manager is
established.
The Port Settings page is displayed. By default, the collection ports are disabled.
k
Enable the ports and modify settings. Click Save and then Next.
The General Settings page is displayed.
l
Configure NTBA Appliance settings for collection ports. Click Next.
The DNS Settings page is displayed.
m
By default global settings are inherited. If you wish, modify the DNS server details. Click Next.
The Exporters page is displayed.
n
Add a router exporter that will forward records to the NBA Sensor for processing and click Next.
To add a IPS exporter, go to IPS devices.
The Inside Zones page is displayed.
o
Add a new inside zone or edit the default inside zones. Click Next.
The Outside Zones page is displayed.
p
Add a new outside zone or edit the default outside zone. Click Next.
The Update Configuration page is displayed.
q
Click Update to deploy configuration on the device. This might take some time.
The Update Status bar displays 100% complete.
r
Click Finish.
On the Devices tab, under the Device drop-down list, the NTBA Appliance is added. From Global |
Add and Remove Devices option, you can also view the added Appliance.
10
14 Set up NTBA Appliance
a
Plug a console cable (RJ45 to DB9 serial) to the console port at the back panel of the NTBA
Appliance.
b
Connect the other end of the cable directly to the serial port of the PC or Terminal Server you
are using to configure the NTBA Appliance. (For example, a PC running correctly configured
Windows HyperTerminal software.)
The required settings for HyperTerminal are:
Name
Setting
Baud rate
115200
Number of Bits
8
Parity
None
Stop Bits
1
Control Flow
None
c
Run the HyperTerminal.
d
At the logon prompt, log on to the NTBA Appliance using the default user name admin and
password admin123.
e
At the Press Y to start the setup now or N to do it later prompt, enter Y. Set and
confirm a setup password. Wait for some time to configure the NTBA Appliance.
f
At the Please enter the sensor name prompt, enter the name of the NTBA Appliance.
The values between <> characters are to be entered by the user, excluding the <>
characters.
Example: ntba_appliance_1
The NTBA Appliance name is a case-sensitive alphanumeric character string up to 25 characters.
The string must begin with a letter and can include hyphens. underscores, periods but not
spaces. The NTBA Appliance name typed here should be identical to the one entered against
Device Name in the Add New Device page of the Manager.
g
At the Please enter the sensor IP(A.B.C.D) prompt, type the management port IP address of
the NTBA Appliance.
Specify a 32-bit address written as four eight-bit numbers separated by periods as in
<A.B.C.D>, where A, B, C, or D is an eight-bit number between 0-255.
Example: 10.213.173.237
Setting the IP address for the first time during the initial configuration of the NTBA
Appliance does not require an NTBA Appliance reboot. Subsequent changes to the IP
address however, require reboot for the change to take effect.
h
At the Please enter the sensor subnet mask(A.B.C.D) prompt, type the management port
subnet mask of the Appliance. <A.B.C.D> represents the subnet mask.
Example: 255.255.255.0
11
i
At the Please enter the manager primary IPv4 address(A.B.C.D) prompt, type the IPv4
address of the Manager server.
Example: 192.34.3.2
j
(Optional) At the Press Y to configure manager secondary IP address prompt, type Y if
you wish to set a Manager secondary IP address. By default, this is set to N.
k
At the Please enter the sensor default gateway(A.B.C.D) prompt, type the IP address.
Use the same convention as for the sensor IP address.
Note that you should be able to ping the gateway. The gateway should be reachable.
Example: 192.34.2.8
l
Make sure you have set a shared secret key on the Manager for this sensor.
m
At the Please enter shared secret key prompt, type the shared secret key value. This value
is used to establish a trust relationship between the NTBA Appliance and the Manager.
n
Type the same shared secret key value that you typed in the Add New Device page of the Manager.
The NTBA Appliance prompts you to verify the value. Make sure that the configuration settings
to this point have successfully established the NTBA Appliance on the network.
o
Type the value again and press ENTER.
You can change the NTBA Appliance password by using the passwd command.
A password must be between 8 and 25 characters, is case-sensitive, and can consist of any
alphanumeric character or symbol.
McAfee strongly recommends that you choose a password with a combination of
characters that is easy for you to remember but difficult for someone else to guess.
15 Verify successful NTBA Appliance configuration
You can check whether the NTBA Appliance is configured and is available by executing the following
actions:
Verification process
You can check the NTBA Appliance is configuration as follows:
•
At the NTBA Appliance console type status.
The status information of the NTBA Appliance is displayed. This includes information on whether
the NTBA Appliance is initialized and its health status.
•
At the NTBA Appliance console type show.
The system information is displayed. This includes information on system uptime and the status
of the Management port link.
To exit the session, type exit.
•
12
To view or configure the settings of the collection ports for the NTBA appliance, you access the
configuration page in Devices | Device List | <Device_Name> | Setup | Physical Ports.
Download the latest NTBA Appliance software
a
Select <Admin Domain Name> | Update Server | Software.
The Sensor Software page is displayed.
b
Select the latest software listed under Software Available for Download and click Download.
The Download Status page is displayed.
c
Click Close Window once the download is complete.
The downloaded software is listed under Software on the Manager in the Sensor Software page as also in
the Software Upgrade page (<Admin Domain Name> | Device List/<NTBA Appliance> | Physical Device | Software
Upgrade.)
Upgrade NTBA Appliance software
You need to upgrade to the latest available version from the Manager.
a
Select Devices | <Admin Domain Name> | Devices | <NTBA Appliance> | Maintenance | Deploy Device Software.
The Deploy Device Software page is displayed.
b
Select the latest software listed under Software Ready for Installation and click Upgrade.
The Download Status page is displayed.
c
Click Close Window once the download is complete.
13
14
15
Copyright © 2014 McAfee, Inc. www.intelsecurity.com
Intel and the Intel logo are trademarks/registered trademarks of Intel Corporation. McAfee and the McAfee logo are trademarks/
registered trademarks of McAfee, Inc. Other names and brands may be claimed as the property of others.
16
700-4259B00
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement