Network Security Platform NS3x00 Quick Start Guide

Network Security Platform NS3x00 Quick Start Guide

NS3x00 Quick Start Guide

Revision A

McAfee Network Security Platform

This quick start guide explains how to quickly set up and activate your McAfee

®

Network Security Platform

NS3100 and NS3200 Sensors in inline mode. These models have a throughput of 100 Mbps and 200 Mbps respectively.

All product documentation referenced in this quick start guide is found on the McAfee Service Portal .

The NS3100/NS3200 Sensor model

Figure 1 Sensor front panel

1

Console port (1)

2

RJ-45 10/100/1000 Management port (MGMT) (1)

3

RJ-45 10/100/1000 Response port (R1) (1)

4

USB ports (1)

5

RJ-45 10/100/1000 Mbps Ethernet Monitoring ports (8)

Figure 2 Sensor rear panel

1

1

Power supply inlet (1)

2

Fan units (3)

1 Verify the contents in the box

The following accessories are shipped in the NS3x00 Sensor crate:

• Sensor

• Power cords (McAfee provides standard and international power cables)

• Printed Quick Start Guide

2 Verify the hardware and software requirements

Make sure to meet the following hardware requirements. For more information, see the McAfee

Network Security Platform Installation Guide.

The following are the system requirements for a Manager server.

Operating system

Minimum required

Any of the following:

• Windows Server 2008 R2 Standard or Enterprise

Edition, English operating system, SP1 (64-bit) (Full

Installation)

• Windows Server 2008 R2 Standard or Enterprise

Edition, Japanese operating system, SP1 (64-bit) (Full

Installation)

• Windows Server 2012 Standard Edition (Server with a

GUI) English operating system

• Windows Server 2012 Standard Edition (Server with a

GUI) Japanese operating system

• Windows Server 2012 R2 Standard Edition (Server with a GUI) English operating system

• Windows Server 2012 R2 Standard Edition (Server with a GUI) Japanese operating system

• Windows Server 2012 R2 Datacenter Edition (Server with a GUI) English operating system

• Windows Server 2012 R2 Datacenter Edition (Server with a GUI) Japanese operating system

Only x64 architecture is supported.

Recommended

Same as the minimum required.

Memory

CPU

8 GB

Server model processor such as Intel Xeon

Disk space 100 GB

8 GB or more

Same

300 GB or more

2

Network

Monitor

Minimum required

100 Mbps card

32-bit color, 1440 x 900 display setting

Recommended

1000 Mbps card

1440 x 900 (or above)

The following are the system requirements for client systems connecting to the Manager application.

Recommended

Operating system

Minimum

• Windows 7 English or Japanese

• Windows 8 English or Japanese

• Windows 8.1 English or Japanese

• Windows 10 English or Japnese

The display language of the Manager client must be same as that of the Manager server operating system.

RAM

CPU

Browser

2 GB

1.5 GHz processor

• Internet Explorer 9, 10 or 11

• Mozilla Firefox

Google Chrome in not supported since the NPAPI plug-in is disabled by default and will not be supported by Google going forward. This means that Java applet support is also disabled by default.

4 GB

1.5 GHz or faster

• Internet Explorer 11

• Mozilla Firefox

41.0.2 or above

Install the following software:

• Sensor image

• Manager image

• Signature set

3 Install the Sensor

The mounting ears are pre-attached to the Sensor. Install the Sensor into the rack.

3

4 Connect the Management and Console ports

a

On the front panel of the NS3x00 Sensors, plug a Category 5e Ethernet cable in the

Management port (labeled MGMT).

b

Plug the other end of the cable into the network device connected to your Manager server.

c

On the front panel of the NS3x00 Sensors, plug the DB9 Console cables into the Console port

(labeled Console).

4 d

Connect the other end of the Console port cable directly to a COM port of the PC or terminal server you are using to configure the Sensor (for example, a PC running correctly configured

Windows Hyperterminal software). You must directly connect to the console for initial configuration, you cannot configure the Sensor remotely.

Terminal servers are provided for console access.

The required settings for Hyperterminal are:

• Baud rate: 115200

• Number of Bits: 8

• Parity: None

• Stop Bits: 1

• Control Flow: None

e

Plug one end of the power cable into the power inlet and plug the other end into a power source.

The Sensor ships with standard US power and international cables.

The NS-series Sensor does not have a power switch. You can directly plug the power cable into a power source.

5 Connect the monitoring ports

This procedure describes how to connect cables to a Sensor that runs in inline mode.

a

Plug the cable appropriate for use with your transceiver module into one of the monitoring ports labeled x (for example, 1).

b

Plug the cable appropriate for use with your transceiver module into one of the monitoring ports labeled y (for example, 2).

c

Connect the other end of each cable to the network devices that you want to monitor. For example, if you plan to monitor traffic between a switch and a router, connect the cable connected to 1 to the router and the one connected to 2 to the switch.

6 Install the Manager software

For detailed instructions, see the McAfee Network Security Platform Installation Guide.

You must have administrator rights on the target Windows Server to install the Manager software.

A MySQL database is included with the Manager and is installed (embedded) automatically on your target Windows Server during this process.

5

The following steps briefly explain the Manager installation:

a

Prepare the system according to the requirements outlined in McAfee Network Security Platform

Installation Guide and the McAfee Network Security Platform Release Notes.

b

Close all open applications.

c

Go to the McAfee Update Server ( https://menshen1.intruvert.com/ ) and log on, using the grant number and password.

d

Go to the Manager Software Updates folder and select the latest Manager software version available.

f e

Download the .zip file to the target Windows Server and extract the setup file.

Double-click Manager _<version>_setup.exe and follow the on-screen prompts.

7 Start the Manager

From the Start menu, select Programs | McAfee | Network Security Manager | Network Security Manager.

8 Add the Sensor to the Manager

The Manager displays the Logon page.

a

Log on to the Manager using the default user name (admin) and password (admin123).

b

Click the Devices tab.

c

Select the admin domain from the Domain drop-down. To add a Sensor in the Manager, select

Global | Add and Remove Devices, then click New.

You do not require a license file to enable IPS on NS-series Sensors.

The Add and Remove Devices page is displayed. We recommend using the Add Device wizard to add a device.

6

d

Enter the following mandatory information in the appropriate fields.

1)

Device Name — The Sensor name must begin with a letter. The maximum length of the name is 25 characters.

2)

Device Type — Specifies the type of device to be added. Select IPS Sensor.

3)

Shared Secret — The shared secret must be a minimum of 8 characters and maximum of 25 characters in length. The key cannot start with an exclamation mark nor can have any spaces. The parameters that you can use to define the key are:

• 26 alphabets: Uppercase and lowercase (A, B, C,...Z and a,b,c,...z)

• 32 symbols: ~ ` ! @ # $ % ^ & * ( )

_ +

‑ = [ ] { } \ | ; : " ' , . <? /

• 10 digits: 0 1 2 3 4 5 6 7 8 9

Retype the password in Confirm Shared Secret.

The Sensor name and shared secret key that you enter in the Manager must be identical to the shared secret that you will later enter during physical installation or initialization of the Sensor (using CLI interface) in Step 9 - Configure Sensor

information. If not, the Sensor will not be able to register itself with the Manager.

4)

Updating Mode — Select Online or Offline.

Selecting Offline enables Offline Sensor update. Online is the default mode.

5)

Contact Information — (Optional) Type the contact information.

6)

Location — (Optional) Type the location.

e

Click Save. The added Sensor is displayed on the Add and Remove Devices page.

9 Configure Sensor information

Configure the Sensor with the network information, a name, and the shared secret key that the

Sensor uses to establish secure communication with the Manager. Use the name and key values you set in Step 8- Add the Sensor to the Manager.

The first time you configure a Sensor, you must have physical access to the Sensor.

7

At any time during configuration, you can type a question mark (?) to get help on the Sensor CLI commands. For a list of all commands, type commands.

a

Log on to the Sensor using the terminal connected to the Console port.

b

At the prompt, log on using the default Sensor user name (admin) and password (admin123).

8 c

Optional, but recommended. Change the Sensor password. At the prompt, type: passwd.The

Sensor prompts you to enter the new password and prompts you for the old password.

A password must contain between 8–25 characters, is case sensitive, and can consist of any alphanumeric character or symbol.

d

Set the name of the Sensor:

You can enter the setup command at the prompt. This automatically prompts you to provide the information shown in items d through g and item j. Alternatively, you can use the set command. If you use the set command, manually enter the complete command syntax as shown in items d through g and item j.

At the prompt, type: set sensor name <word>.

Example: set sensor name HR_sensor1

The Sensor name is a case-sensitive character string up to 25 characters. The string can include hyphens, underscores, and periods, and must begin with a letter.

e

If the Sensor is not on the same network as the Manager, set the address of the default

Gateway. At the prompt, type: set sensor gateway <A.B.C.D>

Example: set sensor gateway 192.1.1.1

f

Set the IP address of the Manager server. At the prompt, type: set manager ip <A.B.C.D>.

Example: set manager ip 192.2.2.2

g

Set the IP address and subnet mask of the Sensor. At the prompt, type: set sensor ip

<A.B.C.D> <E.F.G.H>.

Example: set sensor ip 192.3.3.3 255.255.255.0

Specify an IP address using four octets separated by periods: X.X.X.X, where X is a number between 0 and 255, followed by a subnet mask in the same format.

i j h

If prompted, reboot the Sensor. Type: reboot

The Sensor can take up to five minutes to complete its reboot.

Ping the Manager from the Sensor to determine if your configuration settings to this point have successfully established the Sensor on the network. At the prompt, type: ping <manager IP address>.

If the ping is successful, continue with the following steps. If not, type show to verify your configuration settings and check that the information is correct.

Set the shared secret key value for the Sensor. At the prompt, type: set sensor sharedsecretkey

The Sensor then prompts you to enter and then confirm the shared secret key value.

This value is used to establish a trust relationship between the Sensor and the

Manager. The secret key value can be between 8 and 25 characters of any ASCII text.

The shared key value is case-sensitive. Make sure that the value matches the shared secret key value you provided in the Manager interface in Step 8- Add the Sensor to

the Manager.

l k

To verify the configuration information, type show. Check that all information is correct.

To exit the session, type exit.

9

10 Verify successful installation

a

In the Sensor CLI, type: status. The status report is displayed.

10

The Sensor parameter System Initialized must be yes, and for Manager communication

Trust Established must be yes.

b

From the Manager Dashboard, view the Manager status in the System Health monitor.

The Manager status displays as Up and Sensor status is Active.

c

From the Manager, select Devices | <Admin Domain Name> | Devices | <Device Name> | Setup | Physical Ports to open the ports page.

<Device Name> indicates the name of the Sensor you added.

d

A policy named Default Inline IPS is active upon Sensor addition. To view this policy, select Policy

| <Admin Domain Name> | Intrusion Prevention | IPS Policies. Select Default Inline IPS from the list and click

View / Edit.

The Default Inline IPS policy contains attacks already configured with a "blocking"

Sensor response action. If any attack in the policy is triggered, the Sensor automatically blocks the attack. To tune this or any other McAfee-provided policies, you can clone the policy and then customize it as described in the McAfee Network Security

Platform IPS Administration Guide.

11

f e

Select Devices | <Admin Domain Name> | Devices | <Device Name> | Setup | Physical Ports.

Select the port on the Sensor that you cabled to view port settings. Make sure that your port settings match the cabling, for example, if port 1 is cabled for inline mode, then the Operating Mode in the port setting must be inline mode.

For more information on port settings, see Configuring the monitoring and response

ports of a Sensor chapter in the McAfee Network Security Platform IPS Administration

Guide.

11 You're up and running!

Your Sensor is actively monitoring connected segments and communicating with the Manager for administration and management operations.

a

For detailed usage instructions, see the McAfee Network Security Platform IPS Administration

Guide, or click the Detailed Help buttons in the upper-right corner of each window in the Manager.

b

Start the Analysis | Threat Analyzer to view alert statistics as attacks are detected. A summary of alerts is displayed in the Unacknowledged Alert Summary area of the Manager Dashboard page.

c

Having problems? See the McAfee Network Security Platform Troubleshooting Guide for troubleshooting information.

d

Most deployment problems stem from configuration mismatches between the Sensor and the network devices to which it is connected. Check the duplex and auto-negotiation settings on both devices to ensure that they are synchronized.

To contact technical support, go to https://support.mcafee.com

.

Copyright © 2016 McAfee, Inc. www.intelsecurity.com

Intel and the Intel logo are trademarks/registered trademarks of Intel Corporation. McAfee and the McAfee logo are trademarks/ registered trademarks of McAfee, Inc. Other names and brands may be claimed as the property of others.

12

700-4498A00

Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement