AirTight SpectraGuard Enterprise Installation Guide
Below you will find brief information for SpectraGuard Enterprise 5.7. This guide covers the step-by-step process of installing and configuring the SpectraGuard Enterprise 5.7 system, including setting up the server and sensors. The SpectraGuard Enterprise 5.7 system provides comprehensive wireless vulnerability management and intrusion prevention capabilities. It effectively identifies and mitigates wireless security threats, safeguarding your network from unauthorized access and intrusion.
PDF
Download
Document
Advertisement
Advertisement
Installation Guide ȱ SpectraGuard ® Enterprise An AirTight® Product ȱ Wireless Vulnerability Management and Intrusion Prevention Version 5.7 ȱ ȱ ® AirTight Networks, Inc., 339 N. Bernardo Avenue, # 200, Mountain View, CA 94043 https://www.airtightnetworks.com Product documentation is being enhanced continuously based on customer feedback. To obtain a latest copy of this document, visit www.airtightnetworks.com/home/support.html ȱ ȱ Thisȱpageȱhasȱbeenȱintentionallyȱleftȱblank. ȱ ȱ SpectraGuard® Enterprise InstallationȱGuideȱ CAUTION This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. Any changes or modifications not expressly approved by the party responsible for compliance could void the authority to operate equipment. Warning "Industry Canada regulatory information Operation is subject to the following two conditions: (1) this device may not cause interference, and (2) this device must accept any interference, including interference that may cause undesired operation of the device. "The user is cautioned that this device should be used only as specified within this manual to meet RF exposure requirements. Use of this device in a manner inconsistent with this manual could lead to excessive RF exposure conditions." FEDERAL COMMUNICATIONS COMMISSION INTERFERENCE STATEMENT This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures: - Reorient or relocate the receiving antenna. - Increase the separation between the equipment and receiver. - Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. Consult the dealer or an experienced radio/TV technician for help. RF exposure warning · This equipment must be installed and operated in accordance with provided instructions and the antenna(s) used for this transmitter must be installed to provide a separation distance of at least 20 cm from all persons and must not be co-located or operating in conjunction with any other antenna or transmitter. End-users and installers must be provide with antenna installation instructions and transmitter operating conditions for satisfying RF exposure compliance. Disclaimerȱ THEȱINFORMATIONȱINȱTHISȱGUIDEȱISȱSUBJECTȱTOȱCHANGEȱWITHOUTȱANYȱPRIORȱNOTICE.ȱ AIRTIGHT®ȱNETWORKS,ȱINC.ȱISȱNOTȱLIABLEȱFORȱANYȱSPECIAL,ȱINCIDENTAL,ȱINDIRECT,ȱORȱCONSEQUENTIALȱ DAMAGESȱWHATSOEVERȱ(INCLUDING,ȱWITHOUTȱLIMITATION,ȱDAMAGESȱFORȱLOSSȱOFȱBUSINESSȱPROFITS,ȱ BUSINESSȱINTERRUPTION,ȱLOSSȱOFȱBUSINESSȱINFORMATION,ȱORȱANYȱOTHERȱPECUNIARYȱLOSS)ȱARISINGȱOUTȱOFȱ THEȱUSEȱOFȱORȱINABILITYȱTOȱUSEȱTHISȱPRODUCT.ȱ THISȱPRODUCTȱHASȱTHEȱCAPABILITYȱTOȱBLOCKȱWIRELESSȱTRANSMISSIONSȱFORȱTHEȱPURPOSEȱOFȱPROTECTINGȱ YOURȱNETWORKȱFROMȱMALICIOUSȱWIRELESSȱACTIVITY.ȱBASEDȱONȱTHEȱPOLICYȱSETTINGS,ȱYOUȱHAVEȱTHEȱ ABILITYȱTOȱSELECTȱWHICHȱWIRELESSȱTRANSMISSIONSȱAREȱBLOCKEDȱAND,ȱTHEREFORE,ȱTHEȱCAPABILITYȱTOȱ BLOCKȱANȱEXTERNALȱWIRELESSȱTRANSMISSION.ȱIFȱIMPROPERLYȱUSED,ȱYOURȱUSAGEȱOFȱTHISȱPRODUCTȱMAYȱ VIOLATEȱUSȱFCCȱPARTȱ15ȱANDȱOTHERȱLAWS.ȱBUYERȱACKNOWLEDGESȱTHEȱLEGALȱRESTRICTIONSȱONȱUSAGEȱANDȱ UNDERSTANDSȱANDȱWILLȱCOMPLYȱWITHȱUSȱFCCȱRESTRICTIONSȱASȱWELLȱASȱOTHERȱGOVERNMENTȱ REGULATIONS.ȱAIRTIGHTȱISȱNOTȱRESPONSIBLEȱFORȱANYȱWIRELESSȱINTERFERENCEȱCAUSEDȱBYȱYOURȱUSEȱOFȱ THEȱPRODUCT.ȱAIRTIGHTȱANDȱITSȱAUTHORIZEDȱRESELLERSȱORȱDISTRIBUTORSȱWILLȱASSUMEȱNOȱLIABILITYȱFORȱ ANYȱDAMAGEȱORȱVIOLATIONȱOFȱGOVERNMENTȱREGULATIONSȱARISINGȱFROMȱYOURȱUSAGEȱOFȱTHEȱPRODUCT,ȱ EXPECTȱASȱEXPRESSLYȱDEFINEDȱINȱTHEȱINDEMNITYȱSECTIONȱOFȱTHISȱDOCUMENT.ȱ LIMITATIONȱOFȱLIABILITYȱ AirTightȱwillȱnotȱbeȱliableȱtoȱcustomerȱorȱanyȱotherȱpartyȱforȱanyȱindirect,ȱincidental,ȱspecial,ȱconsequential,ȱexemplary,ȱorȱ relianceȱdamagesȱarisingȱoutȱofȱorȱrelatedȱtoȱtheȱuseȱofȱSpectraGuard®ȱEnterpriseȱunderȱanyȱlegalȱtheory,ȱincludingȱbutȱnotȱ limitedȱtoȱlostȱprofits,ȱlostȱdata,ȱorȱbusinessȱinterruption,ȱevenȱifȱAirTightȱknowsȱofȱorȱshouldȱhaveȱknownȱofȱtheȱpossibilityȱofȱ suchȱdamages.ȱRegardlessȱofȱtheȱcauseȱofȱactionȱorȱtheȱformȱofȱaction,ȱAirTight’sȱtotalȱcumulativeȱliabilityȱforȱactualȱdamagesȱ arisingȱoutȱofȱorȱrelatedȱtoȱtheȱuseȱofȱSpectraGuard®ȱEnterpriseȱwillȱnotȱexceedȱtheȱpriceȱpaidȱforȱSpectraGuard®ȱEnterprise.ȱ Copyrightȱ©ȱ2003–2008ȱAirTight®ȱNetworks,ȱInc.ȱAllȱRightsȱReserved.ȱ AirTight®ȱNetworks,ȱTheȱAirTightȱlogo,ȱandȱSpectraGuard®ȱareȱregisteredȱtrademarksȱofȱAirTight®ȱNetworks.ȱAllȱotherȱ productsȱandȱservicesȱareȱtrademarks,ȱregisteredȱtrademarks,ȱandȱserviceȱmarksȱorȱregisteredȱserviceȱmarksȱofȱtheirȱrespectiveȱ owners.ȱ ThisȱproductȱcontainsȱcomponentsȱfromȱOpenȱSourceȱsoftware.ȱTheseȱcomponentsȱareȱgovernedȱbyȱtheȱtermsȱandȱconditionsȱ ofȱtheȱGNUȱPublicȱLicense.ȱToȱreadȱtheseȱtermsȱandȱconditionsȱvisitȱhttp://www.gnu.org/copyleft/gpl.html.ȱ ThisȱproductȱisȱprotectedȱbyȱoneȱorȱmoreȱofȱU.S.ȱpatentȱNos.ȱ7,002,943,ȱ7,154,874,ȱ7,216,365,ȱ7,333,800,ȱ7,333,481,ȱ7,339,914,ȱ 7,406,320,ȱAustralianȱpatentȱNo.ȱ200429804ȱandȱanyȱothersȱlistedȱatȱwww.airtightnetworks.com/patents.ȱMoreȱpatentsȱpending.ȱ ȱ FederalȱCommunicationȱCommissionȱInterferenceȱStatementȱ ThisȱequipmentȱhasȱbeenȱtestedȱandȱfoundȱtoȱcomplyȱwithȱtheȱlimitsȱforȱaȱClassȱBȱdigitalȱdevice,ȱpursuantȱtoȱPartȱ15ȱofȱtheȱ FCCȱRules.ȱTheseȱlimitsȱareȱdesignedȱtoȱprovideȱreasonableȱprotectionȱagainstȱharmfulȱinterferenceȱinȱaȱresidentialȱ installation.ȱThisȱequipmentȱgeneratesȱusesȱandȱcanȱradiateȱradioȱfrequencyȱenergyȱand,ȱifȱnotȱinstalledȱandȱusedȱinȱ accordanceȱwithȱtheȱinstructions,ȱmayȱcauseȱharmfulȱinterferenceȱtoȱradioȱcommunications.ȱ However,ȱthereȱisȱnoȱguaranteeȱthatȱinterferenceȱwillȱnotȱoccurȱinȱaȱparticularȱinstallation.ȱIfȱthisȱequipmentȱdoesȱcauseȱ harmfulȱinterferenceȱtoȱradioȱorȱtelevisionȱreception,ȱwhichȱcanȱbeȱdeterminedȱbyȱturningȱtheȱequipmentȱoffȱandȱon,ȱtheȱuserȱ isȱencouragedȱtoȱtryȱtoȱcorrectȱtheȱinterferenceȱbyȱoneȱofȱtheȱfollowingȱmeasures:ȱ x Reorientȱorȱrelocateȱtheȱreceivingȱantenna.ȱ x Increaseȱtheȱseparationȱbetweenȱtheȱequipmentȱandȱreceiver.ȱ x Connectȱtheȱequipmentȱintoȱanȱoutletȱonȱaȱcircuitȱdifferentȱfromȱthatȱtoȱwhichȱtheȱreceiverȱisȱconnected.ȱ x Consultȱtheȱdealerȱorȱanȱexperiencedȱradio/TVȱtechnicianȱforȱhelp.ȱ ThisȱdeviceȱcompliesȱwithȱPartȱ15ȱofȱtheȱFCCȱRules.ȱOperationȱisȱsubjectȱtoȱtheȱfollowingȱtwoȱconditions:ȱ(1)ȱThisȱdeviceȱmayȱ notȱcauseȱharmfulȱinterference,ȱandȱ(2)ȱthisȱdeviceȱmustȱacceptȱanyȱinterferenceȱreceived,ȱincludingȱinterferenceȱthatȱmayȱ causeȱundesiredȱoperation.ȱ FCCȱCaution:ȱAnyȱchangesȱorȱmodificationsȱnotȱexpresslyȱapprovedȱbyȱtheȱpartyȱresponsibleȱforȱcomplianceȱcouldȱvoidȱtheȱ userȇsȱauthorityȱtoȱoperateȱthisȱequipment.ȱ IMPORTANTȱNOTE:ȱ iiȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ Disclaimerȱ FCCȱRadiationȱExposureȱStatement:ȱ ThisȱequipmentȱcompliesȱwithȱFCCȱradiationȱexposureȱlimitsȱsetȱforthȱforȱanȱuncontrolledȱenvironment.ȱThisȱequipmentȱ shouldȱbeȱinstalledȱandȱoperatedȱwithȱminimumȱdistanceȱ20ȱcmȱbetweenȱtheȱradiatorȱ&ȱyourȱbody.ȱ Ifȱthisȱdeviceȱisȱgoingȱtoȱbeȱoperatedȱinȱ5.15ȱ~ȱ5.25ȱGHzȱfrequencyȱrange,ȱthenȱitȱisȱrestrictedȱinȱindoorȱenvironmentȱonly.ȱ ThisȱtransmitterȱmustȱnotȱbeȱcoȬlocatedȱorȱoperatingȱinȱconjunctionȱwithȱanyȱotherȱantennaȱorȱtransmitter.ȱ This product must be installed by a professional technician/installer. Operation is subject to the following two conditions: (1) this device may not cause interference, and (2) this device must accept any interference, including interference that may cause undesired operation of the device. To reduce potential radio interference to other users, the antenna type and its gain should be so chosen that the equivalent isotropically radiated power (EIRP) is not more than that required for successful communication. This device has been designed to operate with an antenna having a maximum gain of [20] dBi. Antenna having a higher gain is strictly prohibited per regulations of Industry Canada. The required antenna impedance is 50 ohms. To reduce potential radio interference to other users, the antenna type and its gain should be so chosen that the equivalent isotropically radiated power (e.i.r.p.) is not more than that permitted for successful communication. The County Code Selection feature is disabled for products marketed in the US/Canada. This Class [B] digital apparatus complies with Canadian ICES-003. Cet appareil numerique de la classe [B] est conforme a la norme NMB-003 du Canada. iii SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® If this device is going to be operated in 5.15 ~ 5.25GHz frequency range, then it is restricted in indoor environment only. FCC NOTICE: To comply with FCC part 15 rules in the United States, the system must be professionally installed to ensure compliance with the Part 15 certification. It is the responsibility of the operator and professional installer to ensure that only certified systems are deployed in the United States. The use of the system in any other combination (such as co-located antennas transmitting the same information) is expressly forbidden. Only the antennas listed below are allowed to be used with the radio. Ant. Antenna Model Name Product description Type 1 Omni Ant. 2.4/5 GHz Omni Ant. REMARK Gain (dBi) 3CWE591 3Com® 6/8dBi Dual-Band Omni Antenna 6/8 CUSHCRAFT 2.4~2.5& 2 Tx/Rx mode S24513BPX 4.9~5.9 GHz DUAL BAND 6/6.5 OMNI ANTENNA 1T1R/ 1T1R concurrent 1T1R/ 1T1R concurrent Main Ant. for test - Airtight 2.4~2.5& 4.9~5.9 3 Omni Ant. SS-200-AT-AN-30 GHz Dual-band Omnidirectional 6/6.5 1T1R/ 1T1R concurrent - Indoor/outdoor antenna 4 Omni Ant. TGX-102XNXXX 5 Panel Ant. 3CWE596 6 Panel Ant. 3CWE598 Joymax Base Station Antenna 3Com® 18/20dBi Dual-Band Panel Antenna 3Com® 8/10dBi Dual-Band Panel Antenna 6/6 18/20 8/10 1T1R/ 1T1R concurrent 2T2R/ 2T2R concurrent 2T2R/ 2T2R concurrent Main Ant. for test - CUSHCRAFT Tri-mode, dual band 802.11b/a/g 7 Panel Ant. SL24513P12SMF ceiling mounted 3/3 Omnidirectional panel 2T2R/ 2T2R concurrent - antenna Airtight dual band 8 Panel Ant. SS-200-AT-AN-10 802.11b/a/g Omnidirectional 3/3 2T2R/ 2T2R concurrent - Indoor panel antenna 9 10 Monopole Ant. PCB Ant. 3CWE590 3Com 2dBi Dual-Band Omni Antenna Kit TFF-A015MPAX-361 Integrated PCB Antenna 2/2 2T3R Main Ant. for test 3/3 2T3R Main Ant. for test EndȱUserȱLicenseȱAgreementȱ EndȱUserȱLicenseȱAgreementȱ BEFOREȱYOUȱCLICKȱ“IȱHAVEȱREADȱANDȱAGREEȱTOȱTHEȱLICENSINGȱAGREEMENTȱABOVE”ȱORȱOTHERWISEȱUSEȱORȱ ACTIVATEȱTHEȱAIRTIGHTȱPRODUCTS,ȱREADȱTHISȱAGREEMENTȱCAREFULLY.ȱȱITȱISȱAȱLEGALLYȱBINDINGȱ AGREEMENTȱANDȱCONTROLSȱYOURȱANDȱYOURȱCOMPANY’SȱUSEȱOFȱTHEȱAIRTIGHTȱPRODUCTS.ȱ WHENȱYOUȱCLICKȱȈIȱHAVEȱREADȱANDȱAGREEȱTOȱTHEȱLICENSINGȱAGREEMENTȱABOVEȈȱORȱOTHERWISEȱ DOWNLOAD,ȱUSEȱORȱACTIVATEȱTHEȱAIRTIGHTȱPRODUCTS,ȱTHISȱAGREEMENTȱGOVERNSȱYOURȱUSE.ȱȱTHISȱ AGREEMENTȱISȱENFORCEABLEȱAGAINSTȱYOUȱANDȱANYȱENTITYȱTHATȱOBTAINSȱORȱUSESȱTHEȱAIRTIGHTȱ PRODUCTSȱTHROUGHȱYOUȱONȱTHEIRȱBEHALF.ȱȱIFȱYOUȱORȱANYȱENTITYȱTHATȱYOUȱREPRESENTȱDOESȱNOTȱAGREEȱ TOȱALLȱOFȱTHEȱTERMSȱOFȱTHISȱAGREEMENT,ȱCLICKȱTHEȱBOXȱTHATȱSAYSȱ“IȱDOȱNOTȱAGREEȱTOȱTHEȱLICENSINGȱ AGREEMENTȱABOVE”ȱANDȱDOȱNOTȱOTHERWISEȱDOWNLOAD,ȱINSTALLȱORȱACTIVATEȱTHEȱAIRTIGHTȱPRODUCTS.ȱȱ IFȱYOUȱPAIDȱFORȱTHEȱAIRTIGHTȱPRODUCT(S)ȱANDȱDIDȱNOTȱHAVEȱANȱOPPORTUNITYȱTOȱREVIEWȱTHISȱ AGREEMENTȱPRIORȱTOȱPURCHASINGȱITȱANDȱDOȱNOTȱAGREEȱTOȱTHISȱAGREEMENT,ȱCONTACTȱYOURȱPLACEȱOFȱ PURCHASEȱTOȱRETURNȱTHEȱPRODUCTȱFORȱAȱREFUNDȱINȱACCORDANCEȱWITHȱITSȱREFUNDȱPOLICIES.ȱ SEEȱSECTIONȱ11ȱREGARDINGȱYOURȱCONSENTȱTOȱAIRTIGHT’SȱUSEȱOFȱCERTAINȱCOLLECTEDȱDATA.ȱ 1. DEFINITIONSȱ 1.1ȱ “You”ȱorȱ“Your”ȱshallȱmeanȱanyȱperson,ȱentityȱorȱorganizationȱthatȱusesȱAirTightȱproducts.ȱ 1.2ȱ “AirTight,”ȱshallȱmeanȱAirTightȱNetworks,ȱInc.ȱ 1.3ȱ “AirTightȱCompetitor”ȱaȱpersonȱorȱentityȱinȱtheȱbusinessȱofȱwirelessȱsecurityȱproductsȱorȱservicesȱsubstantiallyȱ similarȱtoȱAirTight’sȱproductsȱorȱservices.ȱ 1.4ȱ “YourȱCustomers”ȱmeansȱyourȱcurrentȱorȱpotentialȱcustomersȱexcludingȱanyȱAirTightȱCompetitor.ȱ 1.5ȱ “Documentation”ȱshallȱmeanȱtheȱendȬuserȱtechnicalȱdocumentationȱthatȱAirTightȱsuppliesȱwithȱtheȱHardwareȱ(ifȱ any)ȱandȱSoftware.ȱȱAdvertisingȱandȱmarketingȱmaterialsȱareȱnotȱDocumentation.ȱ 1.6ȱ “Error”ȱshallȱmeanȱaȱreproducibleȱfailureȱofȱtheȱSoftwareȱorȱHardwareȱtoȱperformȱinȱsubstantialȱconformityȱwithȱitsȱ Documentation.ȱ 1.7ȱ “Hardware”ȱshallȱmeanȱtheȱhardwareȱcontainingȱAirTightȱsoftware.ȱNotȱallȱAirTightȱProductsȱcomeȱwithȱhardware.ȱ 1.8ȱ “IntellectualȱPropertyȱRights”ȱshallȱmeanȱcopyrights,ȱtrademarks,ȱserviceȱmarks,ȱtradeȱsecrets,ȱpatents,ȱpatentȱ applications,ȱmoralȱrights,ȱcontractualȱrightsȱofȱnonȬdisclosureȱorȱanyȱotherȱintellectualȱpropertyȱorȱproprietaryȱrights,ȱ howeverȱarising,ȱthroughoutȱtheȱworld.ȱȱ 1.9ȱ “Release”ȱshallȱmeanȱanyȱUpdateȱorȱUpgradeȱifȱandȱwhenȱtheseȱareȱmadeȱavailableȱbyȱAirTight.ȱȱInȱtheȱeventȱofȱaȱ disputeȱasȱtoȱwhetherȱaȱparticularȱReleaseȱisȱanȱUpdateȱorȱanȱUpgrade,ȱAirTightȇsȱpublishedȱdesignationȱwillȱbeȱfinal.ȱ 1.10ȱ “Software”ȱshallȱmeanȱtheȱsoftwareȱ(inȱobjectȱcodeȱformat)ȱcreatedȱorȱlicensedȱbyȱAirTightȱandȱlicensedȱtoȱyouȱeitherȱ asȱaȱstandȱaloneȱproductȱorȱloadedȱonȱAirTightȱHardware,ȱandȱanyȱReleaseȱthereto.ȱ 1.11ȱ “Update”ȱshallȱmean,ȱifȱandȱwhenȱavailable,ȱanyȱerrorȱcorrections,ȱfixes,ȱworkaroundsȱorȱotherȱmaintenanceȱreleasesȱ withȱrespectȱtoȱtheȱSoftwareȱprovidedȱbyȱAirTightȱthatȱdoȱnotȱaddȱfunctionalityȱtoȱtheȱSoftware.ȱ 1.12ȱ “Upgrade”ȱshallȱmean,ȱifȱandȱwhenȱavailable,ȱnewȱreleasesȱorȱversionsȱofȱtheȱSoftwareȱthatȱmateriallyȱimproveȱtheȱ functionalityȱof,ȱorȱaddȱmaterialȱfunctionalȱcapabilitiesȱto,ȱtheȱSoftware.ȱAirTightȱmayȱchargeȱadditionalȱlicenseȱfeesȱforȱ Upgrades.ȱ ivȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ EndȱUserȱLicenseȱAgreementȱ 2. CONTROLLINGȱAGREEMENT:ȱThisȱelectronicȱAgreementȱisȱtheȱentireȱagreementȱbetweenȱyouȱandȱAirTightȱandȱ supersedesȱallȱpriorȱorȱcontemporaneousȱagreements,ȱunderstandings,ȱandȱcommunications,ȱwhetherȱwrittenȱorȱoralȱ unlessȱsuchȱagreementȱisȱexecutedȱbyȱanȱofficerȱofȱAirTight.ȱȱInȱsuchȱevent,ȱthatȱagreementȱshallȱonlyȱsupersedeȱthisȱ AgreementȱtoȱtheȱextentȱsuchȱagreementȱconflictsȱwithȱthisȱAgreement.ȱȱAnyȱtermsȱandȱconditionsȱinȱyourȱpaperȱorȱ electronicȱpurchaseȱorder,ȱrequestȱforȱproposalȱorȱquotation,ȱorȱaȱresponseȱtoȱthoseȱdocumentsȱareȱsupersededȱbyȱthisȱ electronicȱAgreement.ȱȱIfȱaȱthirdȱpartyȱresellerȱacceptsȱyourȱpurchaseȱorderȱandȱanȱofficerȱofȱAirTightȱdoesȱnotȱsignȱitȱandȱ returnȱitȱtoȱyou,ȱAirTightȱisȱnotȱacceptingȱitsȱtermsȱandȱconditions.ȱȱAirTightȱisȱnotȱobligatedȱunderȱanyȱreseller’sȱ agreementȱwithȱyouȱunlessȱanȱofficerȱofȱAirTightȱsignsȱtheȱagreement.ȱCertainȱthirdȱpartyȱsoftwareȱmayȱbeȱnecessaryȱtoȱ operateȱorȱrunȱtheȱSoftware,ȱyouȱareȱresponsibleȱforȱobtainingȱandȱlicensingȱsuchȱthirdȱpartyȱsoftware.ȱThirdȱpartyȱ softwareȱisȱgovernedȱbyȱtheȱlicenseȱagreementȱprovidedȱbyȱthatȱthirdȱparty.ȱ 3. LICENSEȱGRANTȱ 3.1ȱ LimitedȱLicense.ȱAllȱSoftwareȱisȱlicensed,ȱnotȱsoldȱandȱsubjectȱtoȱthisȱAgreement.ȱȱAllȱHardwareȱisȱsoldȱsubjectȱtoȱtheȱ licenseȱgrantedȱinȱthisȱAgreement.ȱȱForȱeachȱunitȱofȱHardwareȱand/orȱSoftwareȱthatȱyouȱpurchase,ȱAirTightȱgrantsȱyouȱaȱnonȬ exclusive,ȱnonȬtransferableȱ(exceptȱasȱprovidedȱinȱtheȱSectionȱentitledȱAssignment),ȱnonȬsublicensableȱlicenseȱduringȱtheȱtermȱ ofȱthisȱAgreement,ȱtoȱinstallȱandȱexecuteȱsuchȱSoftwareȱandȱHardware.ȱTheȱSoftwareȱandȱHardwareȱareȱlicensedȱforȱyourȱownȱ internalȱbusinessȱpurposesȱunlessȱyouȱhaveȱpurchasedȱorȱbeenȱgivenȱaȱdemonstrationȱversionȱorȱauditȱversionȱofȱtheȱSoftware.ȱ IfȱyouȱhaveȱaȱdemonstrationȱversionȱofȱtheȱSoftware,ȱyouȱmayȱuseȱtheȱSoftwareȱsolelyȱtoȱprovideȱdemonstrationsȱtoȱYourȱ Customers.ȱIfȱyouȱhaveȱanȱauditȱversionȱofȱtheȱSoftware,ȱyouȱmayȱuseȱitȱtoȱprovideȱservicesȱtoȱYourȱCustomers.ȱYouȱmayȱ makeȱandȱretainȱoneȱcopyȱofȱtheȱSoftwareȱforȱbackȬupȱandȱdisasterȱrecoveryȱpurposesȱsoȱlongȱasȱyouȱclearlyȱmarkȱitȱasȱaȱ “backȬup”ȱorȱsimilarȱlanguage.ȱ 3.2ȱ RestrictionsȱonȱUse.ȱExceptȱasȱexpresslyȱprovidedȱforȱinȱthisȱAgreement,ȱyouȱshallȱnot:ȱ(a)ȱadapt,ȱalter,ȱpubliclyȱ display,ȱpubliclyȱperform,ȱtranslate,ȱcreateȱderivativeȱworksȱofȱorȱotherwiseȱmodifyȱtheȱSoftware;ȱ(b)ȱsublicense,ȱlease,ȱrent,ȱ loan,ȱdistributeȱorȱotherwiseȱtransferȱtheȱSoftwareȱtoȱanyȱthirdȱpartyȱ(exceptȱasȱprovidedȱinȱtheȱSectionȱentitledȱAssignment);ȱ(c)ȱ allowȱthirdȱpartiesȱtoȱaccessȱorȱuseȱtheȱSoftwareȱorȱHardware,ȱincludingȱbutȱnotȱlimitedȱtoȱASP,ȱOEM,ȱorȱtimeȬsharingȱ arrangements.ȱYouȱshallȱnotȱreverseȱengineer,ȱdecompile,ȱdisassembleȱorȱotherwiseȱattemptȱtoȱderiveȱtheȱsourceȱcodeȱforȱtheȱ SoftwareȱexceptȱtoȱtheȱextentȱexpresslyȱpermittedȱbyȱapplicableȱlawȱtoȱobtainȱinformationȱnecessaryȱtoȱrenderȱtheȱSoftwareȱ interoperableȱwithȱotherȱsoftware;ȱprovided,ȱhowever,ȱthatȱyouȱmustȱfirstȱrequestȱsuchȱinformationȱfromȱAirTightȱandȱ AirTightȱmay,ȱinȱitsȱdiscretion,ȱeitherȱprovideȱsuchȱinformationȱtoȱyouȱorȱimposeȱreasonableȱconditions,ȱincludingȱaȱ reasonableȱfee,ȱonȱsuchȱuseȱofȱtheȱsourceȱcodeȱforȱtheȱSoftwareȱtoȱensureȱthatȱAirTightȇsȱandȱitsȱsuppliersȇȱproprietaryȱrightsȱinȱ theȱsourceȱcodeȱforȱtheȱSoftwareȱareȱprotected;ȱYouȱshallȱnotȱremove,ȱalterȱorȱobscureȱanyȱproprietaryȱnoticesȱonȱtheȱSoftwareȱ orȱDocumentation.ȱUnderȱnoȱcircumstancesȱmayȱyouȱinstallȱorȱexecuteȱtheȱSoftwareȱonȱmoreȱthanȱoneȱcomputerȱatȱtheȱsameȱ time.ȱExceptȱtoȱtheȱextentȱnecessaryȱtoȱprovideȱaȱdemonstrationȱorȱservicesȱtoȱYourȱCustomerȱwhenȱyouȱhaveȱpurchasedȱorȱ beenȱgivenȱtheȱdemonstrationȱversionȱorȱauditȱversionȱofȱtheȱSoftware,ȱrespectively,ȱyouȱshallȱnotȱcaptureȱscreenshotsȱofȱtheȱ SoftwareȱandȱshareȱitȱwithȱotherȱpeopleȱwithoutȱAirTight’sȱwrittenȱconsent.ȱ 3.3ȱ Installation.ȱYouȱareȱresponsibleȱforȱinstallingȱtheȱSoftwareȱandȱHardwareȱ(ifȱany)ȱunlessȱyouȱpurchaseȱinstallationȱ servicesȱfromȱAirTightȱorȱaȱthirdȱpartyȱpursuantȱtoȱaȱseparateȱagreement.ȱ 4. PROPRIETARYȱRIGHTS.ȱYouȱacknowledgeȱandȱagreeȱthatȱtheȱSoftwareȱandȱHardware,ȱincludingȱbutȱnotȱlimitedȱtoȱtheirȱ sequence,ȱstructure,ȱorganizationȱandȱsourceȱcode,ȱcontainsȱIntellectualȱPropertyȱRightsȱofȱAirTightȱandȱitsȱsuppliers.ȱȱTheȱ Softwareȱisȱlicensedȱandȱnotȱsoldȱtoȱyou,ȱandȱnoȱtitleȱorȱownershipȱtoȱsuchȱSoftwareȱorȱtheȱIntellectualȱPropertyȱRightsȱ embodiedȱthereinȱpassesȱasȱaȱresultȱofȱthisȱAgreementȱorȱanyȱactȱpursuantȱtoȱthisȱAgreement.ȱȱTheȱSoftwareȱ(andȱallȱ IntellectualȱPropertyȱRightsȱtherein)ȱisȱtheȱexclusiveȱpropertyȱofȱAirTightȱandȱitsȱsuppliers,ȱandȱallȱrightsȱinȱandȱtoȱtheȱ SoftwareȱnotȱexpresslyȱgrantedȱtoȱyouȱinȱthisȱAgreement,ȱareȱreserved.ȱȱAirTightȱownsȱallȱcopiesȱofȱtheȱSoftware,ȱhoweverȱ made.ȱTheȱSoftware,ȱHardwareȱandȱrelatedȱmaterialsȱcontainȱtradeȱsecretsȱofȱAirTightȱandȱyouȱshallȱnotȱprovideȱtheȱ Software,ȱHardware,ȱDocumentation,ȱorȱdetailsȱregardingȱtheȱoperationȱofȱtheȱSoftwareȱand/orȱHardware,ȱorȱanyȱotherȱ AirTightȱconfidentialȱand/orȱproprietaryȱinformationȱtoȱanyȱthirdȱparty.ȱ 5. LIMITEDȱWARRANTYȱ 5.1ȱ Warranty.ȱForȱaȱperiodȱofȱoneȱyearȱfromȱyourȱreceiptȱofȱtheȱHardwareȱand/orȱSoftwareȱ(theȱ“WarrantyȱPeriod”),ȱ AirTightȱwarrantsȱtoȱyouȱandȱforȱyourȱsoleȱbenefitȱthat,ȱsubjectȱtoȱtheȱSectionȱentitledȱExclusions,ȱtheȱSoftwareȱandȱHardwareȱ whenȱusedȱasȱpermittedȱunderȱthisȱAgreementȱandȱinȱaccordanceȱwithȱtheȱinstructionsȱinȱtheȱDocumentation,ȱwillȱoperateȱ substantiallyȱwithoutȱError.ȱ v SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® EndȱUserȱLicenseȱAgreementȱ 5.2ȱ Exclusions.ȱAirTightȱwillȱhaveȱnoȱobligationȱtoȱcorrect,ȱandȱAirTightȱmakesȱnoȱwarrantyȱwithȱrespectȱto,ȱErrorsȱ causedȱby:ȱ(a)ȱimproperȱinstallationȱofȱtheȱSoftwareȱorȱHardware;ȱ(b)ȱchangesȱthatȱyouȱhaveȱmadeȱtoȱtheȱSoftwareȱorȱ Hardware;ȱ(c)ȱuseȱofȱtheȱSoftwareȱorȱHardwareȱinȱaȱmannerȱinconsistentȱwithȱtheȱDocumentation;ȱ(d)ȱtheȱcombinationȱofȱtheȱ SoftwareȱorȱHardwareȱwithȱhardwareȱorȱsoftwareȱnotȱprovidedȱbyȱAirTight;ȱ(e)ȱmalfunction,ȱmodificationȱorȱrelocationȱofȱ yourȱservers;ȱorȱ(f)ȱyourȱfailureȱtoȱmakeȱreasonableȱbackups.ȱ 5.3ȱ RemedyȱforȱErrors.ȱForȱErrorsȱreportedȱtoȱAirTightȱduringȱtheȱWarrantyȱPeriod,ȱyourȱexclusiveȱremedyȱandȱ AirTightȇsȱsoleȱliabilityȱforȱbreachȱofȱthisȱwarrantyȱisȱthatȱAirTightȱshall,ȱatȱitsȱownȱexpense,ȱ(a)ȱuseȱcommerciallyȱreasonableȱ effortsȱtoȱmakeȱavailableȱtoȱyou,ȱbyȱInternetȱdownload,ȱUpdatesȱthatȱareȱintendedȱtoȱcorrectȱsuchȱErrorsȱandȱthatȱAirTightȱ makesȱgenerallyȱavailable;ȱ(b)ȱatȱitsȱelection,ȱrepairȱorȱreplaceȱanyȱdefectiveȱHardwareȱreturnedȱtoȱAirTightȱwithinȱtheȱ WarrantyȱPeriod.ȱȱAnyȱremedyȱprovidedȱunderȱthisȱSectionȱ5.3ȱwillȱnotȱextendȱtheȱoriginalȱWarrantyȱPeriod.ȱȱAirTightȱshallȱ haveȱnoȱobligationȱregardingȱErrorsȱreported,ȱorȱreturnsȱmade,ȱafterȱtheȱWarrantyȱPeriod.ȱȱ 5.4ȱ Disclaimer.ȱEXCEPTȱFORȱTHEȱEXPRESSȱWARRANTYȱINȱSECTIONȱ5.1,ȱAIRTIGHTȱANDȱITSȱAFFILIATESȱ DISCLAIMȱALLȱOTHERȱWARRANTIES,ȱWHETHERȱEXPRESS,ȱIMPLIEDȱORȱSTATUTORY,ȱINCLUDINGȱBUTȱNOTȱ LIMITEDȱTOȱTHEȱIMPLIEDȱWARRANTIESȱOFȱMERCHANTABILITY,ȱFITNESSȱFORȱAȱPARTICULARȱPURPOSE,ȱ ACCURACY,ȱRESULT,ȱEFFORT,ȱTITLEȱANDȱNONȬINFRINGEMENT.ȱȱTHEREȱISȱNOȱWARRANTYȱTHATȱTHEȱSOFTWAREȱ WILLȱBEȱERRORȱFREE,ȱORȱTHATȱTHEȱSOFTWAREȱORȱHARDWAREȱWILLȱOPERATEȱWITHOUTȱINTERRUPTIONȱORȱ WILLȱFULFILLȱANYȱOFȱYOURȱPARTICULARȱPURPOSESȱORȱNEEDS.ȱAIRTIGHTȱPROVIDESȱNOȱWARRANTYȱFORȱANYȱ THIRDȱPARTYȱSOFTWARE.ȱ 6. LIMITATIONȱOFȱLIABILITY.ȱTOȱTHEȱMAXIMUMȱEXTENTȱPERMITTEDȱBYȱAPPLICABLEȱLAW:ȱȱAIRTIGHT,ȱITSȱ AFFILIATES,ȱSUPPLIERSȱANDȱMANUFACTURERSȱSHALLȱNOTȱBEȱLIABLEȱTOȱYOUȱORȱANYȱOTHERȱPARTYȱFORȱ ANYȱINDIRECT,ȱINCIDENTAL,ȱSPECIAL,ȱCONSEQUENTIAL,ȱEXEMPLARYȱORȱRELIANCEȱDAMAGESȱARISINGȱ OUTȱOFȱORȱRELATEDȱTOȱTHISȱAGREEMENT,ȱTHEȱHARDWAREȱORȱTHEȱSOFTWARE,ȱUNDERȱANYȱLEGALȱ THEORY,ȱINCLUDINGȱBUTȱNOTȱLIMITEDȱTOȱLOSTȱPROFITS,ȱLOSTȱDATA,ȱBUSINESSȱINTERRUPTION,ȱPERSONALȱ INJURY,ȱFORȱLOSSȱOFȱPRIVACY,ȱNEGLIGENCE,ȱANDȱFORȱANYȱOTHERȱPECUNIARYȱORȱOTHERȱLOSSȱ WHATSOEVER,ȱEVENȱIFȱAIRTIGHTȱKNOWSȱOFȱORȱSHOULDȱHAVEȱKNOWNȱOFȱTHEȱPOSSIBILITYȱOFȱSUCHȱ DAMAGES.ȱȱ EXCEPTȱFORȱAIRTIGHTȇSȱOBLIGATIONSȱUNDERȱTHEȱSECTIONȱENTITLEDȱINDEMNIFICATION,ȱAIRTIGHTȇS,ȱITSȱ AFFILIATES’,ȱSUPPLIERS’ȱANDȱMANUFACTURERS’ȱTOTALȱCUMULATIVEȱLIABILITYȱFORȱACTUALȱDAMAGESȱ ARISINGȱOUTȱOFȱORȱRELATEDȱTOȱTHISȱAGREEMENT,ȱTHEȱHARDWARE,ȱORȱTHEȱSOFTWARE,ȱSHALLȱNOTȱEXCEEDȱ THEȱPRICEȱAIRTIGHTȱRECEIVEDȱFORȱSUCHȱHARDWAREȱORȱSOFTWARE,ȱREGARDLESSȱOFȱTHEȱCAUSEȱORȱFORMȱ OFȱACTION.ȱTHISȱSECTIONȱSHALLȱAPPLYȱEVENȱIFȱYOURȱEXCLUSIVEȱREMEDYȱHASȱFAILEDȱOFȱITSȱESSENTIALȱ PURPOSE.ȱYOUȱACKNOWLEDGEȱANDȱAGREEȱTHATȱTHEȱPRICESȱANDȱFEESȱREFLECTȱTHEȱALLOCATIONȱOFȱRISKȱ SETȱFORTHȱINȱTHISȱAGREEMENTȱANDȱTHATȱAIRTIGHTȱWOULDȱNOTȱENTERȱINTOȱTHISȱAGREEMENTȱWITHOUTȱ THESEȱLIMITATIONSȱONȱITSȱLIABILITY.ȱ 7. INFRINGEMENTȱINDEMNIFICATIONȱ 7.1ȱ AirTight’sȱObligation.ȱSubjectȱtoȱtheȱSectionsȱentitledȱConditionsȱandȱExclusions,ȱifȱaȱthirdȱpartyȱmakesȱaȱclaimȱagainstȱ youȱallegingȱthatȱtheȱHardwareȱorȱSoftwareȱinfringesȱanyȱU.S.ȱpatentȱorȱcopyrightȱregisteredȱorȱissuedȱasȱofȱtheȱStartȱDate,ȱ AirTightȱshall:ȱ(a)ȱpayȱallȱreasonableȱcostsȱtoȱdefendȱyou;ȱandȱ(b)ȱpayȱanyȱdamagesȱassessedȱagainstȱyouȱinȱaȱfinalȱjudgmentȱbyȱ aȱcourtȱofȱcompetentȱjurisdictionȱorȱanyȱsettlementȱthatȱAirTightȱhasȱagreedȱuponȱwithȱsuchȱthirdȱparty.ȱ 7.2ȱ Conditions.ȱAirTightȱshallȱbeȱobligatedȱtoȱpayȱtheseȱcostsȱonlyȱifȱyou:ȱ(a)ȱnotifyȱAirTightȱpromptlyȱinȱwritingȱofȱanyȱ suchȱclaim;ȱ(b)ȱgiveȱAirTightȱfullȱinformationȱandȱassistanceȱinȱsettlingȱand/orȱdefendingȱtheȱclaim;ȱandȱ(c)ȱgiveȱAirTightȱfullȱ authorityȱandȱcontrolȱofȱtheȱdefenseȱandȱsettlementȱofȱanyȱsuchȱclaim.ȱYouȱmayȱalsoȱparticipateȱinȱtheȱdefenseȱatȱyourȱownȱ expense.ȱ 7.3ȱ Exclusions.ȱAirTightȱshallȱnotȱbeȱliableȱfor:ȱ(a)ȱanyȱcostsȱorȱexpensesȱincurredȱbyȱyouȱwithoutȱAirTight’sȱpriorȱwrittenȱ authorization;ȱ(b)ȱanyȱuseȱofȱtheȱHardwareȱorȱSoftwareȱnotȱinȱaccordanceȱwithȱthisȱAgreementȱorȱtheȱDocumentation;ȱ(c)ȱforȱ anyȱclaimȱbasedȱonȱtheȱuseȱorȱaȱcombinationȱofȱtheȱHardwareȱorȱSoftwareȱwithȱanyȱotherȱsoftware,ȱfirmware,ȱhardwareȱorȱ dataȱnotȱprovidedȱorȱapprovedȱbyȱAirTight;ȱ(d)ȱuseȱofȱanyȱReleaseȱofȱtheȱSoftwareȱotherȱthanȱtheȱmostȱcurrentȱReleaseȱmadeȱ availableȱtoȱyou;ȱorȱ(e)ȱanyȱalterationsȱorȱmodificationȱofȱtheȱHardwareȱorȱSoftwareȱbyȱanyȱpersonȱotherȱthanȱAirTightȱorȱitsȱ authorizedȱagents.ȱ 7.4.ȱ Cure.ȱInȱtheȱeventȱAirTightȱisȱrequired,ȱorȱinȱAirTight’sȱsoleȱopinionȱisȱlikelyȱtoȱbeȱrequired,ȱtoȱindemnifyȱyouȱunderȱ viȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ EndȱUserȱLicenseȱAgreementȱ theȱSectionȱentitledȱAirTight’sȱObligation,ȱAirTightȱshallȱdoȱoneȱofȱtheȱfollowing:ȱ(a)ȱobtainȱtheȱrightȱforȱyouȱtoȱcontinueȱusingȱ theȱHardwareȱorȱSoftware;ȱ(b)ȱreplaceȱorȱmodifyȱtheȱHardwareȱorȱSoftwareȱwithȱaȱfunctionalȱequivalentȱthatȱisȱnonȬinfringing;ȱ orȱ(c)ȱterminateȱthisȱAgreementȱandȱrefundȱanyȱfeeȱAirTightȱreceived,ȱproratedȱoverȱ3ȱyears,ȱorȱtheȱperiodȱofȱyourȱlicenseȱifȱ shorterȱthanȱ3ȱyears.ȱ 8. RISKSȱANDȱYOURȱOBLIGATIONS.ȱAirTightȱproductsȱmayȱbeȱcapableȱofȱoperatingȱatȱfrequenciesȱbeyondȱthoseȱallowedȱ inȱyourȱregionȱandȱlocatingȱandȱdisablingȱtargetedȱwirelessȱdevicesȱandȱcomputers.ȱYOUȱUSEȱAIRTIGHTȱPRODUCTSȱATȱ YOURȱOWNȱRISK.ȱIfȱaȱthirdȱpartyȱmakesȱaȱclaimȱagainstȱAirTightȱarisingȱoutȱofȱyourȱuseȱofȱtheȱAirTightȱproductsȱorȱyourȱ breachȱofȱthisȱAgreement,ȱyouȱshall:ȱ(a)ȱpayȱallȱcostsȱtoȱdefendȱAirTight;ȱandȱ(b)ȱpayȱanyȱdamagesȱassessedȱagainstȱ AirTightȱinȱaȱfinalȱjudgmentȱbyȱaȱcourtȱofȱcompetentȱjurisdictionȱorȱanyȱsettlementȱthatȱyouȱagreedȱuponȱwithȱsuchȱthirdȱ party.ȱIfȱyouȱfailȱtoȱmeetȱyourȱobligationsȱunderȱthisȱSection,ȱAirTightȱshallȱhaveȱfullȱauthorityȱandȱcontrolȱofȱtheȱdefenseȱ and/orȱsettlementȱofȱanyȱsuchȱclaimȱatȱyourȱexpense.ȱȱ 9. EXPORTȱRESTRICTIONS.ȱYouȱacknowledgeȱthatȱtheȱSoftwareȱisȱsubjectȱtoȱU.S.ȱexportȱjurisdiction.ȱYouȱagreeȱtoȱcomplyȱ withȱallȱapplicableȱinternationalȱandȱnationalȱlawsȱthatȱapplyȱtoȱtheȱSoftware,ȱincludingȱtheȱU.S.ȱExportȱAdministrationȱ Regulations,ȱasȱwellȱasȱendȬuser,ȱendȬuse,ȱandȱdestinationȱrestrictionsȱissuedȱbyȱU.S.ȱandȱotherȱgovernments.ȱYouȱassumeȱ soleȱresponsibilityȱforȱanyȱrequiredȱexportȱapprovalȱand/orȱlicensesȱandȱallȱrelatedȱcosts.ȱYouȱshallȱnotȱacquire,ȱship,ȱ transferȱorȱreȬexport,ȱdirectlyȱorȱindirectly,ȱtheȱHardwareȱand/orȱSoftwareȱtoȱproscribed,ȱembargoed,ȱorȱprohibitedȱ countriesȱorȱtheirȱnationals,ȱdeniedȱdestinations,ȱnorȱuseȱitȱforȱnuclearȱactivities,ȱchemicalȱbiologicalȱweaponsȱorȱmissileȱ projects.ȱProscribedȱcountries,ȱdestinations,ȱandȱpeopleȱareȱsetȱforthȱinȱtheȱUnitedȱStatesȱExportȱAdministrationȱ Regulations,ȱandȱtheȱOfficeȱofȱForeignȱAssetȱControl’sȱSpeciallyȱDesignatedȱNationalsȱlist,ȱandȱareȱsubjectȱtoȱchangeȱ withoutȱfurtherȱnoticeȱfromȱAirTight.ȱ 10. U.S.ȱGOVERNMENTȱENDȱUSERS.ȱTheȱSoftwareȱcoveredȱunderȱthisȱAgreement,ȱisȱaȱ“commercialȱitem”ȱasȱthatȱtermȱisȱ definedȱatȱ48ȱC.F.R.ȱ2.101,ȱconsistingȱofȱ“commercialȱcomputerȱsoftware”ȱandȱ“commercialȱcomputerȱsoftwareȱ documentation”ȱasȱsuchȱtermsȱareȱusedȱinȱ48ȱC.F.R.ȱ12.212.ȱConsistentȱwithȱ48ȱC.F.R.ȱ12.212ȱandȱ48ȱC.F.R.ȱ227.7202Ȭ1ȱ throughȱ227.7202Ȭ4,ȱallȱU.S.ȱGovernmentȱendȱusersȱacquireȱtheȱSoftwareȱandȱanyȱotherȱsoftwareȱandȱdocumentationȱ coveredȱunderȱthisȱAgreementȱwithȱonlyȱthoseȱrightsȱsetȱforthȱtherein.ȱȱ 11. CONSENTȱTOȱUSEȱOFȱDATA.ȱYouȱagreeȱthatȱAirTightȱandȱitsȱaffiliatesȱmayȱcollectȱandȱuseȱinformationȱthatȱisȱpersonallyȱ identifiableȱtoȱyou.ȱWeȱcollectȱtwoȱtypesȱofȱinformation.ȱȱ x TechnicalȱInformationȱregardingȱtheȱAirTightȱproductsȱandȱyourȱhardwareȱorȱsoftware,ȱincluding,ȱbutȱnotȱlimitedȱto,ȱ serverȱinstallationȱandȱactivationȱinformation,ȱlicenseȱkeyȱexpiration,ȱserverȱlogs,ȱMediaȱAccessȱControlȱ(MAC)ȱ addresses,ȱInternetȱProtocolȱ(IP)ȱaddresses,ȱwirelessȱnetworkȱ(WLAN)ȱinformationȱandȱsensorȱdetails.ȱTheȱproductȱ featuresȱallowingȱusȱtoȱcollectȱTechnicalȱInformationȱareȱenabledȱbyȱdefaultȱtoȱconnectȱviaȱtheȱInternetȱtoȱAirTight’sȱ and/orȱitsȱaffiliates’ȱcomputerȱsystemsȱautomatically,ȱandȱmayȱoccurȱwithoutȱseparateȱnoticeȱtoȱyou.ȱYouȱconsentȱtoȱ theȱoperationȱofȱtheseȱfeatures.ȱYouȱmayȱchooseȱnotȱtoȱgiveȱusȱthisȱinformationȱbyȱnotȱactivatingȱorȱinstallingȱtheȱ product.ȱ ȱ x PersonalȱInformationȱ(name,ȱaddress,ȱtelephoneȱnumber,ȱcompanyȱnameȱandȱemailȱaddress),ȱcollected,ȱforȱexample,ȱ asȱpartȱofȱshipping,ȱservicingȱorȱregisteringȱaȱproduct.ȱIfȱweȱcollectȱPersonalȱInformationȱweȱwillȱexpresslyȱaskȱyouȱ forȱit.ȱYouȱmayȱchooseȱnotȱtoȱgiveȱusȱthisȱinformationȱatȱtheȱtimeȱweȱrequestȱit,ȱbutȱitȱmayȱpreventȱusȱfromȱshippingȱ orȱservicingȱtheȱproduct.ȱ ȱ AirTightȱandȱitsȱaffiliatesȱmayȱuseȱTechnicalȱandȱPersonalȱInformationȱsolelyȱtoȱimproveȱourȱproductsȱorȱtoȱprovideȱ customizedȱservicesȱorȱtechnologiesȱtoȱyou.ȱAirTightȱwillȱnotȱdiscloseȱthisȱinformationȱinȱaȱformȱthatȱpersonallyȱidentifiesȱyouȱ exceptȱtoȱthirdȱpartyȱprovidersȱthatȱweȱutilizeȱtoȱserviceȱorȱshipȱtheȱproducts.ȱWeȱmayȱdiscloseȱtheȱcollectedȱinformationȱifȱ requiredȱtoȱbyȱlawȱorȱcourtȱorder.ȱInformationȱthatȱisȱcollectedȱbyȱorȱsentȱtoȱAirTightȱmayȱbeȱstoredȱandȱprocessedȱinȱtheȱ UnitedȱStates,ȱIndiaȱorȱanyȱotherȱcountryȱinȱwhichȱAirTight,ȱitsȱaffiliates,ȱsubsidiariesȱorȱagentsȱmaintainȱfacilities.ȱYouȱmayȱ contactȱusȱregardingȱtheȱcollectionȱandȱuseȱofȱTechnicalȱandȱPersonalȱInformationȱorȱthisȱprovisionȱatȱ [email protected]ȱorȱbyȱwritingȱusȱatȱ339ȱNo.ȱBernardoȱAvenue,ȱSuiteȱ200,ȱMountainȱView,ȱCAȱ94043ȱUSA.ȱ 12. GENERALȱ 12.1ȱ Term.ȱThisȱAgreementȱshallȱstartȱonȱtheȱdateȱyouȱclickȱ“Iȱhaveȱreadȱandȱagreeȱtoȱtheȱlicensingȱtermsȱabove,”ȱ“Iȱ Agree”ȱorȱotherwiseȱinstallȱorȱactivateȱtheȱSoftwareȱorȱHardwareȱ(theȱ“StartȱDate”)ȱandȱshallȱcontinueȱinȱfullȱforceȱandȱeffectȱ untilȱitȱexpiresȱpursuantȱtoȱtheȱperiodȱofȱuseȱthatȱyouȱpurchasedȱorȱunlessȱearlierȱterminatedȱasȱdescribedȱinȱtheȱSectionȱ vii SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® EndȱUserȱLicenseȱAgreementȱ entitledȱTermination.ȱ 12.2ȱ Termination.ȱWithoutȱprejudiceȱtoȱanyȱotherȱrights,ȱAirTightȱmayȱterminateȱthisȱAgreementȱifȱyouȱdoȱnotȱcomplyȱ withȱit.ȱYouȱmayȱterminateȱthisȱAgreementȱatȱanytime.ȱUponȱterminationȱofȱthisȱAgreementȱforȱanyȱreason:ȱ(a)ȱallȱlicenseȱ rightsȱgrantedȱinȱthisȱAgreementȱwillȱimmediatelyȱterminateȱandȱyouȱmustȱpromptlyȱstopȱallȱuseȱofȱtheȱSoftware;ȱ(b)ȱ AirTightȇsȱobligationȱtoȱprovideȱservicesȱunderȱanyȱserviceȱagreementȱterminates;ȱ(c)ȱyouȱmustȱeraseȱallȱcopiesȱofȱtheȱSoftwareȱ fromȱyourȱcomputers,ȱandȱdestroyȱallȱcopiesȱofȱtheȱSoftwareȱandȱDocumentationȱonȱtangibleȱmediaȱinȱyourȱpossessionȱorȱ control.ȱTerminationȱofȱthisȱAgreementȱwillȱnotȱaffectȱyourȱrightȱtoȱotherwiseȱuseȱorȱtransferȱtheȱHardwareȱpurchasedȱfromȱ AirTightȱonceȱtheȱSoftwareȱisȱremoved.ȱ 12.3ȱ Survival.ȱTheȱSectionsȱentitledȱControllingȱAgreement,ȱProprietaryȱRights,ȱLimitedȱWarranty,ȱLimitationȱofȱLiability,ȱRisksȱ andȱYourȱObligations,ȱExportȱRestrictions,ȱTermination,ȱGoverningȱLawȱandȱVenueȱandȱSeverabilityȱshallȱsurviveȱtheȱexpirationȱorȱ terminationȱofȱthisȱAgreement.ȱAirTight’sȱobligationsȱunderȱtheȱSectionȱentitledȱInfringementȱIndemnificationȱshallȱsurviveȱonlyȱ forȱclaimsȱbasedȱonȱuseȱofȱtheȱHardwareȱorȱSoftwareȱduringȱtheȱlicensedȱterm.ȱȱ 12.4ȱ Assignment.ȱYouȱmayȱnotȱassignȱorȱtransfer,ȱbyȱoperationȱofȱlaw,ȱmergerȱorȱotherwise,ȱanyȱofȱyourȱrightsȱorȱdelegateȱ anyȱofȱyourȱdutiesȱunderȱthisȱAgreementȱ(includingȱwithoutȱlimitation,ȱtheȱlicensesȱwithȱrespectȱtoȱtheȱSoftware)ȱtoȱanyȱthirdȱ partyȱwithoutȱAirTight’sȱpriorȱwrittenȱconsent.ȱAnyȱattemptedȱassignmentȱorȱtransferȱinȱviolationȱofȱtheȱforegoingȱwillȱbeȱ void.ȱAirTightȱmayȱassignȱitsȱrightsȱorȱdelegateȱitsȱobligationsȱunderȱthisȱAgreement.ȱ 12.5ȱ GoverningȱLawȱandȱVenue.ȱThisȱAgreementȱwillȱbeȱgovernedȱbyȱtheȱlawsȱofȱtheȱStateȱofȱCalifornia.ȱTheȱUnitedȱ NationsȱConventionȱonȱContractsȱforȱtheȱInternationalȱSaleȱofȱGoodsȱdoesȱnotȱapplyȱtoȱthisȱAgreement.ȱAnyȱactionȱorȱ proceedingȱarisingȱfromȱorȱrelatingȱtoȱthisȱAgreementȱmustȱbeȱbroughtȱexclusivelyȱinȱaȱfederalȱorȱstateȱcourtȱseatedȱinȱSantaȱ Clara,ȱCalifornia,ȱandȱinȱnoȱotherȱvenue.ȱEachȱpartyȱirrevocablyȱconsentsȱtoȱtheȱpersonalȱjurisdictionȱandȱvenueȱin,ȱandȱagreesȱ toȱserviceȱofȱprocessȱissuedȱby,ȱanyȱsuchȱcourt.ȱNotwithstandingȱtheȱforegoing,ȱAirTightȱreservesȱtheȱrightȱtoȱfileȱaȱsuitȱorȱ actionȱinȱanyȱcourtȱofȱcompetentȱjurisdictionȱasȱAirTightȱdeemsȱnecessaryȱtoȱprotectȱitsȱintellectualȱpropertyȱandȱproprietaryȱ rights.ȱ 12.6ȱ EquitableȱRelief.ȱYouȱagreeȱthatȱtheȱSoftwareȱandȱHardwareȱcontainsȱAirTight’sȱvaluableȱtradeȱsecretsȱandȱ proprietaryȱinformationȱandȱthatȱanyȱactualȱorȱthreatenedȱdisclosureȱorȱmisappropriationȱofȱsuchȱinformationȱwouldȱ constituteȱimmediate,ȱirreparableȱharmȱtoȱAirTightȱforȱwhichȱmonetaryȱdamagesȱwouldȱbeȱanȱinadequateȱremedy.ȱTherefore,ȱ inȱadditionȱtoȱanyȱotherȱrightsȱandȱremediesȱwhichȱmayȱbeȱavailableȱtoȱAirTightȱatȱlawȱorȱinȱequity,ȱanyȱsuchȱactualȱorȱ threatenedȱdisclosureȱmayȱbeȱstoppedȱthroughȱinjunctiveȱproceedingsȱwithoutȱtheȱpostingȱofȱaȱbond.ȱ 12.7ȱ WaiversȱandȱAmendments.ȱAllȱwaiversȱmustȱbeȱinȱwriting.ȱAnyȱwaiverȱorȱfailureȱtoȱenforceȱanyȱprovisionȱofȱthisȱ Agreementȱonȱoneȱoccasionȱwillȱnotȱbeȱdeemedȱaȱwaiverȱofȱanyȱotherȱprovisionȱorȱofȱsuchȱprovisionȱonȱanyȱotherȱoccasion.ȱ ThisȱAgreementȱmayȱbeȱamendedȱonlyȱbyȱaȱwrittenȱdocumentȱsignedȱbyȱyouȱandȱAirTight.ȱ 12.8ȱ Severability.ȱIfȱanyȱprovisionȱofȱthisȱAgreementȱisȱheldȱtoȱbeȱvoid,ȱinvalid,ȱunenforceableȱorȱillegal,ȱtheȱotherȱ provisionsȱshallȱcontinueȱinȱfullȱforceȱandȱeffect.ȱ ȱ viiiȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ TableȱofȱContentsȱ TableȱofȱContentsȱ CHAPTER 1 1.1 1.2 1.3 GETTING STARTED...................................................................................................................................1 BEFORE YOU BEGIN .......................................................................................................................................................1 HOW TO GET MORE INFORMATION ..................................................................................................................................1 CONTACT INFORMATION .................................................................................................................................................1 CHAPTER 2 PACKAGE CONTENTS ..............................................................................................................................2 CHAPTER 3 SERVER AND SENSOR OVERVIEW .......................................................................................................4 3.1 FRONT PANEL OF THE SERVER ........................................................................................................................................4 3.2 REAR PANEL OF THE SERVER ..........................................................................................................................................5 3.3 FRONT PANEL OF SENSOR ...............................................................................................................................................6 3.3.1 Sensor SS-200-AT...................................................................................................................................................6 3.3.2 Sensor SS-300-AT...................................................................................................................................................7 3.4 REAR PANEL OF SENSOR SS-200-AT..............................................................................................................................8 3.5 REAR AND SIDE PANELS OF SENSOR SS-300-AT ............................................................................................................9 CHAPTER 4 INSTALLING THE SERVER......................................................................................................................9 4.1 CONNECTING THE SERVER..............................................................................................................................................9 4.1.1 Mount the Server Appliance ...................................................................................................................................9 4.1.2 Power up the Server ...............................................................................................................................................9 4.1.3 Connect the Server to the Network.......................................................................................................................10 4.2 ACCESSING THE SERVER...............................................................................................................................................10 4.2.1 Accessing the Server using SSH (Recommended) ................................................................................................ 11 4.2.2 Accessing the Server using a Serial Cable ........................................................................................................... 11 4.3 ACCESSING THE SERVER INITIALIZATION AND SETUP WIZARD .....................................................................................14 4.3.1 Configure the Backspace Key...............................................................................................................................14 4.3.2 Step 1: Change Config Shell Password ................................................................................................................14 4.3.3 Step 2: Change Network Settings .........................................................................................................................15 4.3.4 Step 3: Set Server Time Zone, Date and Time Settings .........................................................................................16 4.3.5 Step 4: Set Server ID Settings...............................................................................................................................19 4.3.6 Set up the Server DNS Entry ................................................................................................................................21 4.4 LAUNCHING THE SYSTEM CONSOLE (GUI) ..................................................................................................................21 4.4.1 System Requirements ............................................................................................................................................21 4.5 ACTIVATING THE LICENSE ............................................................................................................................................24 CHAPTER 5 INSTALLING THE SENSOR....................................................................................................................25 5.1 ZERO CONFIGURATION OF SENSORS .............................................................................................................................25 5.2 CONNECTING THE SENSOR ...........................................................................................................................................25 5.2.1 Mount the SS-200-AT Sensor................................................................................................................................25 5.2.1.1 5.2.1.2 5.2.2 Ceiling Mounting ............................................................................................................................................................ 25 Flat Surface Installation .................................................................................................................................................. 27 Mount the SS-300-AT Sensor................................................................................................................................28 5.2.2.1 5.2.2.2 5.2.3 5.2.4 Ceiling/Wall Mounting.................................................................................................................................................... 28 Flat Surface Installation .................................................................................................................................................. 28 Power up the Sensor.............................................................................................................................................29 Connect the Sensor to the Network ......................................................................................................................30 CHAPTER 6 MANUALLY CONFIGURING THE SENSOR........................................................................................30 6.1 INTRODUCTION.............................................................................................................................................................30 6.2 CONFIGURING SENSOR THROUGH CONFIG SHELL ........................................................................................................30 6.2.1 Invoke HyperTerminal (or minicom) ....................................................................................................................30 6.2.1.1 6.2.1.2 6.2.1.3 Launching HyperTerminal .............................................................................................................................................. 30 Defining a New HyperTerminal Connection................................................................................................................... 31 Specifying HyperTerminal Connection Details............................................................................................................... 32 ix SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® TableȱofȱContentsȱ 6.2.1.4 6.2.2 6.2.3 6.2.4 6.2.5 Editing Serial Port Settings ............................................................................................................................................. 32 Log in and Change the Default Password............................................................................................................33 Set Server Discovery ............................................................................................................................................33 Set Sensor Mode ...................................................................................................................................................33 Configure Network Settings..................................................................................................................................34 CHAPTER 7 SETTING UP THE SERVER CONSOLE ................................................................................................35 7.1 LOGGING INTO THE CONSOLE .......................................................................................................................................35 7.1.1 Step 1: Starting the Setup Wizard .........................................................................................................................35 7.1.2 Step 2: Changing your Account Password ...........................................................................................................36 7.1.3 Step 3: Preparing your System for Configuration ................................................................................................37 7.1.4 Step 4: Configuring Notification Settings.............................................................................................................40 7.1.5 Step 5: Setting up Locations and Sensors.............................................................................................................45 7.1.5.1 7.1.5.2 7.1.5.3 7.1.5.4 7.1.6 Adding a New Location .................................................................................................................................................. 46 Attaching an image ......................................................................................................................................................... 59 Placing Locations on a Location Folder with an Attached Image ................................................................................... 59 Importing a Planner file into a Location Node ................................................................................................................ 60 Step 6: Classifying APs ........................................................................................................................................60 7.1.6.1 7.1.6.2 7.1.6.3 7.1.7 7.1.8 Specify Authorized SSIDs............................................................................................................................................... 61 Select Wi-Fi Networks .................................................................................................................................................... 64 RSSI based Classification ............................................................................................................................................... 64 Step 7: Classifying Clients....................................................................................................................................69 Step 8: Configuring Intrusion Prevention Policy .................................................................................................72 7.1.8.1 7.1.8.2 7.1.9 Intrusion Prevention Policy............................................................................................................................................. 72 Intrusion Prevention Level .............................................................................................................................................. 74 Step 9: Configuring Events and Reports ..............................................................................................................75 7.1.9.1 7.1.9.2 7.1.9.3 7.1.9.4 7.1.9.5 7.1.10 7.1.11 7.1.12 CHAPTER 8 8.1 8.2 Step 10: Calibrating Location Tracking ...........................................................................................................85 Step 11: Locking the System Configuration ......................................................................................................87 Step 12: Completion of Setup Wizard................................................................................................................89 CONFIG SHELL COMMANDS................................................................................................................91 SERVER CONFIG SHELL COMMANDS ............................................................................................................................91 SENSOR CONFIG SHELL COMMANDS ............................................................................................................................95 CHAPTER 9 9.1 9.2 Security ........................................................................................................................................................................... 75 Monitoring ...................................................................................................................................................................... 75 Adding a Report .............................................................................................................................................................. 78 Adding a Section to a Report .......................................................................................................................................... 81 Creating a Report Schedule............................................................................................................................................. 83 TROUBLESHOOTING .............................................................................................................................97 SERVER TROUBLESHOOTING ........................................................................................................................................97 SENSOR TROUBLESHOOTING ........................................................................................................................................99 ȱ ȱ xȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ TableȱofȱFiguresȱ TableȱofȱFiguresȱ FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26. 27. 28. 29. 30. 31. 32. 33. 34. 35. 36. 37. 38. 39. 40. 41. 42. 43. 44. 45. 46. 47. 48. 49. 50. 51. 52. 53. 54. 55. 56. 57. 58. 59. SERVER PACKAGE CONTENTS ..................................................................................................................................................... 2 SENSOR SS-200-AT PACKAGE CONTENTS ................................................................................................................................... 3 FRONT PANEL OF THE SERVER ..................................................................................................................................................... 4 REAR PANEL OF THE SERVER....................................................................................................................................................... 5 FRONT PANEL OF SENSOR SS-200-AT......................................................................................................................................... 6 FRONT VIEW OF SENSOR SS-300-AT .......................................................................................................................................... 7 REAR PANEL OF SENSOR ............................................................................................................................................................. 8 REAR PANEL OF SENSOR SS-300-AT .......................................................................................................................................... 9 SIDE PANEL OF SENSOR SS-300-AT .......................................................................................................................................... 10 MOUNT THE SERVER ................................................................................................................................................................... 9 POWER UP THE SERVER ............................................................................................................................................................. 10 CONNECT THE SERVER TO THE NETWORK ................................................................................................................................. 10 OPEN SSH ............................................................................................................................................................................... 11 CONNECT THE SERVER TO YOUR COMPUTER USING A SERIAL CABLE ......................................................................................... 11 LAUNCH HYPERTERMINAL APPLICATION .................................................................................................................................. 12 DEFINE A NEW HYPERTERMINAL CONNECTION FOR THE SYSTEM .............................................................................................. 12 SPECIFY HYPERTERMINAL CONNECTION DETAILS ..................................................................................................................... 13 EDIT SERIAL PORT SETTINGS .................................................................................................................................................... 13 MAP THE BACKSPACE KEY ........................................................................................................................................................ 14 SERVER INITIALIZATION AND SETUP WIZARD SCREEN ............................................................................................................... 14 CHANGE CONFIG SHELL PASSWORD .......................................................................................................................................... 15 CHANGE NETWORK SETTINGS .................................................................................................................................................. 16 CONFIRM NETWORK SETTINGS CHANGES ................................................................................................................................. 16 SPECIFY CONTINENT AND COUNTRY FOR TIME ZONE SETTINGS ................................................................................................. 17 SELECT TIME ZONE REGION ..................................................................................................................................................... 18 SPECIFY IP ADDRESS OF NTP SERVER FOR SYNCHRONIZATION .................................................................................................. 18 SPECIFY TIME ZONE USING POSIX TZ FORMAT .......................................................................................................................... 19 SPECIFY DATE AND TIME .......................................................................................................................................................... 19 SET SERVER ID......................................................................................................................................................................... 20 SERVER SETUP COMPLETION SCREEN ....................................................................................................................................... 20 GENERATING CERTIFICATE FOR WEB SERVER ............................................................................................................................ 21 WEB SITE CERTIFICATE VERIFICATION ...................................................................................................................................... 22 INSTALLING JRE....................................................................................................................................................................... 22 POP-UP BLOCKER MESSAGE ..................................................................................................................................................... 22 DETECTING JAVA RUNTIME ENVIRONMENT (JRE) ..................................................................................................................... 23 WEB SITE CERTIFICATE WARNING ............................................................................................................................................ 23 HOSTNAME MISMATCH WARNING ............................................................................................................................................. 23 DIGITAL SIGNATURE VERIFIED .................................................................................................................................................. 24 ACTIVATE LICENSE ................................................................................................................................................................... 24 ALIGNING THE SENSOR AND MOUNT SLOTS .............................................................................................................................. 26 FIXING THE MOUNTING BRACKET TO THE SENSOR .................................................................................................................... 26 TAB ORIENTATIONS FOR US INSTALLATIONS .............................................................................................................................. 26 PRESSING THE MOUNT AGAINST THE T-BAR .............................................................................................................................. 27 INITIAL TWISTING OF THE MOUNT ............................................................................................................................................ 27 FINAL TWISTING OF THE MOUNT WITH THE US TAB SUPPORTING THE MOUNT ............................................................................ 27 FLAT SURFACE INSTALLATION ................................................................................................................................................... 28 HOLES FOR INSERTING SCREWS ................................................................................................................................................. 28 INSERTING TABS ON THE TABLE STAND....................................................................................................................................... 29 LOCKING THE STAND TO THE SENSOR ....................................................................................................................................... 29 SENSOR MOUNT ON A TABLE .................................................................................................................................................... 29 POWER UP THE SENSOR ............................................................................................................................................................. 30 CONNECT THE SENSOR TO THE NETWORK ................................................................................................................................. 30 CONNECTING THE SENSOR TO YOUR COMPUTER USING A SERIAL CABLE .................................................................................... 30 OPENING HYPERTERMINAL ...................................................................................................................................................... 31 DEFINE A NEW HYPERTERMINAL CONNECTION FOR SENSOR ..................................................................................................... 31 SPECIFY HYPERTERMINAL CONNECTION DETAILS ..................................................................................................................... 32 EDIT SERIAL PORT SETTINGS .................................................................................................................................................... 32 SET SERVER DISCOVERY COMMAND ........................................................................................................................................... 33 SET SENSOR MODE COMMAND ................................................................................................................................................... 34 xi SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® TableȱofȱFiguresȱ FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE 60. 61. 62. 63. 64. 65. 66. 67. 68. 69. 70. 71. 72. 73. 74. 75. 76. 77. 78. 79. 80. 81. 82. 83. 84. 85. 86. 87. 88. 89. 90. 91. 92. 93. 94. 95. 96. 97. 98. 99. 100. 101. 102. 103. 104. 105. 106. 107. 108. 109. 110. 111. 112. 113. 114. 115. 116. 117. 118. 119. 120. CONSOLE LOGIN SCREEN.......................................................................................................................................................... 35 END USER LICENSE AGREEMENT SCREEN ................................................................................................................................. 35 SYSTEM SETUP WIZARD WELCOME SCREEN ............................................................................................................................. 36 CHANGE PASSWORD ................................................................................................................................................................. 37 EVENT DE-ACTIVATION............................................................................................................................................................. 38 INTRUSION PREVENTION DE-ACTIVATION .................................................................................................................................. 39 DEVICE LIST UNLOCKING ......................................................................................................................................................... 40 SMTP CONFIGURATION ............................................................................................................................................................ 41 SYSLOG CONFIGURATION ......................................................................................................................................................... 42 SYSLOG CONFIGURATION DIALOG ............................................................................................................................................ 43 SNMP CONFIGURATION ........................................................................................................................................................... 44 SNMP CONFIGURATION DIALOG .............................................................................................................................................. 45 LOCATIONS SCREEN.................................................................................................................................................................. 46 ADDING A NEW LOCATION ........................................................................................................................................................ 47 SPECIFYING LOCATION PROPERTIES .......................................................................................................................................... 47 SENSOR CONFIGURATION.......................................................................................................................................................... 48 CHANNEL SETTINGS TAB .......................................................................................................................................................... 49 CHANNEL FREQUENCY TABLE ................................................................................................................................................... 50 ANTENNA PORT ASSIGNMENT TAB ............................................................................................................................................ 51 SENSOR PASSWORD CONFIGURATION TAB ................................................................................................................................. 52 OFFLINE SENSOR CONFIGURATION TAB..................................................................................................................................... 53 OFFLINE SENSOR CONFIGURATION: DEVICE CLASSIFICATION POLICY TAB................................................................................. 54 OFFLINE SENSOR CONFIGURATION: INTRUSION PREVENTION POLICY TAB ................................................................................. 55 IMPORT DEVICES - SENSORS ..................................................................................................................................................... 56 IMPORT SENSOR LIST ................................................................................................................................................................ 57 DEVICES SCREEN – SENSORS .................................................................................................................................................... 58 LOCATIONS SCREEN.................................................................................................................................................................. 59 PLACING SENSORS ON THE FLOORMAP ...................................................................................................................................... 60 AUTHORIZED WLAN SETUP..................................................................................................................................................... 61 CREATING A CONFIGURATION TEMPLATE FOR AN AUTHORIZED SSID ........................................................................................ 62 NO-WI-FI NETWORKS .............................................................................................................................................................. 64 RSSI BASED CLASSIFICATION ................................................................................................................................................... 65 AP AUTO-CLASSIFICATION POLICY ........................................................................................................................................... 66 IMPORT DEVICES – APS ............................................................................................................................................................ 67 IMPORT AUTHORIZED AP LIST .................................................................................................................................................. 68 DEVICES SCREEN – APS ........................................................................................................................................................... 68 LOCATIONS SCREEN.................................................................................................................................................................. 69 CLIENT AUTO-CLASSIFICATION POLICY .................................................................................................................................... 70 IMPORT DEVICES – CLIENTS ..................................................................................................................................................... 71 DEVICES SCREEN – CLIENTS ..................................................................................................................................................... 72 INTRUSION PREVENTION POLICY .......................................................................................................................................... 73 INTRUSION PREVENTION LEVEL ............................................................................................................................................ 74 EVENT CONFIGURATION – SECURITY .................................................................................................................................... 75 EVENT CONFIGURATION – MONITORING ............................................................................................................................... 76 EVENT ADVANCED SETTINGS ................................................................................................................................................ 77 EMAIL NOTIFICATION ........................................................................................................................................................... 77 EMAIL CONFIGURATION DIALOG ........................................................................................................................................... 78 REPORTS SCREEN ................................................................................................................................................................. 78 REPORT DETAILS SCREEN ..................................................................................................................................................... 79 REPORT DETAILS SCREEN SHOWING REPORT SUMMARY TAB ................................................................................................. 80 REPORT DETAILS SCREEN SHOWING REPORT SECTIONS TAB .................................................................................................. 81 ADDING A SECTION TO A REPORT .......................................................................................................................................... 82 SCHEDULING A REPORT FOR ONE TIME DELIVERY ................................................................................................................. 83 SCHEDULING A REPORT FOR RECURRING GENERATION .......................................................................................................... 84 SPECIFYING ADDITIONAL EMAIL ADDRESSES FOR REPORT DELIVERY .................................................................................... 85 LOCATIONS SCREEN – CALIBRATION ..................................................................................................................................... 85 RF CALIBRATION DIALOG .................................................................................................................................................... 86 EVENT ACTIVATION .............................................................................................................................................................. 87 INTRUSION PREVENTION ACTIVATION ................................................................................................................................... 88 DEVICE LIST LOCKING ......................................................................................................................................................... 89 DASHBOARD SCREEN ........................................................................................................................................................... 90 ȱ xiiȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ GettingȱStartedȱ Chapterȱ1 1.1 GettingȱStartedȱ BeforeȱYouȱBeginȱ ThankȱyouȱforȱpurchasingȱSpectraGuardȱEnterpriseȱ(referredȱtoȱasȱ‘system’ȱhereafterȱinȱthisȱdocument)ȱfromȱAirTight®ȱ Networks,ȱInc.ȱTheȱsystemȱassistsȱyouȱtoȱeffectivelyȱmonitor,ȱtroubleshoot,ȱadminister,ȱandȱprotectȱyourȱwirelessȱnetwork.ȱ PleaseȱreadȱtheȱEULAȱbeforeȱinstallingȱtheȱServer.ȱInstallingȱtheȱServerȱconstitutesȱyourȱacceptanceȱofȱtheȱtermsȱandȱ conditionsȱofȱtheȱEULAȱmentionedȱaboveȱinȱthisȱdocument.ȱThisȱproductȱcannotȱbeȱrentedȱorȱleased–youȱareȱtheȱsoleȱownerȱofȱ theȱproduct.ȱ ThisȱinstallationȱguideȱgivesȱanȱoverviewȱofȱtheȱpowerȱconnectorȱandȱportsȱonȱtheȱServerȱandȱexplainsȱhowȱtoȱconfigureȱit.ȱ Thisȱguideȱcontainsȱtheȱfollowingȱchapters:ȱ x x x x x x x x 1.2 PackageȱContents:ȱListsȱtheȱcomponentsȱincludedȱinȱtheȱsystemȱpackage.ȱ ServerȱandȱSensorȱ(Sensor)ȱOverview:ȱProvidesȱanȱoverviewȱofȱtheȱServerȱandȱSensor.ȱ ConfiguringȱtheȱServer:ȱDescribesȱhowȱtoȱpowerȱtheȱServer,ȱconnectȱtheȱServerȱtoȱtheȱnetworkȱandȱyourȱcomputer,ȱ andȱconfigureȱtheȱServer.ȱ InstallingȱtheȱSensor:ȱDescribesȱhowȱtoȱconnectȱandȱinstallȱtheȱSensor.ȱ ManualȱConfigurationȱofȱSensor:ȱDescribesȱhowȱtoȱconfigureȱtheȱSensorȱthroughȱtheȱConfigȱShell.ȱ SettingȱupȱtheȱSystem:ȱDescribesȱhowȱtheȱsystemȱConsoleȱisȱlaunchedȱandȱsetup.ȱ ConfigȱShellȱCommands:ȱListsȱaȱpreȬdefinedȱsetȱofȱcommandsȱthatȱallowȱyouȱtoȱconfigureȱandȱviewȱtheȱstatusȱofȱtheȱ ServerȱandȱSensors.ȱ Troubleshooting:ȱProvidesȱtroubleshootingȱtipsȱwhileȱinstallingȱtheȱServerȱandȱSensor.ȱ Howȱtoȱgetȱmoreȱinformationȱ Toȱreceiveȱimportantȱnewsȱonȱproductȱupdates,ȱpleaseȱvisitȱourȱwebsiteȱatȱ[email protected].ȱ 1.3 ContactȱInformationȱ AirTight®ȱNetworks,ȱInc.ȱ 339ȱN,ȱBernardoȱAvenue,ȱSuiteȱ#200,ȱ MountainȱView,ȱCAȱ94043ȱ Tel:ȱ(650)ȱ961Ȭ1111ȱ Fax:ȱ(650)ȱ963Ȭ3388ȱ Forȱtechnicalȱsupportȱsendȱanȱemailȱtoȱ[email protected].ȱ 1 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® PackageȱContentsȱ Chapterȱ2 PackageȱContentsȱ ThisȱchapterȱlistsȱtheȱcomponentsȱincludedȱinȱtheȱServerȱandȱSensorȱ(bothȱ802.11ȱa/b/gȱorȱ802.11ȱa/b/g/n)ȱpackages.ȱ Note:ȱTheȱconventionsȱtoȱbeȱfollowedȱinȱtheȱGuideȱare:ȱ1>ȱ802.11ȱa/b/g:ȱSSȬ200ȬATandȱ2>ȱ802.11ȱa/b/g/n:ȱSSȬ300ȬAT.ȱ PleaseȱensureȱthatȱtheȱfollowingȱitemsȱareȱincludedȱinȱtheȱServerȱpackage.ȱIfȱtheȱpackageȱisȱnotȱcomplete,ȱpleaseȱcontactȱ AirTight®ȱNetworks,ȱInc.ȱTechnicalȱSupportȱatȱ[email protected],ȱorȱreturnȱtheȱpackageȱtoȱtheȱvendorȱorȱdealerȱ whereȱyouȱpurchasedȱtheȱproduct.ȱ x x x x x x ServerȱwithȱSoftwareȱ SystemȱDocumentationȱCDȬROMȱcontaining:ȱ ¾ SpectraGuardȱEnterpriseȱUserȱGuideȱ ¾ SpectraGuardȱEnterpriseȱInstallationȱGuideȱ ¾ SpectraGuardȱEnterpriseȱQuickȱSetupȱGuideȱ ¾ SpectraGuardȱEnterpriseȱReportsȱ ¾ SpectraGuardȱEnterpriseȱReleaseȱNotesȱ ¾ UpgradeȱInstructionsȱforȱSpectraGuardȱEnterpriseȱ ¾ HighȱAvailabilityȱConfigurationȱforȱSpectraGuardȱEnterpriseȱ ¾ NetworkȱDetectorȱConfigurationȱforȱSpectraGuardȱEnterpriseȱ PowerȱCordȱ NetworkȱInterfaceȱ(Ethernet)ȱCableȱ SerialȱCableȱ RackȱMountingȱAccessoriesȱ ȱ Figure 1. Server Package Contents Theȱcontentsȱofȱtheȱa/b/gȱSensorȱpackageȱareȱasȱfollows:ȱ x Sensorȱ x EthernetȱCableȱ x WallȱMountingȱAccessoriesȱ 2ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ PackageȱContentsȱ ȱ Figure 2. Sensor SS-200-AT Package Contents Note:ȱTheȱMACȱaddressȱofȱtheȱSensorȱisȱshownȱonȱaȱlabelȱatȱtheȱbottomȱofȱtheȱproductȱandȱtheȱpackagingȱboxȱ 3ȱ SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® ServerȱandȱSensorȱOverviewȱ Chapterȱ3 ServerȱandȱSensorȱOverviewȱ ThisȱchapterȱprovidesȱanȱoverviewȱofȱtheȱServerȱandȱSensorȱandȱdescribesȱinȱdetailȱaboutȱtheȱfollowing.ȱ x x FrontȱPanelȱofȱtheȱServerȱandȱSensorȱ RearȱPanelȱofȱtheȱServerȱandȱSensorȱ 3.1 FrontȱPanelȱofȱtheȱServerȱ TheȱfrontȱpanelȱofȱtheȱServerȱhasȱaȱPowerȱswitchȱandȱLEDsȱthatȱindicateȱitsȱstate.ȱTheȱfollowingȱfigureȱshowsȱtheȱlocationȱofȱ theȱPowerȱswitchȱandȱLEDsȱonȱtheȱfrontȱpanelȱofȱtheȱServer.ȱ ȱ Figure 3. Front Panel of the Server TheȱfollowingȱtableȱdescribesȱtheȱbehaviorȱofȱtheȱPowerȱswitch.ȱ Table 1. Behavior of Power Switch Action System Behavior Recommended User Action Push Power switch for two seconds Graceful shutdown of the Server (similar to restarting the Server) No action is required as the Server restarts automatically. Push Power switch for more than three seconds Hard shutdown of the Server (similar to disconnecting the power cable) Press the Power switch again to power on the Server. Do not press the Power switch for a longer time as this may cause damage to the hard disk and thereby cause severe data loss. ȱ TheȱfollowingȱtableȱdescribesȱtheȱstatusȱLEDsȱonȱtheȱfrontȱpanelȱofȱtheȱServer.ȱ 4ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ ServerȱandȱSensorȱOverviewȱ Table 2. Front Panel LEDs LED LED Color Solid Green Power Off Hard Disk Network Interface Card High Availability Interface Blinking Green Off Blinking Green Off Blinking Green Off Meaning of LED Indicates that the Server is powered on and working normally Indicates that the Server is not powered on or not receiving power Indicates that the hard disk drive is being accessed Indicates that the hard disk drive is not being accessed Indicates that the Server is connected to the network Indicates that the Server is not connected to the network Indicates that the Server is a part of a high availability cluster Indicates that the Server is not a part of a high availability cluster ȱ 3.2 RearȱPanelȱofȱtheȱServerȱ TheȱrearȱpanelȱofȱtheȱServerȱhasȱaȱpowerȱconnectorȱandȱportsȱthatȱenableȱyouȱtoȱpowerȱupȱtheȱServerȱandȱconnectȱitȱtoȱtheȱ networkȱandȱaȱcomputer.ȱ Note:ȱOtherȱconnectorsȱsuchȱasȱparallelȱport,ȱ25ȬȱpinȱSerialȱport,ȱkeyboardȱconnector,ȱsoundȱcard,ȱandȱsoȱonȱareȱshownȱinȱtheȱfollowingȱ figure.ȱHowever,ȱtheseȱconnectorsȱareȱdisabledȱandȱcannotȱbeȱused.ȱ ȱ Figure 4. Rear Panel of the Server TheȱrearȱpanelȱofȱtheȱServerȱhasȱaȱSerialȱ(RSȱ232ȱFȬF)ȱport,ȱaȱNetworkȱInterfaceȱportȱ(RJȬ45ȱ10/100/1000ȱEthernet),ȱaȱHighȱ Availabilityȱ(HA)ȱportȱ(RJȬ45ȱ10/100/1000ȱEthernet),ȱandȱaȱPowerȱconnector.ȱTheȱPowerȱconnectorȱisȱusedȱtoȱpowerȱtheȱServerȱ usingȱ110Ȭ240Vȱ50/60ȱHzȱACȱinput.ȱTheȱfollowingȱtableȱdescribesȱtheȱSerial,ȱNetworkȱInterface,ȱandȱHighȱAvailabilityȱports.ȱ Table 3. Rear Panel Ports Port Description Serial Enables a serial (RS-232) connection to establish terminal sessions using terminal emulation programs such as HyperTerminal for Windows or minicom for Linux Connector Type Settings/Protocol DB-9 Settings: Bits per second: 9600 Data Bits: 8 Parity: None Stop Bits: 1 Flow Control: None Protocol: RS-232 5ȱ SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® ServerȱandȱSensorȱOverviewȱ High Availability Interface Used to connect the Server to a high availability cluster RJ-45 Settings: 10/100/1000 Mbps Protocol: Ethernet Network Interface Used to connect the Server to the wired LAN through a hub or a switch Allows the Server to talk to Sensors RJ-45 Settings: 10/100/1000 Mbps Protocol: Ethernet ȱ 3.3 3.3.1 FrontȱPanelȱofȱSensorȱ SensorȱSSȬ200ȬATȱ TheȱfrontȱpanelȱofȱtheȱSensorȱhasȱLEDsȱthatȱindicateȱtheȱworkingȱofȱtheȱSensor.ȱ ȱ Figure 5. Front Panel of Sensor SS-200-AT TheseȱLEDsȱareȱdescribedȱinȱtheȱfollowingȱtable.ȱ Table 4. LED details for Sensor SS-200-AT and SS-300-AT LED1 or Power LED2 or LAN LED3 or 802.11a LED4 or 802.11 b/g Description Solid Green Solid Green Solid Green Solid Green The Sensor is receiving power and is working normally. The Sensor is connected to the Server. Solid Green Solid Green Solid Green Fast Blink The Sensor is performing Troubleshooting on 802.11b/g. Solid Green Solid Green Solid Green Slow Blink The Sensor is performing Intrusion Prevention on 802.11b/g. Solid Green Solid Green Fast Blink Solid Green The Sensor is performing Troubleshooting on 802.11a. Solid Green Solid Green Fast Blink Fast Blink Solid Green Solid Green Fast Blink Slow Blink Solid Green Solid Green Slow Blink Solid Green The Sensor is performing Intrusion Prevention on 802.11a. Solid Green Solid Green Slow Blink Fast Blink The Sensor is performing Intrusion Prevention on 802.11a and Troubleshooting on 802.11b/g. Solid Green Solid Green Slow Blink Slow Blink The Sensor is performing Intrusion Prevention on 802.11a and 802.11b/g. Solid Green Slow Blink Slow Blink Slow Blink The Sensor upgrade is in progress. The Sensor is performing Troubleshooting on 802.11a and 802.11b/g. The Sensor is performing Troubleshooting on 802.11a and Intrusion Prevention on 802.11b/g. 6ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ ServerȱandȱSensorȱOverviewȱ Solid Orange Solid Green Any Any The Sensor is unable to get Ethernet link. Solid Orange Fast Blink Any Any The Sensor did not receive a valid IP address via the DHCP. Solid Orange Slow Blink Any Any The Sensor is unable to connect to the Server. Any Solid Green Any Any Any Solid Green Off Off Off Solid Orange Solid Orange Off There is an error on 802.11a/b/g interfaces. The Sensor is experiencing a software error. The Sensor is not powered on or it is in the process of starting up. ȱ 3.3.2 SensorȱSSȬ300ȬATȱ TheȱfrontȱpanelȱofȱtheȱSensorȱhasȱLEDsȱthatȱindicateȱtheȱworkingȱofȱtheȱSensorȱ ȱ Figure 6. Table 5. Front View of Sensor SS-300-AT LED Details for Sensor SS-300-AT LED1 or Power LED2 or LAN LED3 or 802.11an LED4 or 802.11 b/gn Description Solid Green Solid Green Solid Green Solid Green The Sensor is receiving power and is working normally. The Sensor is connected to the Server. Solid Green Solid Green Solid Green Fast Blink The Sensor is performing Troubleshooting on 802.11b/g/n. Solid Green Solid Green Solid Green Slow Blink The Sensor is performing Intrusion Prevention on 802.11b/g/n. Solid Green Solid Green Fast Blink Solid Green The Sensor is performing Troubleshooting on 802.11a/n. Solid Green Solid Green Fast Blink Fast Blink Solid Green Solid Green Fast Blink Slow Blink Solid Green Solid Green Slow Blink Solid Green Solid Green Solid Green Slow Blink Fast Blink Solid Green Solid Green Slow Blink Slow Blink The Sensor is performing Troubleshooting on 802.11a/n and 802.11b/g/n. The Sensor is performing Troubleshooting on 802.11a/n and Intrusion Prevention on 802.11b/g/n. The Sensor is performing Intrusion Prevention on 802.11a/n. The Sensor is performing Intrusion Prevention on 802.11a/n and Troubleshooting on 802.11b/g/n. The Sensor is performing Intrusion Prevention on 802.11a/n and 802.11b/g/n. 7ȱ SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® ServerȱandȱSensorȱOverviewȱ Solid Green Solid Orange Slow Blink Slow Blink Slow Blink The Sensor upgrade is in progress. Solid Green Any Any The Sensor is unable to get Ethernet link. Solid Orange Fast Blink Any Any The Sensor did not receive a valid IP address via the DHCP. Solid Orange Slow Blink Any Any The Sensor is unable to connect to the Server. Any Solid Green Any Any Any Solid Green Off Off Off Solid Orange Solid Orange Off There is an error on 802.11a/b/g/n interfaces. The Sensor is experiencing a software error. The Sensor is not powered on or it is in the process of starting up. ȱ 3.4 RearȱPanelȱofȱSensorȱSSȬ200ȬATȱ TheȱrearȱpanelȱofȱtheȱSensorȱSSȬ200ȬATȱhasȱaȱpowerȱconnectorȱandȱportsȱthatȱenableȱyouȱtoȱpowerȱupȱtheȱdeviceȱandȱconnectȱitȱ toȱtheȱnetworkȱorȱaȱcomputer.ȱ ȱ Figure 7. Rear Panel of Sensor TheȱSensorȱhasȱtheȱfollowingȱports:ȱ x Serialȱport:ȱConnectsȱtheȱSensorȱtoȱserialȱterminalȱemulationȱprogramsȱsuchȱasȱHyperȱTerminalȱforȱWindowsȱorȱ minicomȱforȱLinux.ȱ x Ethernetȱport:ȱConnectsȱtheȱSensorȱtoȱtheȱnetwork.ȱ x Resetȱswitch:ȱResetsȱtheȱSensorȱtoȱfactoryȱdefaults.ȱToȱresetȱtheȱSensor,ȱpressȱtheȱResetȱswitchȱandȱpowerȱcycleȱ (removeȱtheȱpowerȱcableȱonceȱandȱconnectȱitȱbackȱagain)ȱtheȱSensorȱtillȱallȱLEDsȱblinkȱgreen.ȱPressingȱ<Reset>ȱwhileȱ theȱSensorȱisȱrunningȱwillȱnotȱhaveȱanyȱeffect.ȱTheȱfollowingȱsettingsȱareȱreset:ȱ ¾ ConfigȱShellȱPasswordȱisȱresetȱtoȱconfig.ȱ ¾ ServerȱDiscoveryȱvalueȱisȱerasedȱandȱchangedȱtoȱtheȱdefault,ȱwifiȬsecurityȬserver.ȱ ¾ AllȱtheȱVLANȱconfigurationsȱareȱlost.ȱ ¾ SensorȱmodeȱisȱchangedȱtoȱSensorȱOnly.ȱ ¾ IfȱstaticȱIPȱwasȱconfiguredȱonȱtheȱSensor,ȱtheȱIPȱisȱerasedȱandȱDHCPȱmodeȱisȱset.ȱ Afterȱreset,ȱallȱtheȱLEDsȱwillȱblinkȱonce,ȱimplyingȱthatȱtheȱresetȱisȱsuccessful.ȱ 8ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ ServerȱandȱSensorȱOverviewȱ Table 6. Port Serial Rear Panel Port Settings for SS-200-AT Description Connector Type Enables a serial connection to establish terminal sessions; used for launching Config Shell sessions Speed/Protocol Settings: Bits per second: 9600 Data Bits: 8 Parity: None Stop Bits: 1 Flow Control: None DB-9 Protocol: RS-232 Ethernet Enables the device to be connected to the wired LAN through a switch or a hub. This connection allows the Sensor to communicate with the Server Settings: 10/100 Mbps RJ-45 Protocol: Ethernet ȱ Note:ȱTheȱSpeed/ProtocolȱsettingsȱmentionedȱinȱtheȱaboveȱtableȱareȱtheȱsameȱforȱHypeȱTerminalȱandȱminicom.ȱ 3.5 RearȱandȱSideȱPanelsȱofȱSensorȱSSȬ300ȬATȱ TheȱrearȱpanelȱofȱtheȱSensorȱSSȬ300ȬATȱhasȱanȱEthernetȱportȱthatȱenablesȱtheȱdeviceȱtoȱbeȱconnectedȱtoȱtheȱwiredȱLANȱthroughȱ aȱswitchȱorȱaȱhubȱandȱalsoȱprovidesȱtheȱpowerȱforȱtheȱdeviceȱusingȱ802.3afȱstandard.ȱȱ ȱ Figure 8. Rear Panel of Sensor SS-300-AT TheȱSensorȱhasȱtheȱfollowingȱports:ȱ x Ethernetȱport:ȱConnectsȱtheȱSensorȱtoȱtheȱnetworkȱandȱalsoȱprovidesȱtheȱpower.ȱ Table 7. Rear Panel Port Settings for SS-300-AT Port Description Connector Type Speed/Protocol Ethernet This enables the device to be connected to the wired LAN through a switch or a hub. This connection allows the SpectraGuard Sensor to communicate with the SpectraGuard Enterprise® Server. This port also provides the power for the device using 802.3af standard RJ-45 10/100/1000 Mbps Ethernet Power over Ethernet ȱ Note:ȱTheȱSpeed/ProtocolȱsettingsȱmentionedȱinȱtheȱaboveȱtableȱareȱtheȱsameȱforȱHypeȱTerminalȱandȱminicom.ȱ 9ȱ SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® ServerȱandȱSensorȱOverviewȱ ȱ TheȱsideȱpanelȱofȱtheȱSensorȱSSȬ300ȬATȱhasȱaȱResetȱSwitchȱandȱaȱSerialȱPort.ȱȱ ȱ Figure 9. Side Panel of Sensor SS-300-AT Theȱsideȱpanelȱhasȱtheȱfollowingȱports:ȱ x Serialȱport:ȱConnectsȱtheȱSensorȱtoȱserialȱterminalȱemulationȱprogramsȱsuchȱasȱHyperȱTerminalȱforȱWindowsȱorȱ minicomȱforȱLinuxȱ x Resetȱswitch:ȱResetsȱtheȱSensorȱtoȱfactoryȱdefaults.ȱToȱresetȱtheȱSensor,ȱpressȱtheȱResetȱswitchȱandȱpowerȱcycleȱ (removeȱtheȱpowerȱcableȱonceȱandȱconnectȱitȱbackȱagain)ȱtheȱSensorȱtillȱallȱLEDsȱblinkȱgreen.ȱPressingȱ<Reset>ȱwhileȱ theȱSensorȱisȱrunningȱwillȱnotȱhaveȱanyȱeffect.ȱTheȱfollowingȱsettingsȱareȱreset:ȱ ¾ ConfigȱShellȱPasswordȱisȱresetȱtoȱconfig.ȱ ¾ ServerȱDiscoveryȱvalueȱisȱerasedȱandȱchangedȱtoȱtheȱdefault,ȱwifiȬsecurityȬserver.ȱ ¾ AllȱtheȱVLANȱconfigurationsȱareȱlost.ȱ ¾ SensorȱmodeȱisȱchangedȱtoȱSensorȱOnly.ȱ ¾ IfȱstaticȱIPȱwasȱconfiguredȱonȱtheȱSensor,ȱtheȱIPȱisȱerasedȱandȱDHCPȱmodeȱisȱset.ȱ Afterȱreset,ȱallȱtheȱLEDsȱwillȱblinkȱonce,ȱimplyingȱthatȱtheȱresetȱisȱsuccessful.ȱ Table 8. Side Panel Port Settings for SS-300-AT Port Description Connector Type Speed/Protocol Reset Allows resetting of SpectraGuard Sensor™ to factory settings. Pin-hole push-button Hold down and power cycle the Sensor to reset Console Enables a serial connection to establish terminal sessions. Used for launching Config Shell sessions. RJ-45 RS 232 Serial Bits per second: 115200 Data Bits: 8 Parity: None Stop Bits: 1 Flow Control: None 10ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ InstallingȱtheȱServerȱ Chapterȱ4 InstallingȱtheȱServerȱ YouȱneedȱtoȱsetȱupȱtheȱServerȱbeforeȱusingȱitȱtoȱmonitorȱandȱprotectȱyourȱnetwork.ȱThisȱchapterȱexplainsȱhowȱtoȱconnectȱandȱ configureȱtheȱServer.ȱ 4.1 ConnectingȱtheȱServerȱ ThisȱinvolvesȱmountingȱtheȱServerȱappliance,ȱpoweringȱitȱup,ȱandȱconnectingȱitȱtoȱtheȱnetwork.ȱ 4.1.1 MountȱtheȱServerȱApplianceȱ PlaceȱtheȱServerȱonȱtheȱrackȱandȱmountȱitȱusingȱtheȱrackȱmountingȱaccessories.ȱ ȱ Figure 10. 4.1.2 Mount the Server PowerȱupȱtheȱServerȱ TheȱServerȱapplianceȱrunsȱatȱ110Ȭ240V,ȱ3Ȭ5A,ȱ50Ȭ60ȱHzȱACȱpower.ȱAirTight®ȱNetworksȱrecommendsȱthatȱyouȱprovideȱsurgeȬ freeȱstableȱpowerȱtoȱtheȱServer.ȱ 9 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® InstallingȱtheȱServerȱ ȱ Figure 11. Power up the Server ToȱpowerȱupȱtheȱServer,ȱperformȱtheȱfollowingȱsteps:ȱ 1. ConnectȱoneȱendȱofȱtheȱPowerȱcableȱtoȱtheȱPowerȱsocketȱonȱtheȱrearȱpanelȱofȱtheȱServer.ȱ 2. ConnectȱtheȱotherȱendȱofȱtheȱPowerȱcableȱtoȱaȱ110Ȭ240V,ȱ50/60ȱHzȱACȱpowerȱsource.ȱ 3. PressȱtheȱPowerȱswitchȱonȱtheȱfrontȱpanelȱofȱtheȱServer.ȱ Note:ȱOnȱconnectingȱtheȱPowerȱcable,ȱtheȱPowerȱLEDȱshouldȱturnȱsolidȱgreen.ȱ 4.1.3 ConnectȱtheȱServerȱtoȱtheȱNetworkȱ ConnectȱtheȱServerȱtoȱtheȱdesiredȱnetworkȱsegmentȱ(subnet).ȱTheȱServerȱshouldȱbeȱableȱtoȱcommunicateȱwithȱallȱtheȱnetworkȱ segmentsȱthatȱitȱtriesȱtoȱprotect.ȱ Warning!ȱTheȱdefaultȱIPȱaddressȱofȱtheȱServerȱisȱ192.168.1.246.ȱPleaseȱensureȱthatȱnoȱotherȱdeviceȱonȱyourȱnetworkȱusesȱtheȱsameȱIPȱ addressȱasȱtheȱServer.ȱConnectȱtheȱNetworkȱInterfaceȱPortȱonȱtheȱServerȱtoȱtheȱdesiredȱsubnetȱusingȱtheȱEthernetȱcableȱprovidedȱtoȱyouȱasȱ shownȱinȱtheȱfollowing.ȱDoȱnotȱconnectȱtheȱHighȱAvailabilityȱ(HA)ȱInterfaceȱPortȱtoȱtheȱsubnet.ȱ ȱ Figure 12. Connect the Server to the Network ToȱconnectȱtheȱServerȱtoȱtheȱnetwork,ȱperformȱtheȱfollowingȱsteps:ȱ 1. ConnectȱoneȱendȱofȱtheȱNetworkȱInterfaceȱcableȱtoȱtheȱNetworkȱInterfaceȱportȱonȱtheȱrearȱpanelȱofȱtheȱServer.ȱ 2. ConnectȱtheȱotherȱendȱofȱtheȱNetworkȱInterfaceȱcableȱtoȱtheȱNetworkȱInterfaceȱjackȱlocatedȱonȱtheȱwall.ȱ Note:ȱOnȱconnectingȱtheȱNetworkȱInterfaceȱcable,ȱtheȱNetworkȱInterfaceȱCardȱLEDȱshouldȱturnȱsolidȱgreen.ȱ 4.2 AccessingȱtheȱServerȱ YouȱcanȱaccessȱtheȱServerȱinȱtwoȱways:ȱ x UsingȱSSHȱSecureȱShellȱ(SSH)ȱClientȱtoȱaccessȱtheȱServerȱ(Recommended)ȱ x UsingȱaȱSerialȱRSȬ232ȱcableȱ 10ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ InstallingȱtheȱServerȱ 4.2.1 AccessingȱtheȱServerȱusingȱSSHȱ(Recommended)ȱ ToȱaccessȱtheȱServerȱusingȱSSH,ȱperformȱtheȱfollowingȱsteps:ȱ 1. ConnectȱyourȱcomputerȱtoȱtheȱsameȱsubnetȱwhereȱtheȱServerȱisȱconnected.ȱ Note:ȱTheȱdefaultȱIPȱaddressȱofȱtheȱServerȱisȱ192.168.1.246.ȱ 2. 3. 4. Changeȱyourȱcomputer’sȱIPȱaddressȱtoȱ192.168.1.XXX,ȱforȱexample,ȱ192.168.1.244.ȱ OpenȱSSHȱonȱyourȱcomputerȱandȱpressȱ<Enter>ȱorȱ<Space>ȱonȱtheȱSSHȱSecureȱShellȱdialog.ȱ AccessȱtheȱdefaultȱServerȱIPȱaddress,ȱ192.168.1.246ȱasȱshownȱinȱtheȱfollowingȱfigure.ȱ ȱ Figure 13. 5. Open SSH LoginȱusingȱtheȱUsername:ȱconfigȱandȱPassword:ȱconfig.ȱ 4.2.2 AccessingȱtheȱServerȱusingȱaȱSerialȱCableȱ Alternatively,ȱyouȱcanȱaccessȱtheȱServerȱusingȱaȱSerialȱRSȬ232ȱcableȱasȱshownȱinȱtheȱfollowingȱfigureȱandȱthenȱfollowingȱtheȱ stepsȱlistedȱbelowȱtheȱfigure.ȱ ȱ Figure 14. Connect the Server to your Computer using a Serial Cable 11 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® InstallingȱtheȱServerȱ 1. ForȱWindowsȱXP,ȱlaunchȱtheȱHyperTerminalȱapplicationȱbyȱclickingȱStartÆȱProgramsÆȱAccessoriesÆȱ CommunicationsÆȱHyperTerminalȱonȱyourȱdesktop.ȱ ȱ ȱ Figure 15. 2. Launch HyperTerminal Application DefineȱaȱnewȱHyperTerminalȱconnection.ȱ x Selectȱanȱiconȱtoȱidentifyȱtheȱnewȱconnection.ȱ x TypeȱtheȱuserȱdefinedȱnameȱforȱtheȱHyperTerminalȱconnectionȱinȱtheȱNameȱfieldȱ x Clickȱ<OK>ȱonȱtheȱConnectionȱDescriptionȱdialog.ȱ ȱ Figure 16. 3. Define a New HyperTerminal Connection for the system SpecifyȱtheȱHyperTerminalȱconnectionȱdetailsȱbyȱselectingȱorȱenteringȱtheȱappropriateȱconnectionȱdetailsȱandȱclickingȱ <OK>ȱonȱtheȱConnectȱToȱdialog.ȱ 12ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ InstallingȱtheȱServerȱ ȱ Figure 17. 4. Specify HyperTerminal Connection Details Editȱtheȱserialȱportȱsettingsȱasȱfollowsȱorȱclickȱ<RestoreȱDefaults>ȱtoȱensureȱproperȱcommunicationȱbetweenȱtheȱServerȱ andȱyourȱcomputer.ȱ x Bitsȱperȱsecond:ȱ9600ȱ x Dataȱbits:ȱ8ȱ x Parity:ȱNoneȱ x Stopȱbits:ȱ1ȱ x Flowȱcontrol:ȱNoneȱ ȱ Figure 18. 5. 6. 7. Edit Serial Port Settings Clickȱ<OK>ȱonȱtheȱCOMȱPropertiesȱdialog.ȱ Pressȱ<Enter>ȱorȱ<Space>ȱonȱtheȱHyperTerminalȱscreen.ȱTheȱloginȱpromptȱappears.ȱ LoginȱusingȱtheȱUsername:ȱconfigȱandȱPassword:ȱconfig.ȱ 13 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® InstallingȱtheȱServerȱ Important:ȱIfȱyouȱareȱconfiguringȱtheȱServerȱforȱHAȱmode,ȱyouȱcanȱskipȱtheȱServerȱInitializationȱandȱSetupȱwizardȱandȱgoȱtoȱtheȱconfigȱ prompt.ȱChangeȱtheȱconfigȱshellȱpassword,ȱsetȱtheȱtimeȱzone,ȱdateȱandȱtime,ȱsetȱtheȱServerȱID,ȱandȱthenȱuseȱtheȱsetȱhaȱcommandȱtoȱ configureȱtheȱServerȱinȱHAȱmode.ȱ 4.3 AccessingȱtheȱServerȱInitializationȱandȱSetupȱWizardȱ TheȱsimpleȱandȱintuitiveȱServerȱInitializationȱandȱSetupȱWizardȱallowsȱyouȱtoȱmapȱtheȱBackspaceȱkey,ȱchangeȱtheȱ configurationȱpassword,ȱsetȱtheȱdateȱandȱtimeȱandȱtheȱtimeȱzone,ȱchangeȱtheȱnetworkȱsettings,ȱandȱsetȱtheȱServerȱIDȱofȱtheȱ Server.ȱYouȱcanȱretainȱtheȱdefaultȱvaluesȱatȱeachȱstepȱbyȱpressingȱ<Enter>.ȱJustȱfollowȱtheȱinstructionsȱinȱtheȱInitializationȱandȱ SetupȱWizardȱtoȱconfigureȱtheȱServer.ȱTheȱwizardȱguidesȱyouȱthroughȱtheȱrestȱofȱtheȱsetupȱofȱtheȱServer.ȱ 4.3.1 ConfigureȱtheȱBackspaceȱKeyȱ MapȱtheȱBackspaceȱkeyȱtoȱworkȱproperlyȱusingȱtheȱsetȱeraseȱcommandȱasȱshownȱinȱtheȱfollowingȱfigure.ȱ ȱ Figure 19. Map the Backspace key TheȱServerȱInitializationȱandȱSetupȱWizardȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱ ȱ Figure 20. 4.3.2 Server Initialization and Setup Wizard Screen Stepȱ1:ȱChangeȱConfigȱShellȱPasswordȱ Forȱsecurityȱreasons,ȱAirTightȱrecommendsȱthatȱyouȱchangeȱtheȱconfigȱshellȱpassword.ȱTheȱServerȱdeliberatelyȱavoidsȱstrongȱ passwordȱcheckingȱbecauseȱitȱdoesȱnotȱwantȱtoȱforceȱpasswordsȱthatȱareȱdifficultȱtoȱremember.ȱ Theȱfollowingȱfigureȱshowsȱhowȱtoȱchangeȱtheȱconfigȱshellȱpassword.ȱ ȱ 14ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ InstallingȱtheȱServerȱ Figure 21. 4.3.3 Change Config Shell Password Stepȱ2:ȱChangeȱNetworkȱSettingsȱ TheȱnetworkȱsettingsȱofȱtheȱServerȱspecifyȱitsȱuniqueȱIPȱaddressȱonȱtheȱnetwork.ȱSensorsȱuseȱthisȱIPȱaddressȱtoȱidentifyȱtheȱ Server.ȱTheȱdefaultȱIPȱaddressȱassignedȱtoȱtheȱServerȱisȱ192.168.1.246.ȱ Important:ȱNoteȱtheȱnetworkȱsettingsȱonȱpaper.ȱIfȱyouȱforgetȱtheȱnetworkȱsettings,ȱyouȱcanȱnoȱlongerȱaccessȱtheȱServerȱoverȱtheȱnetworkȱ afterȱitȱisȱrebooted.ȱUseȱtheȱSerialȱcableȱtoȱaccessȱtheȱServerȱandȱchangeȱitsȱnetworkȱsettings.ȱ Toȱchangeȱtheȱnetworkȱsettings,ȱprovideȱtheȱfollowingȱinput.ȱ x IPȱAddress:ȱChooseȱanȱIPȱaddressȱthatȱisȱcompatibleȱwithȱtheȱnetworkȱsegmentȱonȱwhichȱtheȱServerȱisȱtoȱbeȱ connected.ȱTheȱServerȱshouldȱbelongȱtoȱtheȱsameȱsubnet.ȱ x SubnetȱMask:ȱEnterȱtheȱmaskȱofȱtheȱnetworkȱsegmentȱtoȱwhichȱtheȱServerȱisȱtoȱbeȱconnected.ȱ x GatewayȱIPȱAddress:ȱEnterȱtheȱIPȱaddressȱofȱtheȱgateway,ȱforȱtheȱsubnetȱonȱwhichȱthisȱServerȱisȱtoȱbeȱconnected.ȱ Ethernetȱtrafficȱfromȱtheȱsubnetȱisȱforwardedȱtoȱanotherȱnetworkȱthroughȱtheȱgateway.ȱ x PrimaryȱDNSȱIPȱAddress:ȱSpecifyȱtheȱIPȱaddressȱofȱtheȱprimaryȱDNSȱServerȱusedȱbyȱtheȱenterpriseȱserverȱtoȱresolveȱ DNSȱentries.ȱ x SecondaryȱDNSȱIPȱAddress:ȱSpecifyȱtheȱIPȱaddressȱofȱtheȱsecondaryȱ(alternate)ȱDNSȱServerȱusedȱbyȱtheȱenterpriseȱ serverȱtoȱresolveȱDNSȱentries.ȱ x TertiaryȱDNSȱIPȱAddress:ȱSpecifyȱtheȱIPȱaddressȱofȱtheȱtertiaryȱ(alternate)ȱDNSȱServerȱusedȱbyȱtheȱenterpriseȱserverȱ toȱresolveȱDNSȱentries.ȱ x DNSȱSuffix:ȱAppendȱthisȱsuffixȱtoȱtheȱunqualifiedȱdomainȱnameȱtoȱgenerateȱaȱfullyȱqualifiedȱdomainȱname.ȱ Theȱfollowingȱfiguresȱshowȱhowȱtoȱchangeȱtheȱnetworkȱsettings.ȱ 15 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® InstallingȱtheȱServerȱ ȱ Figure 22. Change Network Settings ȱ Figure 23. 4.3.4 Confirm Network Settings Changes Stepȱ3:ȱSetȱServerȱTimeȱZone,ȱDateȱandȱTimeȱSettingsȱ ToȱsetȱtheȱTimeȱZoneȱ(TZ)ȱcorrectly,ȱselectȱaȱcontinent,ȱaȱcountry,ȱandȱthenȱaȱtimeȱzoneȱregion.ȱYouȱcanȱuseȱtheȱNetworkȱTimeȱ ProtocolȱNTPȱ(NTP)ȱtoȱsynchronizeȱtheȱServerȱclockȱwithȱanotherȱServerȱorȱreferenceȱtimeȱsourceȱbyȱspecifyingȱtheȱIPȱaddressȱ orȱtheȱURLȱofȱtheȱNTPȱServer.ȱ Theȱfollowingȱfiveȱfiguresȱshowȱhowȱtoȱchangeȱtheȱtimeȱzoneȱsettingsȱandȱtheȱdateȱandȱtimeȱsettings.ȱ 16ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ InstallingȱtheȱServerȱ ȱ Figure 24. Specify Continent and Country for Time Zone Settings 17 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® InstallingȱtheȱServerȱ ȱ Figure 25. Select Time Zone Region ȱ Figure 26. Specify IP Address of NTP Server for Synchronization YouȱcanȱalsoȱspecifyȱtheȱtimeȱzoneȱusingȱtheȱPosixȱTZȱ1formatȱasȱshownȱinȱtheȱfollowingȱfigure.ȱ ȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱ ȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱȱ 1ȱInȱPosixȱTZȱsystems,ȱaȱuserȱcanȱspecifyȱtheȱtimeȱzoneȱbyȱmeansȱofȱtheȱTZȱenvironmentȱvariable.ȱTheȱformatȱusedȱwhenȱthereȱ isȱnoȱDaylightȱSavingȱTimeȱ(orȱsummerȱtime)ȱinȱtheȱlocalȱtimeȱzoneȱisȱstdȱoffset,ȱwhereȱ‘std’ȱspecifiesȱtheȱnameȱofȱtheȱtimeȱ zoneȱandȱ‘offset’ȱspecifiesȱtheȱtimeȱvalueȱoneȱmustȱaddȱtoȱtheȱlocalȱtimeȱtoȱgetȱaȱCoordinatedȱUniversalȱTimeȱvalue.ȱItȱhasȱaȱ syntaxȱ[+ȱ|Ȭ]ȱhhȱ[:ȱmmȱ[:ȱss]].ȱThisȱisȱpositiveȱifȱtheȱlocalȱtimeȱzoneȱisȱwestȱofȱtheȱPrimeȱMeridianȱandȱnegativeȱifȱitȱisȱeast.ȱTheȱ hourȱmustȱbeȱbetweenȱ0ȱandȱ24,ȱandȱtheȱminuteȱandȱsecondsȱbetweenȱ0ȱandȱ59.ȱ 18ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ InstallingȱtheȱServerȱ ȱ Figure 27. Specify Time Zone using Posix TZ format ȱ Figure 28. Specify Date and Time Important:ȱOnȱtheȱDateȱandȱTimeȱsettingsȱscreen,ȱifȱtheȱdayȱexceedsȱ31ȱandȱtheȱmonthȱexceedsȱ12,ȱtheȱsystemȱautomaticallyȱsetsȱtheȱdayȱ toȱ31ȱandȱmonthȱtoȱ12.ȱ 4.3.5 Stepȱ4:ȱSetȱServerȱIDȱSettingsȱ TheȱServerȱIDȱisȱidentifiesȱaȱuniqueȱServerȱinstanceȱwhenȱthereȱareȱmultipleȱServerȱinstancesȱonȱtheȱnetwork.ȱSensorsȱcanȱbeȱ configuredȱtoȱcommunicateȱwithȱaȱspecificȱServerȱinstance.ȱTheȱdefaultȱServerȱIDȱisȱ1.ȱ Recommended:ȱServerȱIDȱsettingȱisȱimportantȱonlyȱifȱyouȱhaveȱaȱmultiȱServerȱinstallation.ȱIfȱyouȱhaveȱonlyȱoneȱServer,ȱtheȱServerȱIDȱ shouldȱbeȱleftȱatȱtheȱdefaultȱvalueȱ1.ȱ TheȱfollowingȱfigureȱshowsȱhowȱtoȱsetȱtheȱServerȱID.ȱ 19 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® InstallingȱtheȱServerȱ ȱ Figure 29. Set Server ID TheȱServerȱinitializationȱcompletionȱmessageȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱ ȱ Figure 30. Server Setup Completion Screen 20ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ InstallingȱtheȱServerȱ ȱ Figure 31. Generating Certificate for Web Server PressȱyȱtoȱrebootȱtheȱServerȱforȱtheȱchangesȱtoȱtakeȱeffect.ȱIfȱyouȱchooseȱtoȱrebootȱlaterȱpressȱn.ȱTheȱServerȱConfigȱShell.promptȱ appears.ȱYouȱneedȱtoȱrebootȱtheȱServerȱonȱcompletionȱofȱtheȱInitializationȱandȱSetupȱWizardȱbeforeȱyouȱaccessȱtheȱServerȱ Consoleȱ(“GUI”).ȱ Note:ȱOnȱtheȱServerȱConfigȱShellȱprompt,ȱtypeȱtheȱcommandȱhelpȱtoȱviewȱtheȱlistȱofȱavailableȱcommands.ȱ 4.3.6 SetȱupȱtheȱServerȱDNSȱEntryȱ AddȱaȱDNSȱentryȱ‘wifiȬsecurityȬserver’ȱinȱyourȱorganization’s/enterpriseȱDNSȱServer.ȱThisȱentryȱshouldȱpointȱtoȱtheȱNetworkȱ InterfaceȱIPȱAddressȱofȱtheȱServerȱconfiguredȱinȱStepȱ2:ȱChangeȱNetworkȱSettings.ȱ Addingȱthisȱentryȱservesȱtwoȱpurposes:ȱ x SensorsȱcanȱconnectȱtoȱtheȱServerȱwithȱzeroȱconfigurationȱifȱtheyȱareȱconnectedȱtoȱaȱDHCPȱenabledȱsubnet.ȱ x YouȱcanȱaccessȱtheȱServerȱusingȱtheȱaddressȱ‘https://wifiȬsecurityȬserver’.ȱ 4.4 LaunchingȱtheȱSystemȱConsoleȱ(GUI)ȱ 4.4.1 SystemȱRequirementsȱ Ensureȱthatȱtheȱfollowingȱhardwareȱandȱsoftwareȱisȱavailableȱonȱyourȱcomputerȱbeforeȱlaunchingȱtheȱsystem.ȱ Table 9. Hardware Requirements Hardware Requirements Processor Intel P4 X86 architecture platform (or equivalent) Processor Speed 1.4 GHz (minimum) Memory 512 MB (minimum) Screen Resolution 1024X768 (recommended) ȱ Table 10. Software Requirements Software Requirements Operating System (OS) Windows 2000 or XP Browser Internet Explorer (IE) 5.5 or higher Java Runtime Environment (JRE) version JRE 1.6.0 or above ȱ 21 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® InstallingȱtheȱServerȱ Recommended:ȱInȱIE,ȱunderȱToolsÆInternetȱOptionsÆȱAdvanced,ȱdeselectȱtheȱoption,ȱReuseȱwindowsȱforȱlaunchingȱshortcuts.ȱ Additionally,ȱunderȱToolsÆPopȬupȱBlocker,ȱselectȱTurnȱOffȱPopȬupȱBlocker.ȱ ToȱlaunchȱtheȱConsole,ȱperformȱtheȱfollowingȱsteps:ȱ 1. LaunchȱaȱWebȱbrowserȱsuchȱasȱIEȱ5.5ȱorȱhigherȱonȱaȱclientȱcomputerȱonȱtheȱnetworkȱthatȱhasȱWindowsȱ2000ȱorȱXPȱ OperatingȱSystemȱ(OS).ȱ 2. EnterȱtheȱdefaultȱIPȱAddressȱforȱtheȱServer,ȱthatȱis,ȱ192.168.1.246.ȱ 3. Clickȱ<Yes>ȱonȱeachȱofȱtheȱsecurityȱmessageȱpopȬupȱdialogsȱtoȱproceed.ȱ ȱ Figure 32. Web Site Certificate Verification Theȱdialogȱshownȱbelowȱappearsȱunderȱtheȱfollowingȱconditions:ȱ x Ifȱtheȱcorrectȱversion,ȱthatȱis,ȱSunȱJREȱ1.6.0ȱisȱnotȱdetectedȱonȱyourȱcomputerȱ x Ifȱtheȱversionȱinstalledȱhasȱnotȱbeenȱactivatedȱforȱusageȱ ȱ Figure 33. 4. Installing JRE DisableȱallȱpopȬupȱblockersȱactiveȱonȱyourȱWebȱbrowserȱtoȱeliminateȱtheȱwarningȱmessageȱshownȱinȱtheȱfollowingȱfigure.ȱ ȱ Figure 34. Pop-up Blocker Message 22ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ InstallingȱtheȱServerȱ ȱ Figure 35. Detecting Java Runtime Environment (JRE) ȱ Figure 36. 5. Web Site Certificate Warning AddȱaȱDNSȱentryȱforȱtheȱhostnameȱwifiȬsecurityȬserverȱandȱtheȱIPȱaddressȱofȱtheȱServerȱinȱtheȱhostsȱfileȱofȱtheȱclientȱ computerȱtoȱeliminateȱtheȱwarningȱshownȱinȱtheȱfollowingȱfigure.ȱ Theȱhostsȱfileȱisȱlocatedȱatȱtheȱfollowingȱpath:ȱ x C:\WINNT\system32\drivers\etc\hosts,ȱforȱWindowsȱ2000ȱ x C:\windows\system32\drivers\etc\hosts,ȱforȱWindowsȱXPȱ 6. SaveȱtheȱhostsȱfileȱandȱrestartȱtheȱbrowserȱtoȱinvokeȱtheȱConsole.ȱ ȱ Figure 37. Hostname Mismatch Warning 23 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® InstallingȱtheȱServerȱ ȱ Figure 38. 4.5 1. 2. Digital Signature Verified ActivatingȱtheȱLicenseȱ SaveȱtheȱlicenseȱkeyȱfileȱshippedȱwithȱtheȱServerȱonȱyourȱdesktop.ȱ Browseȱtoȱtheȱlicenseȱkeyȱfileȱandȱselectȱit.ȱClickȱ<Apply>.ȱ ȱ Figure 39. Activate License Ifȱtheȱlicenseȱkeyȱisȱvalid,ȱyouȱwillȱseeȱtheȱLoginȱscreen.ȱOtherwise,ȱyouȱwillȱseeȱanȱerrorȱmessage.ȱ 24ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ InstallingȱtheȱSensorȱ Chapterȱ5 InstallingȱtheȱSensorȱȱ SensorȱisȱtheȱprobeȱthatȱmonitorsȱyourȱnetworkȱandȱcommunicatesȱwithȱtheȱServerȱtoȱguardȱyourȱcorporateȱnetworkȱagainstȱ overȬtheȬairȱattacks.ȱTheȱSensorȱmustȱbeȱpluggedȱtoȱyourȱcorporateȱnetworkȱtoȱperformȱtheȱaboveȱoperations.ȱ Sensorȱcanȱbeȱconfiguredȱinȱoneȱofȱtheȱfollowingȱthreeȱmodes:ȱ x SensorȱOnlyȱ(SO)ȱMode:ȱThisȱisȱtheȱdefaultȱmode.ȱInȱthisȱmode,ȱtheȱSensorȱshouldȱbeȱconnectedȱintoȱanȱaccessȱportȱ onȱaȱswitch.ȱItȱthenȱmonitorsȱaȱsingleȱVLANȱthatȱisȱconfiguredȱonȱthatȱaccessȱport.ȱTheȱwirelessȱinterfaceȱofȱtheȱ Sensorȱisȱenabled.ȱ x NetworkȱDetectorȱ(ND)ȱMode:ȱThisȱmodeȱneedsȱtoȱbeȱexplicitlyȱconfigured.ȱInȱthisȱmode,ȱtheȱNDȱshouldȱbeȱ connectedȱintoȱaȱtrunkȱportȱ(802.1Qȱcapable)ȱonȱaȱswitch.ȱItȱthenȱmonitorsȱmultipleȱVLANsȱthatȱareȱconfiguredȱonȱ thatȱtrunkȱportȱandȱareȱchosenȱbyȱtheȱuserȱusingȱtheȱNDȱCLI.ȱTheȱwirelessȱinterfaceȱofȱtheȱNDȱisȱdisabled.ȱAnȱSSȬ200Ȭ ATȱSensorȱinȱNDȱmodeȱcanȱmonitorȱupȱtoȱ32ȱVLANs.ȱSimilarly,ȱanȱSSȬ300ȬATȱcanȱmonitorȱuptoȱ100ȱVLANs.ȱ x Sensor/NDȱComboȱ(SNDC)ȱMode:ȱThisȱmodeȱneedsȱtoȱbeȱexplicitlyȱconfigured.ȱInȱthisȱmode,ȱtheȱSensorȱshouldȱbeȱ connectedȱintoȱaȱtrunkȱportȱ(802.1Qȱcapable)ȱonȱaȱswitch.ȱItȱthenȱmonitorsȱmultipleȱVLANsȱthatȱareȱconfiguredȱonȱ thatȱtrunkȱportȱandȱareȱchosenȱbyȱtheȱuserȱusingȱtheȱNDȱCLI.ȱTheȱwirelessȱinterfaceȱofȱtheȱSensorȱisȱenabled.ȱAȱSSȬ 200ȬATȱSensorȱinȱSNDCȱmodeȱcanȱmonitorȱupȱtoȱ4ȱVLAN.ȱSimilarly,ȱanȱSSȬ300ȬATȱcanȱmonitorȱuptoȱ16ȱVLANs.ȱ Important:ȱToȱpreventȱabuseȱandȱintrusionȱbyȱunauthorizedȱpersonnel,ȱitȱisȱextremelyȱimportantȱtoȱinstallȱtheȱSensorȱsuchȱthatȱitȱisȱ difficultȱtoȱunplugȱtheȱdeviceȱfromȱtheȱnetworkȱorȱfromȱtheȱpowerȱoutlet.ȱ 5.1 ZeroȱConfigurationȱofȱSensorsȱ Zeroȱconfigurationȱisȱrequiredȱifȱtheȱfollowingȱconditionsȱareȱsatisfied:ȱ x TheȱSensorȱisȱinȱSOȱmode.ȱ x AȱDNSȱentryȱ‘wifiȬsecurityȬserver’ȱisȱsetȱupȱonȱallȱDNSȱServers.ȱThisȱentryȱshouldȱpointȱtoȱtheȱIPȱaddressȱofȱtheȱ Server.ȱByȱdefaultȱtheȱSensorȱlooksȱforȱtheȱServerȱDNSȱentryȱ‘wifiȬsecurityȬserver’.ȱ x SensorȱisȱplacedȱonȱaȱsubnetȱthatȱisȱDHCPȱenabled.ȱ Important:ȱIfȱaȱSensorȱisȱplacedȱonȱaȱnetworkȱsegmentȱthatȱisȱseparatedȱfromȱtheȱServerȱbyȱaȱfirewall,ȱyouȱmustȱfirstȱopenȱportȱ3851ȱforȱ UserȱDatagramȱProtocolȱ(UDP)ȱandȱTransportȱControlȱProtocolȱ(TCP)ȱbidirectionalȱtrafficȱonȱthatȱfirewall.ȱThisȱportȱnumberȱisȱassignedȱ toȱAirTight®ȱNetworks.ȱIfȱmultipleȱSensorsȱareȱsetȱupȱtoȱconnectȱtoȱmultipleȱServers,ȱzeroȱconfigurationȱisȱnotȱpossible.ȱInȱthisȱcaseȱ manualȱconfigurationȱofȱSensorsȱisȱneeded.ȱReferȱtoȱManuallyȱConfiguringȱtheȱSensorȱforȱdetails.ȱ TheȱstepsȱtoȱinstallȱtheȱSensorȱwithȱnoȱconfigurationȱ(zeroȱconfiguration)ȱareȱasȱfollows.ȱ x MountȱtheȱSensorȱ x PowerȱupȱtheȱSensorȱ x ConnectȱtheȱSensorȱtoȱtheȱnetworkȱ 5.2 ConnectingȱtheȱSensorȱ ThisȱinvolvesȱmountingȱtheȱSensor,ȱpoweringȱitȱup,ȱandȱconnectingȱitȱtoȱtheȱnetwork.ȱ 5.2.1 MountȱtheȱSSȬ200ȬATȱSensorȱ TakeȱaȱconfiguredȱSensor,ȱthatȱis,ȱmakeȱsureȱthatȱtheȱSensorȱisȱgivenȱaȱstaticȱIPȱorȱtheȱsettingsȱhaveȱbeenȱchangedȱforȱDHCP.ȱ NoteȱtheȱMACȱaddressȱandȱtheȱIPȱaddressȱofȱtheȱSensorȱinȱaȱsafeȱplaceȱbeforeȱitȱisȱinstalledȱinȱaȱhardȬtoȬreachȱlocation.ȱTheȱ MACȱaddressȱofȱtheȱSensorȱisȱprintedȱonȱaȱlabelȱatȱtheȱbottomȱofȱtheȱproductȱandȱtheȱpackagingȱbox.ȱ Recommended:ȱYouȱshouldȱlabelȱtheȱSensorsȱusingȱMACȱaddressesȱorȱatȱleastȱyourȱownȱconvention.ȱForȱexample,ȱuseȱserialȱnumbers,ȱsoȱ thatȱyouȱcanȱeasilyȱidentifyȱtheȱSensors.ȱ 5.2.1.1 CeilingȱMountingȱ ToȱmountȱtheȱSensorȱtoȱaȱceiling,ȱperformȱtheȱfollowingȱsteps:ȱ 1. Placeȱtheȱmountingȱbracket/mountȱonȱtheȱSensorȱandȱalignȱtheȱbracketȱslotsȱwithȱthoseȱonȱtheȱSensorȱasȱshownȱinȱtheȱ followingȱfigure.ȱ ȱ 25 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® InstallingȱtheȱSensorȱ ȱ Figure 40. 2. Aligning the Sensor and Mount Slots SlideȱtheȱmountȱandȱbendȱtheȱtwoȱretainingȱplatesȱforwardȱtoȱpreventȱtheȱSensorȱfromȱslidingȱasȱshownȱinȱtheȱfollowingȱ figure.ȱ ȱ Figure 41. Fixing the Mounting Bracket to the Sensor Note:ȱYouȱneedȱtoȱuseȱonlyȱoneȱofȱtheȱtwoȱtabsȱonȱtheȱmountȱatȱaȱtime.ȱForȱU.SȱInstallations,ȱuseȱtheȱtabȱnearestȱtheȱedgeȱforȱdropȱ ceiling/tȬbarsȱthatȱareȱapproximatelyȱ1ȱinchȱwide.ȱYouȱneedȱtoȱbendȱtheȱinnerȱtabȱforȱtheȱsmallerȱEuropeanȱdropȱceilingsȱsoȱitȱisȱ flush/flatȱwithȱtheȱbottomȱofȱtheȱmount.ȱTherefore,ȱtheȱinnerȱtabȱdoesȱnotȱprotrudeȱatȱall.ȱYouȱneedȱtoȱbendȱdownȱtheȱtabȱforȱUSȱdropȱ ceilingsȱsoȱthatȱitȱprotrudesȱapproximatelyȱ¼ȱinchȱfromȱtheȱbottom.ȱForȱEuropeanȱInstallations,ȱuseȱtheȱinnerȱtabȱforȱdropȱceilings/tȬ barsȱthatȱareȱapproximatelyȱ½ȱinchȱwide.ȱ ȱ Figure 42. 3. Tab orientations for US Installations PressȱtheȱSensor/bracketȱmountȱagainstȱtheȱtȬbarȱatȱanȱangleȱwithȱtheȱtȬbarȱrunningȱbetweenȱtheȱtwoȱtabsȱthatȱwillȱ eventuallyȱgrabȱtheȱdropȱceilingȱtȬbarȱasȱshownȱinȱtheȱfollowingȱfigure.ȱ 26ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ InstallingȱtheȱSensorȱ ȱ Figure 43. 4. Pressing the Mount against the T-Bar Turn/twistȱtheȱmountȱsoȱthatȱtheȱtwoȱtabsȱbeginȱtoȱengageȱtheȱtȬbarȱandȱtheȱtȬbarȱpassesȱoverȱtheȱEuropeanȱtab,ȱwhichȱwasȱ pushedȱdownȱflush.ȱTheȱtȬbarȱshouldȱalsoȱpushȱagainstȱtheȱUSȱtab,ȱwhichȱwasȱbentȱupȱapproximatelyȱ¼ȱinchȱasȱshownȱinȱ theȱfollowingȱfigure.ȱ ȱ Figure 44. 5. Initial Twisting of the Mount Turn/twistȱtheȱmountȱallȱtheȱway,ȱsoȱthatȱtheȱtwoȱtabsȱcompletelyȱengageȱtheȱtȬbar.ȱTheȱUSȱtabȱbendsȱupȱapproximatelyȱ¼ȱ inchȱandȱpushesȱagainstȱtheȱsideȱofȱtheȱtȬbarȱpreventingȱtheȱmountȱfromȱtwistingȱbackwardȱandȱdisengagingȱformȱtheȱtȬ barȱasȱshownȱinȱtheȱfollowingȱfigures.ȱ ȱ Figure 45. 5.2.1.2 Final Twisting of the Mount with the US tab supporting the Mount FlatȱSurfaceȱInstallationȱ YouȱcanȱplaceȱtheȱSensorȱonȱaȱflatȱsurfaceȱsuchȱasȱaȱtable,ȱdesktop,ȱorȱfilingȱcabinet.ȱDoȱnotȱinstallȱtheȱSensorȱonȱanyȱtypeȱofȱ metalȱsurface.ȱIfȱyouȱchooseȱaȱflatȱsurfaceȱmount,ȱselectȱaȱlocationȱthatȱisȱclearȱofȱobstructionsȱandȱprovidesȱgoodȱreception.ȱ 27 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® InstallingȱtheȱSensorȱ ȱ Figure 46. Flat Surface Installation Recommended:ȱAirTightȱdoesȱnotȱrecommendȱwallȱmountingȱofȱtheȱSensorȱasȱitȱusesȱomniȱdirectionalȱantennas.ȱ 5.2.2 MountȱtheȱSSȬ300ȬATȱSensorȱ TakeȱaȱconfiguredȱSensor,ȱthatȱis,ȱmakeȱsureȱthatȱtheȱSensorȱisȱgivenȱaȱstaticȱIPȱorȱtheȱsettingsȱhaveȱbeenȱchangedȱforȱDHCP.ȱ NoteȱtheȱMACȱaddressȱandȱtheȱIPȱaddressȱofȱtheȱSensorȱinȱaȱsafeȱplaceȱbeforeȱitȱisȱinstalledȱinȱaȱhardȬtoȬreachȱlocation.ȱTheȱ MACȱaddressȱofȱtheȱSensorȱisȱprintedȱonȱaȱlabelȱatȱtheȱbottomȱofȱtheȱproduct.ȱ Recommended:ȱYouȱshouldȱlabelȱtheȱSensorsȱusingȱMACȱaddressesȱorȱatȱleastȱyourȱownȱconvention.ȱForȱexample,ȱuseȱserialȱnumbers,ȱsoȱ thatȱyouȱcanȱeasilyȱidentifyȱtheȱSensors.ȱ 5.2.2.1 Ceiling/WallȱMountingȱ ToȱinstallȱtheȱSensorȱonȱaȱwallȱorȱceiling,ȱuseȱtheȱmountingȱbracketȱthatȱcomesȱwithȱtheȱdevice.ȱFollowȱtheseȱsteps:ȱ 1. ȱFollowingȱtheseȱguidelines,ȱscrewȱtheȱmountingȱbracketȱtoȱaȱwallȱorȱceiling:ȱ x Theȱmountingȱbracketȱtabsȱshouldȱbeȱpointingȱupward.ȱ x Ifȱmountingȱtoȱdrywall,ȱuseȱtheȱ4ȱscrewsȱandȱ4ȱwallȱanchors.ȱ x IfȱmountingȱtoȱanȱEUȱelectricalȱboxȱ(60.3mm),ȱuseȱ2ȱthreadedȱscrewsȱandȱinsertȱintoȱtheȱholesȱmarkedȱ“A”ȱinȱtheȱ diagramȱshownȱbelow.ȱ x IfȱmountingȱtoȱaȱUSȱelectricalȱboxȱ(83.3mm),ȱuseȱ2ȱthreadedȱscrewsȱandȱinsertȱintoȱtheȱholesȱmarkedȱ“B”ȱinȱtheȱ diagramȱshownȱbelow.ȱ ȱ Figure 47. 2. 3. Holes for inserting screws ConnectȱtheȱEthernetȱcableȱ(forȱpowerȱandȱnetworkȱconnection)ȱtoȱtheȱLANȱportȱonȱtheȱbackȱofȱtheȱSensor.ȱ ToȱmountȱtheȱSensorȱontoȱtheȱmountingȱbracket,ȱinsertȱtheȱmountingȬbracketȱtabsȱintoȱtheȱslotsȱonȱtheȱbackȱofȱtheȱAP.ȱ IMPORTANT:ȱIfȱyouȱareȱmountingȱtheȱSensorȱonȱaȱwall,ȱyouȱcannotȱuseȱtheȱslotsȱonȱtheȱbottomȱnarrowȱedgeȱofȱtheȱdevice.ȱInstead,ȱtheȱ slotsȱonȱtheȱbackȱofȱtheȱSensorȱmustȱbeȱused.ȱ 5.2.2.2 FlatȱSurfaceȱInstallationȱ ToȱinstallȱtheȱSensorȱonȱaȱflatȱsurfaceȱsuchȱasȱaȱtableȱorȱdesktop,ȱfollowȱtheseȱsteps:ȱ 28ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ InstallingȱtheȱSensorȱ 1. InsertȱtheȱtabsȱonȱtheȱtableȱstandȱintoȱtheȱslotsȱonȱtheȱsideȱofȱtheȱSensor,ȱasȱshownȱinȱtheȱillustration.ȱAlignȱtheȱcableȱ routingȱcutȱoutȱtowardȱtheȱupperȱpartȱofȱtheȱstand.ȱ ȱ Figure 48. 2. Inserting tabs on the table stand ToȱlockȱtheȱstandȱtoȱtheȱSensor,ȱslideȱtheȱstandȱbackȱandȱtheȱSensorȱforward,ȱasȱshownȱhere:ȱ ȱ Figure 49. 3. Locking the Stand to the Sensor PlaceȱtheȱSensorȱandȱtableȱstandȱonȱtheȱtable.ȱ ȱ Figure 50. 4. Sensor Mount on a Table ConnectȱtheȱEthernetȱcableȱforȱpowerȱandȱnetworkȱconnectionȱtoȱtheȱLANȱportȱonȱtheȱbackȱofȱtheȱAP.ȱ 5.2.3 PowerȱupȱtheȱSensorȱ AnȱSSȬ200ȬATȱSensorȱrunsȱonȱaȱ5VȱDCȱconnection.ȱUseȱtheȱpowerȱadapterȱprovidedȱtoȱpowerȱtheȱSensorȱfromȱanȱ110V~240Vȱ 50/60ȱHzȱACȱpowerȱconnection.ȱ ToȱpowerȱupȱtheȱSensor,ȱperformȱtheȱfollowingȱsteps:ȱ 29 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® InstallingȱtheȱSensorȱ 1. 2. PlugȱtheȱpowerȱcableȱintoȱtheȱDCȱpowerȱreceptacleȱatȱtheȱrearȱofȱtheȱSensor.ȱ Plugȱtheȱotherȱendȱofȱtheȱpowerȱcableȱintoȱanȱ110V~240Vȱ50/60ȱHzȱACȱpowerȱsource.ȱ ȱ Figure 51. Power up the Sensor Waitȱforȱtwoȱminutes!ȱ 3. CheckȱtheȱStatusȱLEDs.ȱYouȱwillȱseeȱLED1ȱturnȱOrangeȱandȱLED2ȱturnȱgreen,ȱindicatingȱthatȱtheȱSensorȱisȱpoweredȱonȱ correctlyȱandȱwaitingȱtoȱbeȱconnectedȱtoȱtheȱnetwork.ȱ AnȱSSȬ300ȬATȱSensorȱcanȱbeȱPoweredȱonȱbyȱ802.3afȱClassȱ0ȱPowerȱOverȱEthernetȱofȱNominalȱinputȱvoltageȱ48VȱDC.ȱ 5.2.4 ConnectȱtheȱSensorȱtoȱtheȱNetworkȱ EnsureȱthatȱtheȱServerȱisȱalreadyȱrunningȱonȱyourȱnetwork.ȱAddȱtheȱDNSȱentryȱ‘wifiȬsecurityȬserver’ȱonȱallȱDNSȱServers.ȱThisȱ entryȱshouldȱpointȱtoȱtheȱIPȱaddressȱofȱtheȱServer.ȱ ToȱconnectȱtheȱSensorȱtoȱtheȱnetwork,ȱperformȱtheȱfollowingȱsteps:ȱ 1. EnsureȱthatȱDHCPȱisȱrunningȱonȱtheȱsubnetȱtoȱwhichȱtheȱSensorȱwillȱbeȱconnected.ȱ 2. ConnectȱoneȱendȱofȱtheȱNetworkȱInterfaceȱcableȱtoȱtheȱEthernetȱportȱatȱtheȱrearȱofȱtheȱSensor.ȱ 3. ConnectȱtheȱotherȱendȱofȱtheȱNetworkȱInterfaceȱcableȱtoȱanȱEthernetȱjackȱthatȱisȱconnectedȱtoȱtheȱdesiredȱsubnet.ȱ Important:ȱIfȱDHCPȱisȱnotȱenabledȱonȱaȱsubnet,ȱSensorsȱcannotȱconnectȱtoȱthatȱsubnetȱwithȱzeroȱconfiguration.ȱReferȱtoȱManuallyȱ ConfiguringȱtheȱSensorȱforȱdetailsȱonȱmanualȱconfigurationȱofȱSensor.ȱ ȱ Figure 52. Connect the Sensor to the Network Waitȱforȱtwoȱminutes!ȱ CheckȱtheȱStatusȱLEDsȱonȱtheȱSensor.ȱIfȱallȱLEDsȱglowȱgreen,ȱthenȱtheȱSensorȱisȱoperationalȱandȱconnectedȱtoȱtheȱServer.ȱ LogȱonȱtoȱtheȱServerȱthroughȱSSH.ȱRunȱtheȱ‘getȱsensorȱlist’ȱcommand.ȱYouȱwillȱseeȱaȱlistȱofȱallȱSensorsȱthatȱareȱrecognizedȱbyȱ theȱServer.ȱ TheȱSensorȱisȱconfiguredȱandȱreadyȱtoȱgo.ȱCheckȱtheȱConsoleȱtoȱensureȱthatȱthisȱSensorȱhasȱbeenȱdetected.ȱ IfȱallȱtheȱSensorsȱhaveȱconnectedȱwithȱzeroȱconfiguration,ȱyouȱneedȱnotȱreadȱthisȱinstallationȱguideȱfurther.ȱ 30ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ InstallingȱtheȱSensorȱ Note:ȱIfȱLED1ȱturnsȱOrange,ȱitȱmeansȱthatȱtheȱzeroȱconfigurationȱwasȱnotȱsuccessfulȱandȱtheȱSensorȱmustȱbeȱconfiguredȱmanually.ȱReferȱ toȱManuallyȱConfiguringȱtheȱSensorȱforȱdetails 31 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® ManuallyȱConfiguringȱtheȱSensorȱ Chapterȱ6 ManuallyȱConfiguringȱtheȱSensorȱ Important:ȱIfȱtheȱinstallationȱinȱInstallingȱtheȱSensorȱwasȱsuccessful,ȱstop!ȱYouȱdoȱnotȱneedȱtoȱconfigureȱtheȱSensorȱmanually.ȱ 6.1 Introductionȱ ManualȱconfigurationȱofȱaȱSensorȱisȱtypicallyȱrequiredȱinȱtheȱfollowingȱcases:ȱ x SensorȱneedsȱtoȱbeȱconfiguredȱinȱNDȱorȱSNDCȱmode.ȱ x SensorȱOnlyȱ(SO)ȱdevicesȱcannotȱconnectȱtoȱtheȱServerȱthroughȱzeroȱconfiguration.ȱTheȱDNSȱentryȱforȱtheȱServerȱhasȱ beenȱchangedȱtoȱanȱentryȱotherȱthanȱȈwifiȬsecurityȬserverȈȱorȱthereȱisȱnoȱDNSȱServerȱpresentȱinȱtheȱnetwork.ȱThisȱisȱ applicableȱforȱmultiȬserverȱinstallations.ȱ x SensorȱisȱplacedȱonȱaȱsubnetȱthatȱisȱnotȱDHCPȱenabled.ȱ 6.2 ConfiguringȱSensorȱthroughȱConfigȱShellȱ ToȱuseȱtheȱConfigȱShell,ȱconnectȱaȱSerialȱ(RSȬ232)ȱcableȱbetweenȱyourȱcomputerȱandȱtheȱSensor.ȱTheȱConfigȱShellȱsupportsȱaȱ preȬdefinedȱsetȱofȱcommandsȱusedȱtoȱconfigureȱtheȱSensor.ȱ ȱ Figure 53. Connecting the Sensor to your computer using a Serial Cable TheȱstepsȱtoȱconfigureȱtheȱSensorȱmanuallyȱareȱasȱfollows:ȱ 1. InvokeȱHyperȱTerminalȱ(orȱminicom)ȱ 2. Logȱinȱandȱchangeȱtheȱdefaultȱpasswordȱ 3. SetȱServerȱDiscoveryȱ 4. SetȱSensorȱModeȱ 5. SetȱNetworkȱSettingsȱforȱthatȱSensorȱModeȱ Theȱaboveȱstepsȱareȱexplainedȱinȱdetailȱbelow.ȱ 6.2.1 InvokeȱHyperTerminalȱ(orȱminicom)ȱ ToȱconfigureȱtheȱSensor,ȱfollowȱtheȱstepsȱdescribedȱbelowȱtoȱinvokeȱtheȱConfigȱShell.ȱ 6.2.1.1 LaunchingȱHyperTerminalȱ ToȱstartȱHyperTerminal,ȱclickȱStartÆProgramsÆAccessoriesÆCommunicationsÆHyperTerminalȱasȱshownȱinȱtheȱfollowingȱ figure.ȱ 30ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ ManuallyȱConfiguringȱtheȱSensorȱ ȱ Figure 54. Opening HyperTerminal Note:ȱIfȱyouȱareȱusingȱaȱLinuxȱlaptop,ȱyouȱcanȱuseȱminicomȱtoȱconnectȱtoȱtheȱConfigȱShell.ȱ 6.2.1.2 DefiningȱaȱNewȱHyperTerminalȱConnectionȱ ȱ ȱ Figure 55. Define a New HyperTerminal Connection for Sensor 31 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® ManuallyȱConfiguringȱtheȱSensorȱ x x x 6.2.1.3 Selectȱanȱiconȱtoȱidentifyȱtheȱnewȱconnection.ȱ TypeȱtheȱrequiredȱnameȱforȱtheȱHyperTerminalȱconnectionȱinȱtheȱNameȱfieldȱ Clickȱ<OK>ȱonȱtheȱConnectionȱDescriptionȱdialog.ȱ SpecifyingȱHyperTerminalȱConnectionȱDetailsȱ ȱ ȱ Figure 56. x x Specify HyperTerminal Connection Details Selectȱorȱenterȱtheȱappropriateȱconnectionȱdetails.ȱ Clickȱ<OK>ȱonȱtheȱConnectȱToȱdialog.ȱ Note:ȱTheȱnameȱofȱtheȱserialȱportȱwillȱchangeȱasȱperȱtheȱsettingsȱofȱyourȱcomputer.ȱ 6.2.1.4 EditingȱSerialȱPortȱSettingsȱ ȱ ȱ Figure 57. Edit Serial Port Settings 32ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ ManuallyȱConfiguringȱtheȱSensorȱ x x x 6.2.2 Editȱtheȱserialȱportȱsettingsȱasȱfollowsȱorȱclickȱ<RestoreȱDefaults>ȱtoȱensureȱproperȱcommunicationȱbetweenȱtheȱ Sensorȱandȱyourȱcomputer.ȱ ¾ Bitsȱperȱsecond:ȱ9600ȱ ¾ Dataȱbits:ȱ8ȱ ¾ Parity:ȱNoneȱ ¾ Stopȱbits:ȱ1ȱ ¾ Flowȱcontrol:ȱNoneȱ Clickȱ<OK>ȱonȱtheȱCOMȱPropertiesȱdialog.ȱ Pressȱ<Enter>ȱorȱ<Space>ȱonȱtheȱHyperTerminalȱscreen.ȱ LogȱinȱandȱChangeȱtheȱDefaultȱPasswordȱ LogȱinȱtoȱtheȱConfigȱShellȱusingȱtheȱuserȱnameȱconfigȱandȱpasswordȱconfig.ȱChangeȱtheȱdefaultȱpasswordȱusingȱtheȱcommandȱ passwd.ȱYouȱcanȱchangeȱtheȱSensorȱpasswordȱusingȱSensorȱtemplates.ȱReferȱtoȱsectionȱ8.4.4:ȱSensorȱConfigurationȱinȱtheȱ SpectraguardȱEnterpriseȱUserȱGuideȱforȱmoreȱdetails.ȱ Recommended;ȱAirTightȱrecommendsȱthatȱyouȱchangeȱtheȱdefaultȱpasswordȱforȱsecurityȱreasons,ȱalthoughȱitȱisȱnotȱmandatory.ȱ 6.2.3 SetȱServerȱDiscoveryȱ TheȱnextȱstepȱisȱtoȱsetȱtheȱServerȱDiscoveryȱinformation.ȱThereȱareȱtwoȱtypesȱofȱServerȱDiscovery.ȱ x ServerȱIPȱbasedȱdiscoveryȱ(preferred)ȱ x ServerȱIDȱbasedȱdiscoveryȱ(deprecated)ȱ x ServiceȱLocationȱProtocolȱ(SLP)ȱbasedȱdiscoveryȱ(ifȱwifiȬsecurityȬserverȱserviceȱhasȱbeenȱconfigured)ȱ UseȱtheȱcommandȱsetȱserverȱdiscoveryȱtoȱpointȱtheȱSensorȱtoȱtheȱcorrectȱServer.ȱ ȱ Figure 58. set server discovery command Note:ȱIfȱIP/HostnameȱbasedȱdiscoveryȱisȱbeingȱusedȱandȱthereȱisȱmoreȱthanȱoneȱServerȱonȱtheȱnetwork,ȱthenȱyouȱmustȱenterȱtheȱIPȱaddressȱ ofȱtheȱappropriateȱServer.ȱ 6.2.4 SetȱSensorȱModeȱ TheȱnextȱstepȱisȱtoȱsetȱtheȱmodeȱofȱtheȱSensor.ȱThereȱareȱthreeȱpossibleȱmodes:ȱ x SOȱMode:ȱThisȱisȱtheȱdefaultȱmode.ȱInȱthisȱmode,ȱtheȱSensorȱshouldȱbeȱconnectedȱintoȱanȱaccessȱportȱonȱaȱswitch.ȱItȱ thenȱmonitorsȱaȱsingleȱVLANȱthatȱisȱconfiguredȱonȱthatȱaccessȱport.ȱTheȱwirelessȱinterfaceȱofȱtheȱSensorȱisȱenabled.ȱ x NDȱMode:ȱThisȱmodeȱneedsȱtoȱbeȱexplicitlyȱconfigured.ȱInȱthisȱmode,ȱtheȱNDȱshouldȱbeȱconnectedȱintoȱaȱtrunkȱportȱ (802.1Qȱcapable)ȱonȱaȱswitch.ȱItȱthenȱmonitorsȱmultipleȱVLANsȱthatȱareȱconfiguredȱonȱthatȱtrunkȱportȱandȱareȱchosenȱ byȱtheȱuserȱusingȱtheȱNDȱCLI.ȱTheȱwirelessȱinterfaceȱofȱtheȱNDȱisȱdisabled.ȱAȱSensorȱinȱNDȱmodeȱcanȱmonitorȱupȱtoȱ 32ȱVLANsȱandȱdetectȱupȱtoȱ32ȱVLANs.ȱ 33 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® ManuallyȱConfiguringȱtheȱSensorȱ x SNDCȱMode:ȱThisȱmodeȱneedsȱtoȱbeȱexplicitlyȱconfigured.ȱInȱthisȱmode,ȱtheȱSensorȱshouldȱbeȱconnectedȱintoȱaȱ trunkȱportȱ(802.1Qȱcapable)ȱonȱaȱswitch.ȱItȱthenȱmonitorsȱmultipleȱVLANsȱthatȱareȱconfiguredȱonȱthatȱtrunkȱportȱandȱ areȱchosenȱbyȱtheȱuserȱusingȱtheȱNDȱCLI.ȱTheȱwirelessȱinterfaceȱofȱtheȱSensorȱisȱenabled.ȱAȱSensorȱinȱSNDCȱmodeȱ canȱmonitorȱupȱtoȱ4ȱVLANsȱandȱdetectȱupȱtoȱ4ȱVLANs.ȱ UseȱtheȱsetȱmodeȱcommandȱtoȱsetȱtheȱSensorȱmode.ȱ ȱ Figure 59. set sensor mode command 6.2.5 ConfigureȱNetworkȱSettingsȱ Onceȱtheȱmodeȱisȱset,ȱyouȱhaveȱtoȱenableȱtheȱNetworkȱSettings.ȱ x SensorȱOnlyȱMode:ȱForȱthisȱmode,ȱuseȱtheȱcommandȱsetȱipȱconfig.ȱThisȱcommandȱrunsȱthroughȱtheȱcurrentȱVLANȱ andȱtheȱIPȱconfigȱwizard.ȱ x NetworkȱDetector/Sensor/NDȱComboȱMode:ȱForȱthisȱmode,ȱuseȱtheȱcommandȱsetȱvlanȱconfig.ȱThisȱcommandȱ configuresȱtheȱIPȱaddressesȱonȱtheȱND.ȱ ReferȱtoȱChapterȱ3:ȱGuidelinesȱforȱConfiguringȱandȱInstallingȱNDȱandȱSNDCȱinȱtheȱdocumentȱ‘NetworkȱDetectorȱ ConfigurationȱforȱSpectraGuardȱEnterprise_5.7’ȱforȱfurtherȱdetails. 34ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ SettingȱupȱtheȱServerȱConsoleȱ Chapterȱ7 SettingȱupȱtheȱServerȱConsoleȱ TheȱConfigurationȱWizardȱguidesȱyouȱthroughȱtheȱstepsȱrequiredȱtoȱsetȱupȱtheȱsystem.ȱTheȱsystemȱisȱmanagedȱthroughȱaȱJavaȱ appletȱthatȱisȱlaunchedȱinȱtheȱInternetȱExplorerȱ5.5+ȱWebȱbrowser.ȱThisȱHTMLȱinterfaceȱisȱknownȱasȱtheȱ‘ConsoleȱorȱGraphicalȱ UserȱInterfaceȱ(GUI)’.ȱThisȱchapterȱdescribesȱhowȱtheȱConsoleȱisȱlaunchedȱandȱsetup.ȱ 7.1 1. LoggingȱintoȱtheȱConsoleȱ OnȱtheȱLoginȱscreen,ȱtypeȱtheȱLoginȱID:ȱadminȱandȱtheȱPassword:ȱadminȱandȱclickȱ<Login>ȱorȱpressȱ<Enter>.ȱ ȱ ȱ Figure 60. 2. Console Login Screen TheȱEndȱUserȱLicenseȱAgreementȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱReadȱtheȱagreementȱcarefullyȱandȱ selectȱ‘IȱhaveȱreadȱandȱagreeȱtoȱtheȱLicensingȱAgreementȱabove’.ȱClickȱ<Next>.ȱ ȱ Figure 61. 7.1.1 3. End User License Agreement Screen Stepȱ1:ȱStartingȱtheȱSetupȱWizardȱ TheȱWelcomeȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱThisȱwizardȱtakesȱyouȱthroughȱtheȱstepsȱtoȱhelpȱyouȱ initializeȱtheȱsystem.ȱClickȱ<Next>ȱonȱeachȱscreenȱtoȱproceedȱtoȱtheȱnextȱstep.ȱToȱgoȱbackȱtoȱaȱpreviousȱstep,ȱclickȱ <Previous>.ȱToȱexitȱtheȱsetupȱwizardȱatȱanyȱpoint,ȱclickȱ<Exit>.ȱYouȱcanȱtakeȱaȱtourȱofȱthisȱwizardȱlaterȱthroughȱtheȱ ConsoleȱfromȱAdministrationÆGlobalȱTabÆSystemȱSettingsÆWizardsȱandȱconfigureȱtheȱappropriateȱsettings.ȱClickȱ <Start>.ȱ 35 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 62. 7.1.2 4. System Setup Wizard Welcome Screen Stepȱ2:ȱChangingȱyourȱAccountȱPasswordȱ TheȱChangeȱPasswordȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱChangeȱyourȱaccountȱloginȱpassword.ȱSpecifyȱanȱ emailȱaddressȱforȱtheȱuserȱadminȱtoȱbeȱusedȱlaterȱtoȱtestȱSMTPȱServerȱsettingsȱandȱotherȱemailȱnotifications.ȱ 36ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 63. Change Password UnderȱPasswordȱDetails,ȱyouȱcanȱspecifyȱtheȱfollowing:ȱ x EmailȱAddressȱ x OldȱPasswordȱ x NewȱPasswordȱ x ConfirmȱPasswordȱ UnderȱUserȱPreferences,ȱyouȱcanȱchangeȱyourȱsessionȱtimeoutȱinterval,ȱlanguageȱsettings,ȱorȱtimeȱzone.ȱ x SessionȱTimeout:ȱEnablesȱyouȱtoȱspecifyȱtheȱtimeȱafterȱwhichȱtheȱuserȱisȱloggedȱoutȱautomaticallyȱifȱtheȱsystemȱdoesȱ notȱdetectȱanyȱactivityȱ ¾ SessionȱNeverȱExpires:ȱSelectȱthisȱcheckboxȱifȱyouȱdoȱnotȱwantȱtheȱsessionȱtoȱexpireȱ ¾ SessionȱTimeout:ȱEnablesȱyouȱtoȱspecifyȱtheȱnumberȱofȱminutesȱafterȱwhichȱtheȱsystemȱautomaticallyȱlogsȱoutȱ theȱcurrentlyȱloggedȱinȱuserȱwhenȱthereȱisȱnoȱactivityȱonȱtheȱConsoleȱforȱtheȱSessionȱTimeoutȱperiodȱ (Minimum:ȱ10ȱminutes;ȱMaximum:ȱ120ȱminutes)ȱ x x Languageȱpreference:ȱSelectȱEnglishȱorȱMultilingualȱsupportȱfromȱtheȱdropȬdownȱlistȱ TimeȱZone:ȱSelectȱtheȱappropriateȱtimeȱzoneȱforȱtheȱuserȱ Toȱsaveȱtheȱnewȱpasswordȱandȱuserȱpreferences,ȱclickȱ<Apply>.ȱ 7.1.3 5. Stepȱ3:ȱPreparingȱyourȱSystemȱforȱConfigurationȱ TheȱEventȱActivationȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱToȱavoidȱtransientȱeventsȱduringȱtheȱsetupȱprocess,ȱ deȬactivateȱthisȱfeatureȱforȱallȱlocationsȱwhereȱchangesȱareȱtoȱbeȱmade.ȱTheȱsystemȱpromptsȱyouȱtoȱturnȱthisȱfeatureȱbackȱ onȱatȱtheȱendȱofȱtheȱSetupȱWizard.ȱIfȱyouȱexitȱtheȱSetupȱWizardȱprematurely,ȱyouȱmustȱmanuallyȱreȬactivateȱthisȱfeature.ȱ 37 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 64. 6. Event De-activation TheȱIntrusionȱPreventionȱActivationȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱToȱavoidȱunwantedȱintrusionȱ preventionȱactivityȱduringȱtheȱsetupȱprocess,ȱdeȬactivateȱthisȱfeatureȱforȱallȱlocationsȱwhereȱchangesȱareȱtoȱbeȱmade.ȱTheȱ systemȱpromptsȱyouȱtoȱturnȱthisȱfeatureȱbackȱonȱatȱtheȱendȱofȱtheȱSetupȱWizard.ȱIfȱyouȱexitȱtheȱSetupȱWizardȱprematurely,ȱ youȱmustȱmanuallyȱreȬactivateȱthisȱfeature.ȱAuthorizedȱAPsȱshouldȱbeȱinȱtheȱAuthorizedȱfolderȱbeforeȱactivatingȱintrusionȱ prevention.ȱTheirȱnetworkȱconnectivityȱiconȱmayȱshowȱtheȱstatusȱasȱWired,ȱUnwired,ȱorȱIndeterminate.ȱ 38ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 65. 7. Intrusion Prevention De-activation TheȱDeviceȱListȱLockingȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱIfȱyouȱhadȱpreviouslyȱlockedȱtheȱlistȱofȱ AuthorizedȱAPsȱandȱClientsȱatȱaȱlocationȱbyȱcheckingȱtheȱtwoȱcheckboxesȱLockȱAPȱListȱforȱlocationȱ‘<selectedȱlocation’>ȱ andȱLockȱClientȱListȱforȱlocationȱ‘<selectedȱlocation’>,ȱyouȱmustȱunlockȱtheȱlistsȱforȱallȱtheȱlocationsȱwhereȱyouȱexpectȱtoȱ addȱAuthorizedȱAPsȱorȱClientsȱduringȱtheȱsetupȱwizard.ȱIfȱyouȱlockȱaȱparticularȱdeviceȱlist,ȱnoȱmoreȱdevicesȱofȱthatȱtypeȱ canȱbeȱsubsequentlyȱautomaticallyȱAuthorizedȱforȱthatȱlocation.ȱAsȱAPsȱareȱnotȱautomaticallyȱmovedȱtoȱtheȱAuthorizedȱ folder,ȱlockingȱtheȱAuthorizedȱAPȱlistȱmeansȱthatȱnoȱwiredȱAPsȱwillȱbeȱtaggedȱasȱPotentiallyȱAuthorizedȱatȱthisȱlocation;ȱ theyȱwillȱbecomeȱPotentiallyȱRogueȱandȱmayȱbeȱautomaticallyȱmovedȱtoȱtheȱRogueȱfolderȱbasedȱonȱtheȱAPȱAutoȬ Classificationȱpolicy.ȱ 39 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 66. 7.1.4 8. Device List Unlocking Stepȱ4:ȱConfiguringȱNotificationȱSettingsȱ TheȱSMTPȱConfigurationȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱYouȱmustȱsetȱSimpleȱMailȱTransferȱProtocolȱ (SMTP)ȱServerȱsettingsȱtoȱsendȱnotificationȱofȱeventsȱviaȱemail.ȱAirTightȱrecommendsȱthatȱyouȱtestȱtheȱSMTPȱsettingsȱ beforeȱapplyingȱtheȱchanges.ȱYouȱmustȱhaveȱadministratorȱprivilegesȱtoȱsetȱtheseȱvalues.ȱ 40ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 67. SMTP Configuration Note:ȱIfȱyouȱwantȱtheȱsystemȱtoȱnotifyȱyouȱbyȱanȱeventsȱemail,ȱyouȱneedȱtoȱspecifyȱSMTPȱServerȱdetails.ȱTheȱsystemȱdoesȱnotȱemailȱeventsȱ byȱdefault.ȱIfȱyouȱdoȱnotȱwantȱtoȱreceiveȱemailȱforȱtheȱevents,ȱselectȱ<RestoreȱDefaults>ȱandȱ<Apply>.ȱ SMTPȱConfigurationȱcontainsȱtheȱfollowingȱoptions:ȱ x SMTPȱServerȱ(IPȱaddress/Hostname:ȱPort):ȱSpecifiesȱtheȱIPȱaddressȱorȱtheȱhostnameȱandȱtheȱportȱnumberȱofȱtheȱ SMTPȱServerȱtoȱbeȱusedȱbyȱtheȱsystemȱforȱsendingȱemailȱalerts.ȱ (Default:ȱ127.0.0.1:25)ȱ TheȱfollowingȱareȱtheȱauthenticationȱprotocolsȱforȱSMTPȱServer:ȱ ¾ PLAINȱ(Forȱsendmailȱ8.10ȱandȱabove)ȱ ¾ LOGINȱ(Forȱsendmailȱ8.10ȱandȱabove)ȱ ¾ NTLMȱ(Windowsȱproprietaryȱauthenticationȱmethod)ȱ x x EmailȱAddressȱinȱFromȱfield:ȱSpecifiesȱtheȱsourceȱaddressȱfromȱwhichȱemailȱalertsȱareȱsent.ȱ AuthenticationȱRequired:ȱIfȱenabled,ȱspecifiesȱwhetherȱtheȱSMTPȱServerȱrequiresȱauthentication.ȱ ¾ Username:ȱSpecifiesȱtheȱuserȱnameȱforȱSMTPȱServerȱauthentication.ȱ ¾ Password:ȱSpecifiesȱtheȱpasswordȱforȱSMTPȱServerȱauthentication.ȱ Toȱsendȱaȱtestȱemail,ȱclickȱ<TestȱSMTPȱSettings>.ȱThisȱtestȱemailȱwillȱbeȱsentȱtoȱtheȱemailȱaddressȱofȱtheȱloggedȱinȱuser,ȱinȱthisȱ caseȱuserȱadmin.ȱ 9. TheȱSyslogȱConfigurationȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱSyslogȱConfigurationȱallowsȱtheȱsystemȱtoȱ sendȱeventsȱtoȱdesignatedȱSyslogȱreceivers.ȱ 41 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 68. Syslog Configuration x SyslogȱIntegrationȱStatus:ȱIfȱSyslogȱintegrationȱisȱenabled,ȱtheȱsystemȱsendsȱmessagesȱtoȱtheȱconfiguredȱSyslogȱ Servers.ȱElse,ȱSyslogȱintegrationȱservicesȱareȱshutȱoff.ȱ ¾ IfȱyouȱselectȱSyslogȱIntegrationȱEnabled,ȱyouȱcanȱmanageȱSyslogȱServers.ȱTheȱsystemȱenablesȱSyslogȱbyȱdefault.ȱ ¾ CurrentȱStatus:ȱDisplaysȱtheȱCurrentȱStatusȱofȱtheȱSyslogȱServer:ȱRunningȱorȱStopped.ȱAnȱErrorȱstatusȱisȱshownȱ inȱoneȱofȱtheȱfollowingȱcases:ȱ OneȱofȱtheȱconfiguredȱandȱenabledȱSyslogȱServersȱhasȱaȱhostname,ȱwhichȱcannotȱbeȱresolvedȱ SystemȱServerȱisȱstoppedȱ Internalȱerror,ȱinȱwhichȱcaseȱyouȱneedȱtoȱcontactȱTechnicalȱSupportȱ x UnderȱManageȱSyslogȱSevers,ȱclickȱ<Add>ȱtoȱopenȱSyslogȱConfigurationȱdialogȱwhereȱyouȱcanȱaddȱSyslogȱServerȱ details.ȱ 42ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 69. Syslog Configuration Dialog SyslogȱConfigurationȱcontainsȱtheȱfollowingȱfields:ȱ x SyslogȱServerȱ(IPȱAddress/Hostname):ȱSpecifiesȱtheȱIPȱaddressȱorȱtheȱhostnameȱofȱtheȱSyslogȱServerȱtoȱwhichȱeventsȱ shouldȱbeȱsent.ȱ Note:ȱConfiguredȱSyslogȱServersȱwillȱuseȱtheȱDNSȱnamesȱandȱDNSȱsuffixesȱconfiguredȱbyȱtheȱuserȱinȱtheȱServerȱInitializationȱandȱSetupȱ WizardȱonȱtheȱServerȱConfigȱShell.ȱ x PortȱNumber:ȱSpecifiesȱtheȱportȱnumberȱofȱtheȱSyslogȱServerȱtoȱwhichȱtheȱsystemȱsendsȱevents.ȱ (Default:ȱ514)ȱ x MessageȱFormat:ȱSpecifiesȱtheȱformatȱinȱwhichȱtheȱeventȱisȱsent:ȱIntrusionȱDetectionȱMessageȱExchangeȱFormatȱ (IDMEF)ȱorȱPlainȱtext.ȱ (Default:ȱPlainȱtext)ȱ Note:ȱIfȱyouȱupgradeȱaȱServer,ȱpreȬ5.6ȱtoȱ5.6,ȱallȱpreviouslyȱconfiguredȱSyslogȱServersȱwouldȱsendȱeventsȱinȱPlainȱtextȱMessageȱFormatȱbyȱ default.ȱYouȱcanȱselectȱtheȱIDMEFȱformatȱbyȱeditingȱtheȱSyslogȱServerȱsettings.ȱ x Enabled?:ȱSpecifiesȱifȱtheȱeventsȱareȱtoȱbeȱsentȱtoȱthisȱSyslogȱServer.ȱ (Default:ȱEnabled)ȱ Clickȱ<Add>ȱtoȱaddȱtheȱdetailsȱforȱaȱnewȱSyslogȱServer.ȱClickȱ<Cancel>ȱtoȱcloseȱtheȱwindowȱandȱdiscardȱallȱchangesȱthatȱwereȱ made.ȱ DoubleȬclickȱaȱrowȱorȱclickȱ<Edit>ȱtoȱopenȱSyslogȱConfigurationȱdialogȱsimilarȱtoȱtheȱoneȱshownȱabove.ȱClickȱ<Save>ȱtoȱsaveȱ allȱsettings.ȱClickȱ<Cancel>ȱtoȱcloseȱtheȱwindowȱandȱdiscardȱallȱchangesȱthatȱwereȱmade.ȱ Clickȱ<Delete>ȱtoȱdiscardȱtheȱdetailsȱofȱanȱexistingȱSyslogȱServer.ȱ 10. TheȱSNMPȱConfigurationȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱSNMPȱConfigurationȱallowsȱtheȱsystemȱtoȱ sendȱeventsȱasȱSNMPȱtrapsȱtoȱdesignatedȱSNMPȱtrapȱreceivers.ȱItȱalsoȱallowsȱSNMPȱmanagersȱtoȱqueryȱServerȱoperatingȱ parametersȱusingȱIFȬMIB,ȱMIBȬII,ȱandȱHostȱResourcesȱMIB.ȱ 43 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 70. SNMP Configuration x SNMPȱIntegrationȱStatus:ȱIfȱSNMPȱintegrationȱisȱenabled,ȱtheȱsystemȱsendsȱSNMPȱtrapsȱtoȱtheȱconfiguredȱSNMPȱ Servers.ȱOtherȱsystemsȱcanȱdoȱanȱSNMPȱGetȱtoȱthisȱServer.ȱElse,ȱSNMPȱintegrationȱservicesȱareȱshutȱoff.ȱ ¾ IfȱyouȱselectȱSNMPȱIntegrationȱEnabled,ȱyouȱcanȱeditȱandȱmanageȱSNMPȱServerȱdetails.ȱTheȱsystemȱenablesȱ SNMPȱbyȱdefault.ȱ ¾ CurrentȱStatus:ȱDisplaysȱtheȱCurrentȱStatusȱofȱtheȱSNMPȱServer:ȱRunning,ȱError,ȱorȱStopped.ȱ x UnderȱSNMPȱSettings,ȱconfigureȱSNMPȱGetsȱorȱTraps.ȱ ¾ SNMPȱGetsȱEnabled:ȱAllowsȱSNMPȱmanagersȱtoȱqueryȱServerȬoperatingȱparametersȱusingȱIFȬMIB,ȱMIBȬII,ȱandȱ HostȱResourcesȱMIB.ȱ ¾ SNMPȱTrapsȱEnabled:ȱAllowsȱSNMPȱtrapsȱtoȱbeȱsentȱtoȱconfiguredȱSNMPȱServers.ȱ Additionally,ȱselectȱtheȱSNMPȱversionsȱtoȱbeȱenabledȱandȱconfigureȱtheȱrelevantȱsettings.ȱ ¾ SNMPȱv1,ȱv2:ȱIfȱselected,ȱspecifyȱtheȱCommunityȱStringȱforȱtheȱSNMPȱagent.ȱ (Default:ȱpublic)ȱ ¾ SNMPȱv3:ȱIfȱselected,ȱspecifyȱtheȱEngineȱID,ȱUsername,ȱandȱPassword.ȱ (DefaultȱUsername:ȱadmin;ȱDefaultȱPassword:ȱpassword)ȱ x UnderȱSNMPȱMIBs,ȱselectȱtheȱfollowingȱSNMPȱMIBsȱtoȱbeȱenabledȱandȱconfigureȱtheȱrelevantȱsettings.ȱ ¾ IFȱMIBȱ ¾ HostȱResourcesȱMIBȱ ¾ AirTightȬMIB:ȱEnablesȱtheȱexternalȱSNMPȱagentȱtoȱreceiveȱtrapsȱ ¾ MIBȬII:ȱIfȱselected,ȱconfigureȱtheȱSystemȱContact,ȱSystemȱName,ȱandȱSystemȱLocation.ȱ (DefaultȱSystemȱName:ȱWifiȱSecurityȱSever)ȱ Note:ȱTheȱInternetȱAssignedȱNumbersȱAuthorityȱ(IANA)ȱassignedȱPrivateȱEnterpriseȱNumberȱforȱAirTight®ȱNetworks,ȱInc.ȱisȱ16901.ȱ x UnderȱSNMPȱTrapȱDestinationȱServers,ȱclickȱ<Add>toȱopenȱSNMPȱConfigurationȱdialogȱwhereȱyouȱcanȱaddȱSNMPȱ Serverȱdetails.ȱ 44ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 71. SNMP Configuration Dialog SNMPȱDestinationȱServerȱDetailsȱcontainsȱtheȱfollowingȱfields:ȱ x DestinationȱServerȱ(IPȱAddress/Hostname)*:ȱSpecifiesȱtheȱIPȱaddressȱorȱtheȱhostnameȱofȱtheȱSNMPȱServerȱtoȱwhichȱ eventsȱshouldȱbeȱsent.ȱ Note:ȱConfiguredȱSNMPȱServersȱwillȱuseȱtheȱDNSȱnamesȱandȱDNSȱsuffixesȱconfiguredȱbyȱtheȱuserȱinȱtheȱServerȱInitializationȱandȱSetupȱ WizardȱonȱtheȱServerȱConfigȱShell.ȱ x SNMPȱProtocolȱVersion:ȱSpecifiesȱtheȱSNMPȱprotocolȱversionȱforȱtheȱSNMPȱagent.ȱ (Default:ȱSNMPȱv1,ȱv2)ȱ x PortȱNumber:ȱSpecifiesȱtheȱportȱnumberȱonȱtheȱreceivingȱsystemȱtoȱwhichȱtheȱSNMPȱtrapȱisȱsent.ȱ (Default:ȱ162)ȱ x Enabled?:ȱSpecifiesȱifȱtheȱSNMPȱServerȱisȱenabledȱtoȱreceiveȱSNMPȱtraps.ȱ (Default:ȱEnabled)ȱ Note:ȱYouȱmustȱspecifyȱaȱdifferentȱportȱnumberȱifȱanotherȱapplicationȱusesȱtheȱdefaultȱport.ȱ Clickȱ<Add>ȱtoȱaddȱtheȱdetailsȱforȱaȱnewȱSNMPȱServer.ȱ DoubleȬclickȱaȱrowȱorȱselectȱaȱrowȱandȱclickȱ<Edit>ȱtoȱopenȱSNMPȱConfigurationȱdialogȱsimilarȱtoȱtheȱoneȱshownȱabove..ȱ Clickȱ<Save>ȱtoȱsaveȱallȱsettings.ȱ Selectȱaȱrowȱandȱclickȱ<Delete>ȱtoȱdiscardȱtheȱdetailsȱofȱanȱexistingȱSNMPȱServer.ȱ 7.1.5 Stepȱ5:ȱSettingȱupȱLocationsȱandȱSensorsȱ 11. TheȱLocationsȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱCreateȱaȱhierarchyȱofȱallȱtheȱlocationsȱthatȱtheȱsystemȱwillȱ monitorȱandȱsecureȱbyȱaddingȱlocationȱfoldersȱandȱnodes.ȱ 45 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 72. Locations Screen TheȱLocationsȱscreenȱoperatesȱinȱtwoȱmodes:ȱDesignerȱmodeȱandȱViewerȱmode.ȱTheȱDesignerȱmodeȱisȱactiveȱbyȱdefault.ȱ Aȱlocationȱhierarchyȱofȱyourȱsetupȱmayȱcompriseȱlocationȱfoldersȱandȱlocationȱnodes.ȱ x Locationȱfoldersȱrepresentȱorganizationalȱcomponentsȱsuchȱasȱbuildings,ȱcities,ȱorȱcountries.ȱ ¾ Root:ȱThisȱisȱtheȱrootȱlocation.ȱTheȱfactoryȱdefaultȱnameȱforȱthisȱlocationȱisȱLocations.ȱYouȱcanȱrenameȱthisȱ location.ȱHowever,ȱyouȱcannotȱdeleteȱorȱmoveȱthisȱlocation.ȱ ¾ Unknown:ȱThisȱisȱtheȱdefaultȱlocationȱfolderȱofȱtheȱrootȱlocation.ȱYouȱcannotȱcreate,ȱdelete,ȱrename,ȱmove,ȱorȱaddȱ aȱlocationȱtoȱtheȱUnknownȱfolder.ȱWhenȱtheȱsystemȱdetectsȱaȱnewȱuntaggedȱSensor,ȱitȱtagsȱthisȱSensorȱtoȱtheȱ Unknownȱlocationȱfolder.ȱInȱotherȱwords,ȱwhenȱtheȱlocationȱtagȱofȱaȱlocationȬawareȱentityȱisȱnotȱknownȱorȱ cannotȱbeȱdetermined,ȱitȱisȱtaggedȱtoȱtheȱUnknownȱfolder.ȱ x 7.1.5.1 Locationȱnodesȱrepresentȱcomponentȱdetailsȱsuchȱasȱaȱfloorȱinȱaȱbuilding.ȱForȱexample,ȱHawaiiȱConferenceȱRoom,ȱ Bldgȱ15–CubicleȱG2,ȱorȱExecutiveȱArea.ȱ AddingȱaȱNewȱLocationȱ Useȱtheȱfollowingȱstepsȱtoȱaddȱaȱlocation:ȱ a. InȱtheȱLocationȱtree,ȱselectȱtheȱlocationȱunderȱwhichȱyouȱwishȱtoȱaddȱaȱnewȱlocation.ȱ b. Doȱoneȱofȱtheȱfollowing:ȱ x RightȬclickȱandȱfromȱtheȱresultingȱcontextȬsensitiveȱmenu,ȱselectȱAddȱNewȱLocation.ȱ x ClickȱtheȱAddȱNewȱLocationȱiconȱ( )ȱbelowȱtheȱDesignerȱmodeȱtab.ȱ 46ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 73. Adding a New Location ȱ Figure 74. c. d. Specifying Location Properties InȱtheȱAddȱNewȱLocationȱdialog,ȱselectȱtheȱtypeȱofȱlocation,ȱthatȱis,ȱLocationȱFolderȱorȱLocationȱNode.ȱ Enterȱaȱnameȱforȱtheȱnewȱlocationȱandȱoptionallyȱenterȱtheȱfollowingȱdetails.ȱ x SelectȱImageȱFile:ȱClickȱ<Browse>ȱtoȱnavigateȱtoȱtheȱpathȱofȱtheȱimageȱthatȱyouȱwishȱtoȱattachȱtoȱtheȱlocationȱfolderȱ orȱnode.ȱ x Unit:ȱSpecifyȱtheȱunitȱofȱmeasurementȱ(feetȱorȱmeters)ȱforȱtheȱlocationȱnode.ȱ x Length:ȱSpecifyȱtheȱlengthȱofȱtheȱlocationȱnode.ȱ x Width:ȱSpecifyȱtheȱwidthȱofȱtheȱlocationȱnode.ȱ x SelectȱSPM:ȱClickȱ<Browse>ȱtoȱnavigateȱtoȱtheȱpathȱofȱtheȱ.SPMȱfileȱthatȱyouȱwishȱtoȱimportȱfromȱSpectraGuardȱ Plannerȱ(Planner)ȱintoȱtheȱnewȱlocationȱnode.ȱ Note:ȱUnit,ȱLength,ȱWidth,ȱandȱSelectȱSPMȱoptionsȱareȱavailableȱonlyȱforȱaȱlocationȱnode.ȱTheyȱareȱgrayedȱoutȱforȱaȱlocationȱfolder.ȱ e. Clickȱ<OK>ȱtoȱcreateȱaȱnewȱlocation.ȱAlternatively,ȱclickȱ<Cancel>ȱtoȱavoidȱcreatingȱaȱnewȱlocation.ȱ 12. TheȱSensorȱConfigurationȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱThisȱenablesȱyouȱtoȱcreateȱdifferentȱSensorȱ configurationȱtemplates.ȱThisȱallowsȱtheȱuserȱtoȱapplyȱdifferentȱsettingsȱtoȱdifferentȱSensorsȱbyȱapplyingȱdifferentȱ templates.ȱEachȱconfigurationȱtemplateȱallowsȱsettingsȱforȱoperatingȱregion,ȱchannelsȱtoȱmonitor,ȱchannelsȱtoȱdefend,ȱ antennaȱconfiguration,ȱSensorȱpassword,ȱandȱofflineȱSensorȱoperation.ȱ Atȱanyȱlocation,ȱyouȱcanȱchooseȱaȱtemplateȱasȱaȱdefaultȱtemplate.ȱThisȱtemplateȱwillȱbeȱappliedȱtoȱanyȱnewȱSensorȱtaggedȱtoȱ thatȱlocation.ȱ 47 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 75. Sensor Configuration Note:ȱSensorsȱpriorȱtoȱVersionȱ5.2ȱdoȱnotȱsupportȱadditionalȱchannelsȱ(802.11jȱ&ȱTurboȱchannels),ȱAntennaȱPortȱAssignment,ȱandȱSensorȱ PasswordȱConfigurationȱfeatures.ȱIfȱyouȱapplyȱtemplatesȱcontainingȱtheseȱsettingsȱtoȱolderȱSensors,ȱolderȱSensorsȱwillȱignoreȱtheȱadditionalȱ settings.ȱ Clickȱ<AddȱNewȱSensorȱTemplate>ȱtoȱopenȱtheȱSensorȱConfigurationȱTemplateȱdialog.ȱ 48ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 76. Channel Settings Tab UnderȱCreateȱConfigurationȱTemplate,ȱspecifyȱtheȱfollowing:ȱ x Name:ȱUniqueȱnameȱofȱtheȱSensorȱConfigurationȱtemplateȱ(lessȱthanȱ40ȱcharacters)ȱ x Description:ȱBriefȱdescriptionȱofȱtheȱSensorȱConfigurationȱtemplateȱ(lessȱthanȱ500ȱcharacters)ȱ Note:ȱTheȱsystemȱstoresȱtheȱdefaultȱSensorȱconfigurationȱinȱaȱpredefinedȱtemplateȱSystemȱTemplate.ȱYouȱcannotȱdeleteȱtheȱSystemȱ Templateȱnorȱeditȱitsȱname;ȱitȱisȱunique.ȱWhenȱaȱSensorȱisȱaddedȱorȱdiscovered,ȱitȱisȱautomaticallyȱassignedȱtheȱconfigurationȱsettingsȱinȱ thisȱtemplate.ȱYouȱareȱallowedȱtoȱeditȱtheȱconfigurationȱsettingsȱinȱtheȱSystemȱTemplateȱtoȱeffectȱdefaultȱconfigurationȱofȱtheirȱchoice.ȱ WheneverȱyouȱdeleteȱaȱuserȬdefinedȱSensorȱconfigurationȱtemplate,ȱallȱtheȱSensorsȱassociatedȱwithȱthatȱtemplateȱareȱassignedȱ theȱSystemȱTemplate.ȱYouȱcanȱoverrideȱtheȱtemplateȱappliedȱtoȱaȱSensorȱmanuallyȱfromȱtheȱDevices ȱSensorsȱtab.ȱIfȱyouȱ modifyȱtheȱsettingsȱinȱaȱtemplate,ȱtheȱnewȱsettingsȱareȱappliedȱtoȱtheȱSensorsȱtoȱwhichȱthisȱtemplateȱisȱapplied.ȱ ChannelȱSettingsȱ ChannelȱSettingsȱdisplaysȱtheȱ802.11a/802.11b/gȱandȱTurboȱchannelsȱonȱwhichȱscanningȱandȱdefendingȱisȱenabled/disabled.ȱ SensorsȱscanȱWLANȱtrafficȱonȱchannelsȱspecifiedȱunderȱChannelsȱtoȱMonitorȱandȱdefendȱtheȱnetworkȱagainstȱvariousȱWLANȱ threatsȱonȱchannelsȱspecifiedȱunderȱChannelsȱtoȱDefend.ȱ x UnderȱChannelȱSettingsȱtab,ȱspecifyȱtheȱfollowing:ȱ ¾ SelectȱOperatingȱRegion:ȱSpecifiesȱtheȱregion:ȱcountry:ȱofȱoperation.ȱEachȱregionȱhasȱitsȱownȱlawsȱgoverningȱtheȱ useȱofȱtheȱunlicensedȱfrequencyȱspectrumȱforȱ802.11ȱcommunicationsȱandȱTurboȱmode.ȱTheȱsystemȱautomaticallyȱ selectsȱtheȱchannelsȱthatȱareȱallowedȱbyȱtheȱregulatoryȱdomainȱinȱselectedȱregion.ȱ (DefaultȱOperatingȱRegion:ȱUnitedȱStates)ȱ ¾ ClickȱtheȱlinkȱChannelȱFrequencyȱTableȱtoȱviewȱaȱlistȱofȱchannels,ȱprotocols,ȱfrequencies,ȱandȱcapabilities.ȱ 49 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 77. Channel Frequency Table ¾ ChannelsȱtoȱMonitor:ȱSpecifiesȱtheȱchannelsȱtoȱbeȱusedȱbyȱSensorsȱtoȱmonitorȱWLANȱtraffic.ȱ SelectȱtheȱcheckboxȱSelectȱAllȱStandardȱChannelsȱtoȱselectȱaȱsupersetȱofȱallȱtheȱchannels.ȱForȱ802.11a,ȱtheȱ standardȱsetsȱofȱchannelsȱareȱ184ȱ–ȱ216ȱandȱ34ȱȬȱ165.ȱByȱdefault,ȱthisȱcheckboxȱisȱselected.ȱ SelectȱtheȱcheckboxȱSelectȱAllȱAllowedȱChannelsȱtoȱselectȱallȱtheȱallowedȱchannelsȱinȱtheȱselectedȱoperatingȱ region.ȱByȱdefault,ȱthisȱcheckboxȱisȱselected.ȱ SelectȱtheȱcheckboxȱAdditionally,ȱselectȱintermediateȱchannelsȱforȱ802.11ȱaȱonlyȱtoȱselectȱtheȱchannelsȱ betweenȱtheȱallowedȱchannelsȱthatȱareȱnonȬallowedȱinȱtheȱselectedȱoperatingȱregion.ȱSelectingȱtheȱoptionȱ helpsȱtheȱsystemȱdetectȱdevicesȱoperatingȱonȱillegalȱchannels.ȱForȱ802.11a,ȱtheȱintermediateȱchannelsȱareȱ185,ȱ 186,ȱ187,ȱ35,ȱ37,ȱandȱsoȱon.ȱByȱdefault,ȱthisȱcheckboxȱisȱdeselected.ȱ ¾ TurboȱMode:ȱCertainȱAtherosȱChipsetȱbasedȱdevicesȱuseȱwiderȱfrequencyȱbandsȱonȱcertainȱchannelsȱinȱ802.11ȱ b/gȱandȱ802.11aȱbandȱofȱchannels.ȱTheȱsystemȱisȱcapableȱofȱmonitoringȱchannelsȱthatȱsupportȱTurboȱModeȱofȱ operationȱandȱdetectingȱanyȱunauthorizedȱcommunicationȱonȱtheseȱchannels.ȱYouȱcanȱselectȱspecificȱorȱallȱ channelsȱtoȱmonitorȱwirelessȱactivityȱonȱTurboȱchannels.ȱThereȱareȱtenȱTurboȱchannelsȱinȱaȬmode.ȱTheseȱchannelsȱ areȱ40,ȱ42,ȱ48,ȱ50,ȱ56,ȱ58,ȱ152,ȱ153,ȱ160,ȱandȱ161.ȱThereȱisȱonlyȱoneȱTurboȱchannelȱinȱb/gȬmodeȱi.e.ȱ6.ȱ ¾ ChannelsȱtoȱDefend:ȱSpecifiesȱtheȱchannelsȱtoȱbeȱusedȱbyȱSensorsȱtoȱdefendȱWLANȱtrafficȱtoȱprotectȱyourȱ networkȱagainstȱvariousȱWLANȱthreats.ȱ Note:ȱItȱisȱmandatoryȱthatȱchannelsȱselectedȱforȱdefendingȱbeȱselectedȱforȱscanning.ȱIfȱaȱchannelȱisȱselectedȱforȱdefendingȱandȱisȱnotȱalreadyȱ selectedȱforȱscanning,ȱtheȱsystemȱautomaticallyȱselectsȱthatȱchannelȱforȱscanningȱasȱwell.ȱIfȱyouȱdeselectȱaȱchannelȱfromȱChannelsȱtoȱ Monitor,ȱthenȱthisȱchannelȱisȱalsoȱdeselectedȱfromȱChannelsȱtoȱDefendȱsection.ȱ AntennaȱPortȱAssignmentȱ Antennaȱconnectivityȱsettingȱisȱanȱadvancedȱsettingȱandȱshouldȱbeȱusedȱwithȱutmostȱcare.ȱThisȱsettingȱallowsȱyouȱtoȱprovideȱ 50ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ SettingȱupȱtheȱServerȱConsoleȱ additionalȱinformationȱaboutȱtheȱtypeȱofȱantennasȱconnectedȱtoȱtheȱSensor.ȱYouȱneedȱtoȱchangeȱthisȱsettingȱonlyȱifȱyouȱuseȱ Sensorsȱthatȱallowȱyouȱtoȱconnectȱantennas.ȱ ApplyingȱaȱtemplateȱwithȱaȱparticularȱantennaȱsettingȱtoȱaȱSensorȱwithȱincompatibleȱantennaȱconnectionȱcanȱresultȱinȱaȱlossȱofȱ systemȱfunctionalityȱleadingȱtoȱhigherȱsecurityȱrisks.ȱYouȱshouldȱnotȱchangeȱtheȱAntennaȱConnectivityȱSettingsȱforȱaȱtemplateȱ thatȱisȱalreadyȱappliedȱtoȱaȱgroupȱofȱSensorsȱorȱisȱaȱDefaultȱSensorȱtemplate.ȱIfȱyouȱneedȱtoȱchangeȱtheseȱsettings,ȱyouȱshouldȱ saveȱtheȱchangesȱasȱaȱnewȱtemplateȱfirst,ȱthenȱchangeȱtheȱantennasȱsettingsȱasȱrequired,ȱsaveȱtheȱtemplateȱandȱapplyȱitȱtoȱaȱ groupȱofȱSensorsȱwhichȱhaveȱtheȱsameȱantennaȱsettingsȱasȱspecifiedȱinȱtheȱtemplate.ȱ ȱ Figure 78. x Antenna Port Assignment Tab UnderȱAntennaȱPortȱAssignmentȱtabȱ ¾ SelectȱDiversityȱOnȱorȱDiversityȱOffȱ DiversityȱOn:ȱThisȱisȱtheȱdefaultȱsetting,ȱwhichȱmeansȱbothȱtheȱantennasȱareȱdualȱband.ȱSelectȱthisȱoptionȱifȱ youȱhaveȱaȱdualȱbandȱ(2.4ȱGHzȱandȱ5ȱGHz)ȱantennaȱconnectedȱtoȱbothȱtheȱportsȱonȱtheȱSensor.ȱAssigningȱ thisȱsettingȱtoȱaȱSensorȱwhichȱdoesȱnotȱhaveȱaȱdualȱbandȱantennaȱconnectedȱtoȱbothȱports,ȱcanȱresultȱinȱ unpredictableȱSensorȱbehaviorȱleadingȱtoȱlossȱofȱsystemȱfunctionality.ȱMakeȱsureȱthatȱtheȱtemplateȱwithȱ “DiversityȱOn”ȱsettingȱisȱindeedȱappliedȱtoȱSensor(s),ȱwhichȱhaveȱdualȱbandȱantennaȱconnectedȱtoȱthem.ȱ DiversityȱOff:ȱSelectȱthisȱoptionȱifȱandȱonlyȱifȱyourȱSensorsȱhaveȱaȱ5ȱGHzȱantennaȱconnectedȱtoȱPortȱ1ȱandȱaȱ 2.4ȱGHzȱantennaȱconnectedȱtoȱPortȱ2.ȱTheȱfigureȱinȱtheȱAntennaȱPortȱAssignmentȱtabȱshowsȱhowȱtoȱlocateȱ theȱportsȱtoȱensureȱthatȱtheȱsingleȱbandȱantennasȱareȱcorrectlyȱconnected.ȱAssigningȱthisȱsettingȱtoȱaȱSensorȱ thatȱdoesȱnotȱhaveȱsingleȱbandȱantennasȱconnectedȱasȱmentionedȱaboveȱcanȱresultȱinȱunpredictableȱSensorȱ behaviorȱleadingȱtoȱlossȱofȱsystemȱfunctionality.ȱMakeȱsureȱthatȱtheȱtemplateȱwithȱDiversityȱOffȱsettingȱisȱ indeedȱappliedȱtoȱSensor(s)ȱthatȱhaveȱtwoȱdifferentȱsingleȱbandȱantennasȱsupportingȱ2.4ȱGHzȱandȱ5ȱGHzȱ frequencyȱbandsȱandȱconnectedȱasȱmentionedȱabove.ȱ SensorȱPasswordȱConfigurationȱ SensorȱPasswordȱsettingȱallowsȱyouȱtoȱmanageȱtheȱpasswordȱforȱuserȱconfigȱonȱtheȱSensorȱCommandȱLineȱInterfaceȱ(CLI).ȱByȱ 51 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® SettingȱupȱtheȱServerȱConsoleȱ definingȱaȱpasswordȱinȱtheȱSensorȱtemplate,ȱyouȱcanȱmanageȱtheȱpasswordȱforȱaȱgroupȱofȱSensorsȱwithoutȱhavingȱtoȱchangeȱitȱ onȱeachȱSensorȱseparately.ȱTypeȱaȱnewȱpasswordȱorȱclickȱ<RestoreȱDefault>ȱtoȱchangeȱtheȱcurrentȱpasswordȱsettings.ȱIfȱyouȱ chooseȱ<RestoreȱDefault>,ȱthenȱtheȱpasswordȱsettingȱwillȱbeȱtheȱsameȱasȱthatȱinȱtheȱSystemȱTemplate.ȱ Note:ȱIfȱaȱSensorȱtemplateȱcontainsȱaȱblankȱpassword,ȱthenȱtheȱSensors,ȱtoȱwhichȱthisȱtemplateȱisȱassigned,ȱretainȱtheirȱexistingȱpassword.ȱ FactoryȱsettingȱofȱtheȱSystemȱTemplateȱcontainsȱaȱblankȱpassword.ȱ ȱ Figure 79. x Sensor Password Configuration Tab UnderȱSensorȱPasswordȱConfigurationȱtabȱspecifyȱtheȱfollowingȱ ¾ CurrentȱPasswordȱstate:ȱSpecifiesȱthatȱtheȱnewȱpasswordȱmustȱbeȱtheȱsameȱasȱtheȱoneȱspecifiedȱinȱtheȱSystemȱ Template.ȱ ¾ NewȱPassword:ȱEnterȱtheȱnewȱpasswordȱtoȱbeȱassignedȱasȱuserȱ‘config’ȱpasswordȱforȱallȱSensorsȱassociatedȱwithȱ theȱSensorȱtemplateȱbeingȱedited.ȱ ¾ ConfirmȱPassword:ȱReenterȱtheȱpasswordȱtoȱhelpȱconfirmȱtheȱnewȱpasswordȱbeforeȱsaving.ȱ OfflineȱSensorȱConfigurationȱ ThisȱfeatureȱprovidesȱsomeȱsecurityȱcoverageȱevenȱwhenȱthereȱisȱnoȱconnectivityȱbetweenȱaȱSensorȱandȱtheȱServer.ȱTheȱSensorȱ providesȱsomeȱclassificationȱandȱpreventionȱcapabilitiesȱwhenȱitȱisȱdisconnectedȱfromȱtheȱServer.ȱTheȱSensorȱalsoȱraisesȱevents,ȱ storesȱthem,ȱandȱsendsȱthemȱbackȱtoȱtheȱServerȱonȱreconnection.ȱ 52ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 80. x x x Offline Sensor Configuration Tab EnableȱofflineȱSensorȱmode:ȱSelectȱthisȱcheckboxȱtoȱenableȱtheȱofflineȱSensorȱmode.ȱWhenȱthisȱmodeȱisȱenabled,ȱtheȱ Sensorȱcontinuesȱtoȱdetectȱandȱclassifyȱdevices,ȱraiseȱeventȱalerts,ȱandȱpreventȱongoingȱthreats.ȱ(Default:ȱSelected)ȱ OnlineȬOfflineȱmodeȱswitchȱdelay:ȱSpecifyȱtheȱtimeȱafterȱwhich,ȱifȱtheȱSensorȱdoesȱnotȱreceiveȱanyȱcommunicationȱ fromȱtheȱServerȱandȱEnableȱofflineȱSensorȱmodeȱisȱenabled,ȱtheȱSensorȱswitchesȱtoȱtheȱofflineȱmode.ȱ (Minimum:ȱ5ȱminutes;ȱMaximum:ȱ60ȱminutes;ȱDefault:ȱ5ȱminutes)ȱ UnderȱOfflineȱSensorȱParametersȱtab,ȱyouȱcanȱviewȱtheȱfollowing:ȱ ¾ NumberȱofȱAPsȱtoȱbeȱstored:ȱNumberȱofȱAPsȱthatȱtheȱSensorȱwillȱcontinueȱtoȱdetectȱinȱOfflineȱmodeȱ(Default:ȱ 128)ȱ ¾ NumberȱofȱClientsȱtoȱbeȱstored:ȱNumberȱofȱClientsȱthatȱtheȱSensorȱwillȱcontinueȱtoȱdetectȱinȱOfflineȱmodeȱ (Default:ȱ256)ȱ ¾ Numberȱofȱeventsȱtoȱbeȱstored:ȱNumberȱofȱeventsȱthatȱtheȱSensorȱwillȱcontinueȱtoȱraiseȱinȱOfflineȱmodeȱ(Default:ȱ 256)ȱ ¾ Numberȱofȱpreventionȱrecordsȱtoȱbeȱstored:ȱNumberȱofȱpreventionȱrecordsȱthatȱtheȱSensorȱwillȱcontinueȱtoȱstoreȱ inȱOfflineȱmodeȱtoȱpreventȱongoingȱthreatsȱ(Default:ȱ256)ȱ 53 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® SettingȱupȱtheȱServerȱConsoleȱ sueȱ Figure 81. x Offline Sensor Configuration: Device Classification Policy Tab UnderȱDeviceȱClassificationȱPolicyȱtabȱspecifyȱtheȱdesiredȱclassificationȱpoliciesȱtoȱmoveȱAPsȱandȱClientsȱfromȱtheȱ UncategorizedȱlistȱtoȱtheȱCategorizedȱlist:ȱ ¾ UnderȱAPȱClassificationȱPolicy,ȱselectȱoneȱorȱmoreȱoptionsȱtoȱenableȱtheȱsystemȱautomaticallyȱmoveȱAPsȱfromȱ theȱUncategorizedȱAPȱlistȱtoȱtheȱCategorizedȱAPȱlist:ȱ MoveȱnetworkedȱAPsȱtoȱtheȱRogueȱorȱAuthorizedȱAPȱfolderȱinȱtheȱCategorizedȱAPȱListȱ MoveȱnonȬnetworkedȱAPsȱtoȱtheȱExternalȱAPȱfolderȱinȱtheȱCategorizedȱAPȱListȱ ¾ UnderȱClientȱClassificationȱPolicy,ȱselectȱoneȱorȱmoreȱoptionsȱtoȱenableȱtheȱsystemȱautomaticallyȱclassifyȱ ClientsȱbasedȱonȱtheirȱassociationsȱwithȱAPs:ȱ OnȱassociationȱwithȱanȱAuthorizedȱAP,ȱclassifyȱanȱUncategorizedȱClientȱasȱAuthorizedȱ OnȱassociationȱwithȱaȱRogueȱAP,ȱclassifyȱanȱUncategorizedȱClientȱasȱUnauthorizedȱ OnȱassociationȱwithȱanȱExternalȱAP,ȱclassifyȱanȱUncategorizedȱClientȱasȱUnauthorizedȱ 54ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 82. x Offline Sensor Configuration: Intrusion Prevention Policy Tab UnderȱIntrusionȱPreventionȱPolicyȱtabȱenableȱintrusionȱpreventionȱagainstȱtheȱfollowingȱthreats:ȱ ¾ ¾ ¾ ¾ ¾ ¾ RogueȱAPsȱ APsȱcategorizedȱasȱRogueȱ UncategorizedȱAPsȱthatȱareȱconnectedȱtoȱtheȱnetworkȱ MisconfiguredȱAPsȱ APsȱcategorizedȱasȱAuthorizedȱbutȱusingȱnoȱsecurityȱmechanismȱ(Open)ȱ APsȱcategorizedȱasȱAuthorizedȱbutȱusingȱweakȱsecurityȱmechanismȱ(WEP)ȱ ClientȱMisȬassociationsȱ AuthorizedȱClientȱconnectionsȱtoȱAPsȱcategorizedȱasȱExternalȱ UnauthorizedȱAssociationsȱ UnauthorizedȱClientȱconnectionsȱtoȱAPsȱcategorizedȱasȱAuthorizedȱ AdhocȱConnectionsȱ AuthorizedȱClientsȱparticipatingȱinȱanyȱadhocȱnetworkȱ Honeypot/EvilȱTwinȱAPsȱ AuthorizedȱClientȱconnectionȱtoȱHoneypot/EvilȱTwinȱAPsȱ Additionally,ȱspecifyȱtheȱintrusionȱpreventionȱlevelȱthatȱallowsȱyouȱtoȱchooseȱaȱtradeȬoffȱbetweenȱtheȱdesiredȱlevelȱofȱ preventionȱandȱtheȱdesiredȱnumberȱofȱmultipleȱsimultaneousȱpreventionsȱacrossȱradioȱchannels.ȱYouȱcanȱchooseȱeitherȱofȱtheȱ followingȱpreventionȱlevels:ȱ x x x x Blockȱ Disruptȱ Interruptȱ Degradeȱ ReferȱtoȱtheȱsectionȱIntrusionȱPreventionȱLevelȱforȱmoreȱdetails.ȱ 55 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® SettingȱupȱtheȱServerȱConsoleȱ Clickȱ<Save>ȱtoȱsaveȱallȱsettings.ȱ Clickȱtheȱ ȱiconȱtoȱeditȱanȱexistingȱSensorȱtemplate.ȱWhenȱanȱexistingȱSensorȱtemplateȱisȱeditedȱaȱConfirmationȱ–ȱSaveȱ dialogȱappearsȱindicatingȱtheȱmodifications,ȱbyȱselectingȱtheȱtabsȱthatȱwereȱmodified.ȱYouȱareȱallowedȱtoȱuncheckȱaȱtabȱifȱyouȱ wishȱtoȱcancelȱthoseȱmodifications.ȱClickȱ<OK>ȱtoȱsaveȱtheȱchangesȱforȱtheȱselectedȱtab.ȱ Note:ȱNameȱandȱDescriptionȱofȱtheȱSensorȱtemplateȱareȱautomaticallyȱsaved.ȱ Clickȱ<SaveȱAs>ȱtoȱsaveȱtheȱSensorȱtemplateȱwithȱaȱdifferentȱnameȱwithoutȱmodifyingȱtheȱoriginalȱtemplate.ȱ Clickȱ<RestoreȱDefault>ȱtoȱrevertȱtoȱtheȱSystemȱTemplate.ȱTheȱsystemȱenablesȱyouȱtoȱselectȱtabsȱtoȱcontrolȱtheȱsettingsȱthatȱwillȱ beȱrestoredȱtoȱtheȱdefaultȱvalues.ȱIfȱyouȱclickȱ<RestoreȱDefault>ȱonȱtheȱSystemȱTemplate,ȱparametersȱunderȱtheȱselectedȱtabsȱ areȱrestoredȱtoȱtheirȱfactoryȱdefaultȱsettings.ȱAȱConfirmationȱ–ȱRestoreȱDefaultȱdialogȱappearsȱwithȱaȱlistȱofȱtabsȱselected,ȱforȱ whichȱdefaultȱsettingsȱwillȱbeȱapplied.ȱ Important:ȱTheȱsystemȱhasȱtheȱabilityȱtoȱscanȱandȱdefendȱonȱ4.920Ȭ4.980ȱGHzȱandȱ5.470Ȭ5.725ȱGHzȱchannelsȱinȱUS/CanadaȱandȱIEEEȱ 802.11jȱchannelsȱ4.920Ȭ4.980ȱGHzȱandȱ5.040Ȭ5.080GHzȱchannelsȱinȱJapan.ȱ Clickȱtheȱ ȱiconȱtoȱviewȱanȱexistingȱSensorȱtemplate.ȱClickȱtheȱ ȱiconȱtoȱdeleteȱanȱexistingȱSensorȱtemplate.ȱ 13. TheȱImportȱSensorȱListȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱImportingȱaȱSensorȱlistȱisȱanȱefficientȱalternativeȱ toȱmanuallyȱmovingȱSensorsȱtoȱtheȱdesiredȱlocationsȱwhileȱsettingȱupȱtheȱsystem.ȱTheȱsuccessfullyȱimportedȱSensorsȱareȱ automaticallyȱtaggedȱtoȱtheȱchosenȱlocationsȱwhenȱtheyȱconnectȱtoȱtheȱServer.ȱ ȱ Figure 83. Import Devices - Sensors UnderȱImportȱSensorȱList,ȱclickȱ<ImportȱSensorȱList>ȱtoȱopenȱImportȱSensorȱListȱdialog.ȱ 56ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 84. Import Sensor List InȱtheȱImportȱSensorȱListȱdialog:ȱ UnderȱTagȱDevices,ȱselectȱoneȱofȱtheȱfollowing:ȱ x AutoȱTagȱDevices:ȱToȱautomaticallyȱtagȱtheȱSensorȱtoȱtheȱcorrespondingȱlocation.ȱ x ManuallyȱTagȱDevicesȱto::ȱClickȱ<Change>ȱtoȱmanuallyȱtagȱtheȱSensorȱtoȱtheȱdesiredȱlocation.ȱ UnderȱEnterȱSensorȱdetailsȱ x ToȱaddȱaȱSensor’sȱdetails,ȱtypeȱtheȱSensor’sȱMACȱaddressȱandȱNameȱandȱclickȱ<AddȱtoȱList>>>>.ȱ x ToȱaddȱaȱSensor’sȱdetailsȱfromȱaȱfile,ȱclickȱ<Browse>.ȱOnȱtheȱSelectȱSensor_Device_List_Fileȱdialog,ȱselectȱtheȱ.txtȱfileȱ fromȱtheȱdesiredȱlocationȱandȱclickȱ<Open>.ȱThenȱclickȱ<AddȱtoȱList>>>>.ȱ UnderȱAuthorizedȱSensorȱImportȱListȱ x ToȱdeleteȱaȱSensor’sȱdetails,ȱselectȱtheȱcorrespondingȱrowȱandȱclickȱ<Delete>.ȱ ToȱimportȱSensorsȱfromȱtheȱSensorȱImportȱList,ȱclickȱ<OK>.ȱ Note:ȱWhenȱyouȱimportȱSensorsȱfromȱaȱlist,ȱyouȱcanȱdeleteȱtheseȱSensorsȱonlyȱfromȱtheȱDevicesȱscreen.ȱ 14. TheȱDevicesÆSensorsȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱSensorsȱproactivelyȱscanȱtheȱnetworkȱandȱ generateȱevents.ȱSensorsȱcommunicateȱeventȱinformationȱtoȱtheȱsystem.ȱThisȱscreenȱguidesȱyouȱtoȱmoveȱallȱtheȱSensorsȱ fromȱtheȱUnknownȱlocationȱtoȱtheirȱcorrectȱlocations.ȱ 57 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 85. Devices Screen – Sensors RightȬclickȱaȱSensorȱrowȱtoȱmoveȱaȱSensor.ȱSelectȱChangeȱLocationȱfromȱtheȱresultantȱcontextȬsensitiveȱmenuȱtoȱmanuallyȱtagȱ theȱSensorȱtoȱtheȱdesiredȱlocation.ȱ 15. TheȱLocationsȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱCreateȱaȱvisualȱviewȱofȱyourȱdeploymentȱbyȱattachingȱ picturesȱandȱfloormapsȱtoȱlocations.ȱ 58ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 86. 7.1.5.2 Locations Screen Attachingȱanȱimageȱ Useȱtheȱfollowingȱstepsȱtoȱattachȱanȱimage:ȱ a. InȱtheȱLocationȱtree,ȱselectȱtheȱlocationȱtoȱwhichȱyouȱwishȱtoȱattachȱanȱimage.ȱ b. Doȱoneȱofȱtheȱfollowing:ȱ x RightȬclickȱandȱfromȱtheȱresultingȱcontextȬsensitiveȱmenu,ȱselectȱAttachȱImage.ȱ x c. ClickȱtheȱAttachȱImageȱonȱfloorȱiconȱ( )ȱinȱtheȱrightȱcorner.ȱ OnȱtheȱSelectȱanȱimageȱfileȱtoȱattachȱtoȱattachȱoverȱaȱplannedȱlocationȱdialog,ȱbrowseȱtoȱtheȱappropriateȱimageȱandȱthenȱ clickȱ<Open>.ȱ 7.1.5.3 PlacingȱLocationsȱonȱaȱLocationȱFolderȱwithȱanȱAttachedȱImageȱ Theȱsystemȱenablesȱyouȱtoȱplaceȱlocationsȱonȱaȱlocationȱfolderȱthatȱhasȱanȱattachedȱimage.ȱThisȱhelpsȱyouȱidentifyȱtheȱphysicalȱ positionȱofȱeachȱofȱtheȱlocations.ȱTheȱlocationsȱplacedȱonȱtheȱattachedȱimageȱareȱindicatedȱbyȱcoloredȱcircles.ȱAȱgreenȱcircleȱ indicatesȱthatȱtheȱlocationȱisȱSecure,ȱwhileȱaȱredȱcircleȱindicatesȱthatȱtheȱlocationȱisȱVulnerable.ȱ Useȱtheȱfollowingȱstepsȱtoȱplaceȱlocationsȱonȱtheȱattachedȱimageȱandȱviewȱtheirȱdetails:ȱ a. InȱtheȱLocationȱtree,ȱselectȱaȱlocationȱfolder.ȱ b. UnderȱAvailableȱLocations,ȱdragȱandȱdropȱtheȱrequiredȱlocationsȱonȱtheȱattachedȱimage.ȱ c. Toȱviewȱdetailsȱaboutȱtheȱlocationȱholdȱtheȱmouseȱcursorȱoverȱtheȱcoloredȱcircle.ȱ d. Toȱgoȱtoȱaȱparticularȱlocationȱplacedȱonȱtheȱimage,ȱdoȱoneȱofȱtheȱfollowing:ȱ x Clickȱtheȱcoloredȱcircleȱrepresentingȱtheȱlocation.ȱ x Pointȱtoȱcoloredȱcircleȱrepresentingȱtheȱlocation,ȱrightȬclickȱandȱselectȱJumpȱtoȱthisȱlocation.ȱ Note:ȱYouȱcanȱtraverseȱtoȱaȱparticularȱlocationȱnodeȱbyȱfollowingȱstepȱdȱuntilȱyouȱreachȱtheȱdesiredȱlocationȱnode.ȱ 59 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® SettingȱupȱtheȱServerȱConsoleȱ 7.1.5.4 ImportingȱaȱPlannerȱfileȱintoȱaȱLocationȱNodeȱ Theȱsystemȱenablesȱyouȱtoȱspecifyȱaȱlayoutȱforȱeachȱlocationȱnodeȱusingȱaȱblankȱcanvas,ȱaȱlayoutȱimage,ȱorȱaȱ.SPMȱfileȱexportedȱ fromȱPlanner.ȱUseȱtheȱfollowingȱstepsȱtoȱimportȱaȱPlannerȱfile:ȱ a. InȱtheȱLocationȱtree,ȱselectȱtheȱlocationȱnodeȱintoȱwhichȱyouȱwishȱtoȱimportȱtheȱ.SPMȱfileȱandȱthenȱrightȬclick.ȱ b. Doȱoneȱofȱtheȱfollowing:ȱ x FromȱtheȱresultingȱcontextȬsensitiveȱmenu,ȱselectȱImportȱLocation.ȱ x c. ClickȱtheȱImportȱLocationȱiconȱ( )ȱbelowȱtheȱViewerȱmodeȱtab.ȱ InȱtheȱSelectȱSpectraGuardȱPlannerȱ(.spm)ȱFileȱdialog,ȱbrowseȱtoȱtheȱappropriateȱPlannerȱexportedȱ.SPMȱfileȱandȱthenȱ clickȱ<Open>.ȱ 16. TheȱLocationsȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱYouȱcanȱplaceȱSensorsȱonȱtheȱfloormapsȱbyȱdraggingȱandȱ droppingȱthem.ȱIfȱyouȱhaveȱimportedȱanȱSPMȱfileȱfromȱPlannerȱthatȱcontainsȱfloorȱinformationȱandȱSensorȱplacements,ȱ Sensorsȱcontainedȱinȱthatȱfileȱwillȱbeȱplacedȱautomatically.ȱ ȱ Figure 87. Placing Sensors on the Floormap YouȱmustȱcompleteȱthisȱstepȱtoȱviewȱliveȱRFȱcoverageȱmapsȱforȱaȱlocationȱnodeȱandȱperformȱonȬfloorȱlocationȱtrackingȱofȱ visibleȱ802.11ȱdevices.ȱUseȱtheȱfollowingȱstepsȱtoȱplaceȱSensorsȱonȱtheȱfloormap:ȱ a. InȱtheȱLocationȱtree,ȱselectȱaȱlocationȱnode.ȱ b. UnderȱAvailableȱDevices,ȱselectȱtheȱSensorsȱtab,ȱthenȱdragȱandȱdropȱtheȱSensorsȱonȱyourȱfloormap.ȱ 7.1.6 Stepȱ6:ȱClassifyingȱAPsȱ 17. TheȱAuthorizedȱWLANȱSetupȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱOnȱthisȱscreen,ȱspecifyȱAuthorizedȱAPȱ detailsȱusingȱSSIDȱtemplatesȱtoȱsuitȱdifferentȱlocations.ȱ 60ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 88. Authorized WLAN Setup Selectȱoneȱofȱtheȱfollowingȱtoȱcharacterizeȱaȱparticularȱlocation:ȱ x ThisȱisȱaȱNoȱWiȬFiȱlocation:ȱIfȱnoȱAuthorizedȱWiȬFiȱAPsȱareȱinstalledȱatȱthisȱlocation.ȱIfȱyouȱconfigureȱaȱlocationȱasȱaȱ noȱWiȬFiȱlocation,ȱtheȱSpecifyȱAuthorizedȱSSIDȱsectionȱisȱgrayedȱout.ȱ x WiȬFiȱisȱallowedȱatȱthisȱlocation:ȱToȱspecifyȱtheȱdetailsȱofȱtheȱAuthorizedȱWiȬFiȱAPsȱinȱthisȱlocation.ȱ 7.1.6.1 SpecifyȱAuthorizedȱSSIDsȱ Underȱthisȱtab,ȱspecifyȱtheȱAuthorizedȱSSIDsȱatȱthisȱlocation.ȱForȱeachȱSSID,ȱyouȱcanȱspecifyȱtheȱdetailedȱconfiguration.ȱThisȱ perȱSSIDȱconfigurationȱisȱcalledȱanȱSSIDȱtemplate.ȱ CreatingȱaȱConfigurationȱTemplateȱforȱanȱAuthorizedȱ802.11ȱSSIDȱ AddȱAuthorizedȱSSIDsȱallowsȱyouȱtoȱcreateȱanȱSSIDȱtemplateȱinȱoneȱofȱtheȱfollowingȱways:ȱ x AddȱVisibleȱSSID:ȱToȱcreateȱanȱSSIDȱtemplateȱfromȱaȱlistȱofȱvisibleȱSSIDs.ȱTheȱvisibleȱSSIDȱlistȱisȱbuiltȱusingȱtheȱdataȱ receivedȱfromȱSensors.ȱ x AddȱCustomȱSSID:ȱToȱcreateȱaȱtemplateȱusingȱaȱuserȬdefinedȱSSID.ȱ Clickȱ<AddȱNew>ȱtoȱcreateȱaȱnewȱSSIDȱtemplate.ȱTheȱTemplateȱforȱanȱAuthorizedȱ802.11ȱSSIDȱdialogȱappearsȱwhereȱyouȱcanȱ selectȱmultipleȱitemsȱinȱsomeȱfields.ȱ 61 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 89. Creating a Configuration Template for an Authorized SSID x CreateȱSSIDȱTemplateȱallowsȱyouȱtoȱspecifyȱtheȱdetailsȱforȱcreatingȱaȱnewȱSSIDȱasȱfollows:ȱ ¾ AuthorizedȱSSID:ȱDisplaysȱtheȱnameȱofȱtheȱSSIDȱthatȱyouȱhaveȱaddedȱearlierȱ ¾ ThisȱisȱaȱGuestȱSSID:ȱSelectȱthisȱoptionȱifȱthisȱSSIDȱisȱaȱGuestȱSSIDȱusedȱtoȱprovideȱWiȬFiȱconnectivityȱtoȱvisitorsȱ andȱguests.ȱThoughȱAPsȱwithȱGuestȱSSIDȱareȱAuthorized,ȱtheyȱmayȱbeȱtreatedȱdifferentlyȱthanȱAPsȱthatȱareȱusedȱ byȱemployeesȱforȱcorporateȱaccess.ȱMakingȱanȱSSIDȱasȱGuestȱallowsȱyouȱtoȱspecifyȱadditionalȱclassificationȱandȱ preventionȱpoliciesȱrelatedȱtoȱGuestȱSSIDs.ȱReferȱtoȱtheȱsectionsȱClientȱAutoȬClassificationȱandȱIntrusionȱ PreventionȱPolicyȱinȱtheȱSpectraGuardȱEnterpriseȱUserȱGuideȱforȱmoreȱdetailsȱonȱclassifyingȱGuestȱSSIDsȱ ¾ TemplateȱName:ȱNameȱofȱtheȱSSIDȱtemplateȱ ¾ ApplyȱthisȱSSIDȱtemplateȱatȱcurrentȱlocation:ȱSelectȱthisȱoptionȱtoȱapplyȱthisȱSSIDȱtemplateȱtoȱtheȱcurrentȱ location.ȱTheȱWLANȱpolicyȱatȱaȱlocationȱconsistsȱofȱSSIDȱtemplatesȱappliedȱatȱthatȱlocation.ȱIfȱtheȱtemplateȱisȱnotȱ appliedȱatȱthisȱlocation,ȱitȱwillȱnotȱbeȱaȱpartȱofȱtheȱWLANȱpolicyȱ ¾ Description:ȱWriteȱaȱshortȱdescriptionȱtoȱhelpȱidentifyȱtheȱSSIDȱtemplateȱ x NetworkȱProtocolȱallowsȱyouȱtoȱselectȱtheȱallowedȱ802.11ȱprotocolsȱforȱtheȱSSID:ȱ ¾ Any:ȱAllowȱAPsȱwithȱanyȱnetworkȱprotocolȱforȱthisȱSSIDȱ ¾ Select:ȱSpecifyȱtheȱ802.11ȱprotocolȱonȱwhichȱtheȱsystemȱallowsȱtheȱAPsȱconnectedȱtoȱtheȱnetworkȱtoȱoperate– 802.11ȱa,ȱ802.11ȱb,ȱandȱ802.11gȱ x AuthenticationȱFrameworkȱallowsȱyouȱtoȱselectȱtheȱsecurityȱframeworkȱforȱtheȱSSID:ȱ 62ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ SettingȱupȱtheȱServerȱConsoleȱ ¾ ¾ Any:ȱAllowȱAPsȱwithȱanyȱauthenticationȱframeworkȱtoȱconnectȱtoȱtheȱsystemȱ Select:ȱSpecifyȱtheȱauthenticationȱframework–PSKȱandȱ802.1xȱ(EAP).ȱTheȱauthenticationȱframeworkȱisȱonlyȱ applicableȱifȱtheȱtemplateȱsupportsȱWPA/WPA2ȱandȱ802.11iȱprivacyȱ x EncryptionȱProtocolsȱallowsȱyouȱtoȱselectȱtheȱallowedȱencryptionȱprotocolsȱforȱtheȱSSID:ȱ ¾ Any:ȱAllowȱAPsȱwithȱanyȱencryptionȱprotocolȱforȱthisȱSSIDȱ ¾ Select:ȱSpecifyȱtheȱencryptionȱprotocols–WEP40,ȱWEP108,ȱTKIP,ȱandȱCCMP.ȱTKIPȱandȱCCMPȱareȱavailableȱonlyȱ ifȱtheȱtemplateȱsupportsȱWPA/WPA2ȱandȱ802.11iȱprivacyȱ x SecurityȱSettingsȱallowsȱyouȱtoȱselectȱtheȱsecurityȱprotocol(s)ȱforȱtheȱSSID:ȱ ¾ Any:ȱAllowȱAPsȱwithȱanyȱsecurityȱsettingsȱtoȱconnectȱ ¾ Select:ȱSpecifyȱtheȱprivacyȱmechanism–Open,ȱWEP,ȱWPA,ȱandȱ802.11iȱforȱtheȱAPsȱconnectedȱtoȱtheȱSSIDȱ x CiscoȱMFPȱallowsȱyouȱtoȱmakeȱclassificationȱdecisionsȱonȱCiscoȱManagementȱFrameȱProtection(MFP)ȱcapabilityȱifȱ 802.11iȱcheckboxȱisȱselectedȱunderȱSecurityȱSettings:ȱ ¾ Any:ȱPolicyȱdoesȱnotȱcheckȱforȱMFP;ȱbothȱCiscoȱMFPȱenabledȱandȱdisabledȱAPsȱareȱclassifiedȱasȱAuthorizedȱ ¾ Select:ȱPolicyȱchecksȱforȱMFPȱ CiscoȱMFPȱEnabled:ȱSelectȱtoȱclassifyȱonlyȱCiscoȱMFPȱsupportingȱAPsȱasȱAuthorizedȱAPsȱ CiscoȱMFPȱDisabled:ȱSelectȱtoȱclassifyȱnonȬCiscoȱMFPȱsupportingȱAPsȱasȱAuthorizedȱAPsȱ x APȱCapabilitiesȱallowsȱyouȱtoȱselectȱtheȱadditionalȱcapabilitiesȱthatȱAuthorizedȱAPsȱmayȱhave.ȱIfȱyouȱselectȱanyȱofȱ theseȱadvancedȱcapabilities,ȱtheȱclassificationȱlogicȱallowsȱAPsȱwithȱandȱwithoutȱtheseȱcapabilities.ȱSelectȱoneȱofȱtheȱ following:ȱ ¾ Any:ȱAllowȱAPsȱwithȱanyȱspecialȱcapabilityȱforȱthisȱSSIDȱ ¾ Select:ȱSpecifyȱifȱtheȱAPȱusesȱanyȱTurbo/SuperȱtechniquesȱusedȱbyȱAtherosȱtoȱgetȱhigherȱthroughputs–Turbo,ȱ SuperAG,ȱandȱDot11nȱ(802.11n)ȱ x AuthenticationȱTypesȱallowsȱyouȱtoȱselectȱtheȱallowedȱauthenticationȱtypesȱthatȱClientsȱcanȱuse.ȱAuthenticationȱ typesȱdoȱnotȱdetermineȱtheȱclassificationȱofȱAPs,ȱbutȱareȱusedȱtoȱraiseȱanȱeventȱifȱaȱClientȱisȱauthenticatedȱviaȱaȱnonȬ allowedȱauthenticationȱtype.ȱTheȱsystemȱraisesȱthisȱeventȱonlyȱifȱtheȱsystemȱseesȱauthenticationȱprotocolȱhandshakeȱ frames.ȱ ¾ Any:ȱAllowȱClientsȱwithȱanyȱauthenticationȱtypeȱforȱthisȱSSIDȱ ¾ Select:ȱSpecifyȱtheȱauthenticationȱtypesȱthatȱClientsȱcanȱuseȱ(onlyȱifȱ802.1xȱisȱselected)–PEAP,ȱEAPȬTLS,ȱLEAP,ȱ EAPȬTTLS,ȱEAPȬFAST,ȱandȱEAPȬSIMȱSelectionȱisȱallowedȱ x AllowedȱNetworksȱallowsȱyouȱtoȱselectȱtheȱnetworksȱwhereȱAuthorizedȱAPsȱwithȱthisȱSSIDȱareȱconnected:ȱ ¾ Any:ȱAllowȱAPsȱwithȱthisȱSSIDȱtoȱconnectȱtoȱanyȱnetworkȱ ¾ SelectȱNetworks:ȱSpecifyȱtheȱnetworksȱwhereȱAuthorizedȱAPsȱwithȱthisȱSSIDȱareȱconnected.ȱYouȱcanȱeitherȱ chooseȱfromȱnetworksȱthatȱareȱdiscoveredȱautomaticallyȱbyȱtheȱsystemȱorȱaddȱnewȱnetworksȱthatȱareȱnotȱyetȱ discoveredȱbyȱtheȱsystemȱ Clickȱ<SelectȱNetworks>ȱtoȱopenȱAllowedȱNetworksȱforȱSSIDȱdialogȱwhereȱyouȱcanȱmoveȱaȱnetworkȱfromȱ NetworksȱMonitoredȱbyȱtheȱSystemȱtoȱAllowedȱNetworksȱforȱthisȱSSIDȱandȱaddȱorȱdeleteȱnetworks.ȱ x UnderȱAllowedȱAPȱVendors,ȱselectȱoneȱofȱtheȱfollowing:ȱ ¾ Any:ȱAllowȱAPsȱmanufacturedȱbyȱanyȱvendorȱtoȱconnectȱtoȱtheȱsystemȱ ¾ SelectȱVendors:ȱSelectȱtheȱmanufacturerȱofȱtheȱAPȱwithȱtheȱspecifiedȱSSID.ȱIfȱanȱAPȱwithȱtheȱspecifiedȱSSIDȱisȱ discoveredȱatȱthisȱlocation,ȱtheȱsystemȱdeclaresȱitȱasȱaȱRogue,ȱunlessȱoneȱofȱtheȱmanufacturersȱlistedȱ manufacturesȱit.ȱ SSIDȱTemplatesȱ AȱpolicyȱisȱcollectionȱofȱSSIDȱtemplatesȱattachedȱtoȱthatȱlocation.ȱYouȱcanȱapplyȱanȱSSIDȱtemplateȱfromȱtheȱparentȱorȱcreateȱitȱ locally;ȱifȱyouȱwishȱtoȱcustomizeȱtheȱWLANȱpolicyȱforȱthatȱlocation.ȱOtherȱtemplatesȱmayȱbeȱavailableȱtoȱbeȱattachedȱbutȱareȱ notȱpartȱofȱtheȱWLANȱpolicyȱandȱwillȱnotȱbeȱusedȱforȱAPȱclassification.ȱ TheȱSSIDȱTemplatesȱsectionȱlistsȱtheȱSSIDȱtemplatesȱthatȱareȱavailableȱatȱaȱparticularȱlocation.ȱYouȱmustȱapplyȱtheȱtemplatesȱ fromȱtheȱavailableȱlistȱtoȱcreateȱtheȱWLANȱpolicyȱatȱthatȱlocation.ȱAȱnewȱAPȱorȱanȱexistingȱAuthorizedȱAPȱisȱcomparedȱagainstȱ theȱappliedȱSSIDȱtemplatesȱtoȱdetermineȱifȱitȱisȱaȱRogueȱorȱMisȬconfiguredȱAP.ȱTheȱSSIDȱtemplatesȱcreatedȱatȱotherȱlocationsȱ canȱbeȱappliedȱtoȱaȱselectedȱlocationȱbutȱcannotȱbeȱeditedȱorȱdeleted.ȱTheȱeditȱandȱdeleteȱoperationsȱareȱpossibleȱonlyȱatȱtheȱ locationȱwhereȱtheȱtemplateȱisȱcreated.ȱTheȱtableȱshowsȱtheȱfollowingȱdetails:ȱ 63 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® SettingȱupȱtheȱServerȱConsoleȱ x x x x SSID:ȱNameȱofȱtheȱSSIDȱ GuestȱSSID?:ȱIndicatesȱifȱitȱisȱaȱGuestȱSSIDȱ TemplateȱName:ȱNameȱofȱtheȱSSIDȱtemplateȱ ApplyȱHere?:ȱEnablesȱyouȱtoȱapplyȱtheȱSSIDȱtemplateȱtoȱtheȱselectedȱlocation.ȱNewȱandȱexistingȱAuthorizedȱAPsȱareȱ evaluatedȱagainstȱallȱappliedȱSSIDȱtemplatesȱtoȱdetermineȱifȱtheyȱareȱRogueȱorȱMisȬconfigured.ȱ x ȱ ¾ ¾ ¾ ¾ 7.1.6.2 ȱ ȱ :ȱClickȱtheseȱiconsȱtoȱperformȱtheȱfollowing:ȱ CopyȱtheȱselectedȱSSIDȱtemplateȱtoȱanotherȱlocation.ȱ EditȱtheȱSSIDȱtemplate.ȱThisȱoptionȱisȱenabledȱonlyȱatȱtheȱlocationȱwhereȱtheȱtemplateȱwasȱcreated.ȱ ViewȱtheȱSSIDȱtemplate.ȱ Deleteȱtheȱtemplate.ȱThisȱoptionȱisȱenabledȱonlyȱatȱtheȱlocationȱwhereȱtheȱtemplateȱwasȱcreatedȱandȱonlyȱifȱtheȱ templateȱisȱnotȱappliedȱatȱanyȱotherȱchildȱlocationsȱofȱtheȱlocationȱwhereȱitȱwasȱcreated.ȱ SelectȱWiȬFiȱNetworksȱ ThisȱsectionȱallowsȱyouȱtoȱspecifyȱtheȱlistȱofȱnetworksȱatȱtheȱselectedȱlocationȱwhereȱnoȱWiȬFiȱAPsȱareȱallowedȱtoȱbeȱconnected.ȱ TheȱNoȱWiȬFiȱNetworksȱlistȱatȱaȱlocationȱtakesȱprecedenceȱoverȱtheȱlistȱofȱnetworksȱinȱSSIDȱtemplatesȱappliedȱatȱthatȱlocation.ȱ Inȱotherȱwords,ȱifȱaȱnetworkȱisȱincludedȱinȱaȱlocation’sȱnoȱWiȬFiȱlistȱandȱhappensȱtoȱbeȱinȱtheȱlistȱofȱnetworksȱinȱoneȱorȱmoreȱ appliedȱSSIDsȱatȱthatȱlocation,ȱtheȱnetworkȱwillȱbeȱstillȱtreatedȱasȱaȱnoȱWiȬFiȱnetwork.ȱ ȱ Figure 90. x x No-Wi-Fi Networks NetworksȱMonitoredȱbyȱtheȱSystem:ȱSpecifiesȱtheȱnetworksȱmonitoredȱbyȱtheȱsystem.ȱ NoȱWiȬFiȱNetworksȱatȱthisȱLocation:ȱSpecifiesȱtheȱnetworksȱtoȱwhichȱnoȱWiȬFiȱAPȱshouldȱbeȱconnectedȱatȱtheȱ selectedȱlocation.ȱ YouȱcanȱmoveȱaȱnetworkȱfromȱNetworksȱMonitoredȱbyȱtheȱSystemȱtoȱNoȱWiȬFiȱNetworksȱatȱthisȱLocation.ȱ Clickȱ<Add>ȱtoȱenterȱaȱnewȱnetworkȱaddressȱtoȱaddȱaȱNoȱWiȬFiȱnetworkȱatȱtheȱselectedȱlocation.ȱ 7.1.6.3 RSSIȱbasedȱClassificationȱ APsȱareȱfurtherȱclassifiedȱbasedȱonȱtheȱRSSIȱvalueȱthatȱtheȱSensorsȱreceive.ȱIfȱtheȱsignalȱstrenthȱexceedsȱaȱmaximmumȱ threshold,ȱtheȱSensorȱappropriatelyȱclssifiesȱtheȱAP.ȱAirtightȱhiglyȱrecommendsȱthatȱyouȱturnȱonȱnetworkȱconnectivityȱbasedȱ 64ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ SettingȱupȱtheȱServerȱConsoleȱ classificationȱasȱitȱisȱtheȱmostȱreliableȱmechanismȱtoȱclassifyȱwirelessȱdevicesȱwhenȱmostȱofȱyourȱnetworkȱisȱmonitoredȱusingȱ SensorsȱandȱNDs.ȱ UnderȱRSSIȱThreshold,ȱselectȱoneȱorȱbothȱ(recommend)ȱofȱtheȱfollowingȱcheckboxes:ȱ x PreȬclassifyȱAPsȱwithȱsignalȱstrengthȱstrongerȱthanȱthresholdȱasȱRogueȱorȱAuthorizedȱAPsȱtoȱspecifyȱtheȱthresholdȱ RSSIȱvalueȱbasedȱonȱwhichȱtheȱsystemȱfurtherȱclassifiesȱAPs.ȱ x PreȬclassifyȱAPsȱconnectedȱtoȱmonitoredȱsubnetȱasȱRogueȱorȱAuthorizedȱAPsȱtoȱclassifyȱAPsȱbasedȱonȱtheirȱ networkȱconnectivity.ȱ ȱ Figure 91. RSSI based Classification 18. TheȱAPȱAutoȬclassificationȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱItȱenablesȱyouȱtoȱspecifyȱtheȱAPȱclassificationȱ policyȱforȱdifferentȱAPȱcategories.ȱ 65 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 92. AP Auto-Classification Policy UnderȱExternalȱAPs,ȱAirTightȱrecommendsȱthatȱyouȱselectȱAutomaticallyȱmoveȱPotentiallyȱExternalȱAPsȱinȱtheȱ UncategorizedȱlistȱtoȱtheȱExternalȱFolder.ȱTheȱsystemȱautomaticallyȱremovesȱanȱAPȱfromȱtheȱExternalȱfolderȱandȱmovesȱitȱtoȱ anȱappropriateȱAPȱfolderȱifȱitȱlaterȱdetectsȱthatȱtheȱAPȱisȱwiredȱtoȱtheȱenterpriseȱnetwork.ȱ UnderȱRogueȱAPs,ȱAirTightȱrecommendsȱthatȱyouȱselectȱAutomaticallyȱmoveȱPotentiallyȱExternalȱAPsȱinȱtheȱUncategorizedȱ listȱtoȱtheȱRogueȱFolder.ȱ Note:ȱOnceȱyouȱmoveȱanȱAPȱtoȱtheȱRogueȱfolder,ȱtheȱsystemȱneverȱautomaticallyȱremovesȱitȱfromȱtheȱRogueȱfolder,ȱevenȱifȱitȱlaterȱdetectsȱ thatȱtheȱAPȱisȱunwiredȱfromȱtheȱenterpriseȱnetworkȱorȱitsȱsecurityȱsettingsȱhaveȱchanged.ȱ 19. TheȱImportȱDevicesȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱImportingȱanȱAuthorizedȱAPȱListȱisȱanȱefficientȱ alternativeȱtoȱmanualȱmovementȱofȱtheseȱAPsȱintoȱtheȱAuthorizedȱbin.ȱAfterȱsuccessfullyȱimportingȱtheseȱlists,ȱtheȱsystemȱ automaticallyȱclassifiesȱtheȱAPsȱinȱtheȱrespectiveȱlistsȱasȱAuthorized.ȱ 66ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 93. Import Devices – APs YouȱcanȱmoveȱAuthorizedȱAPsȱtoȱtheȱAuthorizedȱfolderȱusingȱoneȱofȱtheȱfollowingȱmethods:ȱ x MoveȱanȱAPȱtoȱtheȱAuthorizedȱfolderȱusingȱrightȱclickȱandȱMoveȱoptionȱ x ImportȱtheȱAuthorizedȱAPȱlistȱ x SynchronizeȱwithȱanȱAPȱManagementȱServerȱ Note:ȱOnceȱyouȱmoveȱanȱAPȱtoȱtheȱAuthorizedȱfolder,ȱtheȱsystemȱneverȱautomaticallyȱremovesȱitȱfromȱtheȱAuthorizedȱfolder,ȱevenȱifȱitȱ laterȱdetectsȱthatȱtheȱAPȱisȱunwiredȱfromȱtheȱenterpriseȱnetwork.ȱ UnderȱImportȱAPȱList,ȱclickȱ<ImportȱAuthorizedȱAPȱList>ȱtoȱopenȱImportȱAuthorizedȱAPȱListȱdialog.ȱ ȱ 67 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® SettingȱupȱtheȱServerȱConsoleȱ Figure 94. Import Authorized AP List InȱtheȱImportȱAuthorizedȱAPȱListȱdialog:ȱ UnderȱTagȱDevices,ȱselectȱoneȱofȱtheȱfollowing:ȱ x AutoȱTagȱDevices:ȱToȱautomaticallyȱtagȱtheȱAPȱtoȱtheȱcorrespondingȱlocation.ȱ x ManuallyȱTagȱDevicesȱto::ȱClickȱ<Change>ȱtoȱmanuallyȱtagȱtheȱAPȱtoȱtheȱdesiredȱlocation.ȱ UnderȱEnterȱAPȱdetailsȱ ToȱaddȱanȱAP’sȱdetails,ȱtypeȱtheȱAP’sȱMACȱaddress,ȱIPȱAddress,ȱandȱNameȱandȱclickȱ<AddȱtoȱList>>>>.ȱ x x ToȱaddȱanȱAP’sȱdetailsȱfromȱaȱfile,ȱclickȱ<Browse>.ȱOnȱtheȱSelectȱAuthorizedȱAP_Device_List_Fileȱdialog,ȱselectȱtheȱ .txtȱfileȱfromȱtheȱdesiredȱlocationȱandȱclickȱ<Open>.ȱThenȱclickȱ<AddȱtoȱList>>>>.ȱ UnderȱAuthorizedȱAPȱImportȱListȱ x ToȱdeleteȱanȱAP’sȱdetails,ȱselectȱtheȱcorrespondingȱrowȱandȱclickȱ<Delete>.ȱ ToȱimportȱAuthorizedȱAPsȱfromȱtheȱAuthorizedȱAPȱImportȱList,ȱclickȱ<OK>.ȱ Note:ȱWhenȱyouȱimportȱAPsȱfromȱaȱlist,ȱpolicyȱsettingsȱinȱtheȱSetupȱWizardȱdoȱnotȱaffectȱtheseȱAPs.ȱ 20. TheȱDevicesÆAPsȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱTheȱsystemȱenablesȱyouȱtoȱinspect,ȱconfirm,ȱandȱreȬ classifyȱaȱdevice,ȱwhichȱis,ȱmoveȱaȱdeviceȱtoȱaȱdifferentȱfolderȱbasedȱonȱfreshȱinformation.ȱ ȱ Figure 95. Devices Screen – APs UseȱtheȱfollowingȱstepsȱtoȱmoveȱanȱAPȱtoȱaȱspecificȱfolder:ȱ a. InȱtheȱAPȱlist,ȱrightȱclickȱtheȱdesiredȱAPȱrow.ȱ b. Fromȱtheȱresultingȱcontextȱsensitiveȱmenu,ȱselectȱMoveȱto….ȱ c. ClickȱtheȱdesiredȱcategoryȱtoȱwhichȱyouȱwantȱtoȱmoveȱtheȱAP.ȱ Note:ȱIfȱyouȱmoveȱanȱAPȱplacedȱonȱaȱfloormap,ȱanȱErrorȱdialogȱappears.ȱ 68ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ SettingȱupȱtheȱServerȱConsoleȱ 21. TheȱLocationsȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱTheȱsystemȱenablesȱyouȱtoȱplaceȱAPsȱonȱtheȱfloormapȱtoȱ viewȱliveȱRFȱcoverageȱmapsȱforȱaȱlocationȱnodeȱandȱperformȱonȬfloorȱlocationȱtrackingȱofȱvisibleȱ802.11ȱdevices.ȱ ȱ Figure 96. Locations Screen UseȱtheȱfollowingȱstepsȱtoȱplaceȱAPsȱonȱtheȱfloormap:ȱ a. InȱtheȱLocationȱtree,ȱselectȱaȱlocationȱnode.ȱ b. UnderȱAvailableȱDevices,ȱselectȱtheȱAPsȱtab,ȱthenȱdragȱandȱdropȱtheȱAPsȱonȱyourȱfloormap.ȱ 7.1.7 Stepȱ7:ȱClassifyingȱClientsȱ 22. TheȱClientȱAutoȬclassificationȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱItȱdeterminesȱhowȱClientsȱareȱclassifiedȱ uponȱinitialȱdiscoveryȱandȱsubsequentȱassociationsȱwithȱAPs.ȱ 69 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 97. Client Auto-Classification Policy UnderȱInitialȱClientȱClassification,ȱspecifyȱifȱnewlyȱdiscoveredȱClientsȱatȱaȱparticularȱlocation,ȱwhichȱareȱUncategorizedȱbyȱ defaultȱshouldȱbeȱclassifiedȱasȱAuthorizedȱorȱUnauthorized.ȱ UnderȱAutomaticȱClientȱClassification,ȱselectȱoneȱorȱmoreȱoptionsȱtoȱenableȱTheȱsystemȱautomaticallyȱreȬclassifyȱ UncategorizedȱandȱUnauthorizedȱClientsȱbasedȱonȱtheirȱassociationsȱwithȱAPs.ȱYouȱcanȱcategorizeȱtheȱfollowingȱtypesȱofȱ Clients.ȱ x ClientsȱrunningȱSAFEȱ ¾ AllȱUnauthorizedȱClientsȱrunningȱSpectraGuardȱSAFEȱareȱclassifiedȱasȱAuthorizedȱ ¾ AllȱUncategorizedȱClientsȱrunningȱSpectraGuardȱSAFEȱareȱclassifiedȱasȱAuthorizedȱ x ClientsȱconnectingȱtoȱAuthorizedȱAPsȱ ¾ AllȱUnauthorizedȱClientsȱthatȱconnectȱtoȱanȱAuthorizedȱAPȱareȱreȬclassifiedȱasȱAuthorizedȱ ¾ AllȱUncategorizedȱClientsȱthatȱconnectȱtoȱanȱAuthorizedȱAPȱareȱclassifiedȱasȱAuthorizedȱ YouȱcanȱselectȱtheȱfollowingȱExceptionsȱ ¾ DoȱnotȱreȬclassifyȱaȱClientȱconnectingȱtoȱaȱGuestȱAPȱasȱAuthorizedȱ ¾ DoȱnotȱreȬclassifyȱaȱClientȱconnectingȱtoȱaȱMisȬconfiguredȱAPȱasȱAuthorizedȱ ¾ DoȱnotȱreȬclassifyȱaȱClientȱasȱAuthorizedȱifȱitsȱwirelessȱdataȱpacketsȱareȱnotȱdetectedȱonȱtheȱwiredȱnetworkȱ x ClientsȱconnectingȱtoȱExternalȱorȱRogueȱAPsȱ ¾ AllȱUncategorizedȱClientsȱthatȱconnectȱtoȱanȱExternalȱAPȱareȱclassifiedȱasȱUnauthorizedȱ ¾ AllȱUncategorizedȱClientsȱthatȱconnectȱtoȱaȱRogueȱAPȱareȱclassifiedȱasȱUnauthorizedȱ ¾ AllȱUncategorizedȱClientsȱthatȱconnectȱtoȱaȱPotentiallyȱExternalȱAPȱareȱclassifiedȱasȱUnauthorizedȱ ¾ AllȱUncategorizedȱClientsȱthatȱconnectȱtoȱaȱPotentiallyȱRogueȱAPȱareȱclassifiedȱasȱUnauthorizedȱ 23. TheȱImportȱDevicesȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱImportingȱanȱAuthorizedȱorȱUnauthorizedȱClientsȱ ListȱisȱanȱefficientȱalternativeȱtoȱmanualȱmovementȱofȱtheseȱdevicesȱintoȱtheȱAuthorized/Unauthorizedȱbins.ȱAfterȱ successfullyȱimportingȱtheseȱlists,ȱtheȱsystemȱautomaticallyȱclassifiesȱtheȱClientsȱinȱtheȱrespectiveȱlistsȱasȱ Authorized/Unauthorized.ȱ 70ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 98. Import Devices – Clients InȱtheȱImportȱDevicesȱdialog,ȱunderȱImportȱClientȱList,ȱclickȱ<ImportȱAuthorizedȱClientȱList>ȱtoȱopenȱImportȱAuthorizedȱ ClientȱListȱdialogȱand/orȱclickȱ<ImportȱUnauthorizedȱClientȱList>ȱtoȱopenȱImportȱUnauthorizedȱClientȱListȱdialog.ȱ InȱtheȱImportȱAuthorized/UnauthorizedȱClientȱListȱdialog:ȱ UnderȱTagȱDevices,ȱselectȱoneȱofȱtheȱfollowing:ȱ x AutoȱTagȱDevices:ȱToȱautomaticallyȱtagȱtheȱAPȱtoȱtheȱcorrespondingȱlocation.ȱ x ManuallyȱTagȱDevicesȱto::ȱClickȱ<Change>ȱtoȱmanuallyȱtagȱtheȱAPȱtoȱtheȱdesiredȱlocation.ȱ UnderȱEnterȱClientȱdetailsȱ x ToȱaddȱaȱClient’sȱdetails,ȱunderȱEnterȱClientȱdetails,ȱtypeȱtheȱClient’sȱMACȱAddress,ȱIPȱAddress,ȱandȱNameȱandȱclickȱ <AddȱtoȱList>>>>.ȱ x ToȱaddȱaȱClient’sȱdetailsȱfromȱaȱfile,ȱclickȱ<Browse>.ȱOnȱtheȱSelectȱAuthorized/Unauthorizedȱ Client_Device_List_Fileȱdialog,ȱselectȱtheȱ.txtȱfileȱfromȱtheȱdesiredȱlocationȱandȱclickȱ<Open>.ȱThenȱclickȱ<Addȱtoȱ List>>>>.ȱ UnderȱAuthorized/UnauthorizedȱClientȱImportȱListȱ x ToȱdeleteȱaȱClient’sȱdetails,ȱselectȱtheȱcorrespondingȱrowȱandȱclickȱ<Delete>.ȱ ToȱimportȱAuthorized/UnauthorizedȱClientsȱfromȱtheȱAuthorized/UnauthorizedȱClientȱImportȱList,ȱclickȱ<OK>.ȱ Note:ȱWhenȱyouȱimportȱClientsȱfromȱaȱlist,ȱpolicyȱsettingsȱinȱtheȱSetupȱWizardȱdoȱnotȱaffectȱtheseȱClients.ȱ 24. TheȱDevicesÆClientsȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱTheȱsystemȱenablesȱyouȱtoȱinspect,ȱconfirm,ȱandȱ reȬclassifyȱaȱdevice,ȱwhichȱis,ȱmoveȱaȱdeviceȱtoȱaȱdifferentȱfolderȱbasedȱonȱfreshȱinformation.ȱ 71 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 99. Devices Screen – Clients UseȱtheȱfollowingȱstepsȱtoȱmoveȱaȱClientȱtoȱaȱspecificȱfolder:ȱ a. InȱtheȱClientȱlist,ȱrightȱclickȱtheȱdesiredȱClientȱrow.ȱ b. Fromȱtheȱresultingȱcontextȱsensitiveȱmenu,ȱselectȱMoveȱto….ȱ c. ClickȱtheȱdesiredȱcategoryȱtoȱwhichȱyouȱwantȱtoȱmoveȱtheȱClient.ȱ 7.1.8 Stepȱ8:ȱConfiguringȱIntrusionȱPreventionȱPolicyȱ 25. TheȱIntrusionȱPreventionȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱ 7.1.8.1 IntrusionȱPreventionȱPolicyȱ TheȱIntrusionȱPreventionȱpolicyȱdeterminesȱtheȱwirelessȱthreatsȱagainstȱwhichȱtheȱsystemȱprotectsȱtheȱnetworkȱautomatically.ȱ TheȱsystemȱautomaticallyȱmovesȱsuchȱthreatȬposingȱAPsȱandȱClientsȱtoȱquarantine.ȱTheȱsystemȱcanȱprotectȱagainstȱmultipleȱ threatsȱsimultaneouslyȱbasedȱonȱtheȱselectedȱIntrusionȱPreventionȱLevel.ȱ IfȱtheȱServerȱquarantinesȱanȱAPȱorȱClientȱbasedȱonȱtheȱIntrusionȱPreventionȱpolicy,ȱtheȱDisableȱAutoȬquarantineȱoptionȱ ensuresȱthatȱtheȱsystemȱwillȱnotȱautomaticallyȱquarantineȱthisȱAPȱorȱClientȱ(regardlessȱofȱtheȱspecifiedȱIntrusionȱPreventionȱ policies).ȱ 72ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 100. Intrusion Prevention Policy Youȱcanȱenableȱintrusionȱpreventionȱagainstȱtheȱfollowingȱthreats:ȱ x RogueȱAPs:ȱAPsȱthatȱareȱconnectedȱtoȱyourȱnetworkȱbutȱnotȱauthorizedȱbyȱtheȱadministrator;ȱanȱattackerȱcanȱgainȱ accessȱtoȱyourȱnetworkȱthroughȱtheȱRogueȱAPs.ȱYouȱcanȱalsoȱautomaticallyȱquarantineȱUncategorizedȱIndeterminateȱ andȱBannedȱAPsȱconnectedȱtoȱtheȱnetwork.ȱ x MisȬconfiguredȱAPs:ȱAPsȱthatȱareȱauthorizedȱbyȱtheȱadministratorȱbutȱdoȱnotȱconformȱtoȱtheȱsecurityȱpolicy;ȱanȱ attackerȱcanȱgainȱaccessȱtoȱyourȱnetworkȱthroughȱmisconfiguredȱAPs.ȱThisȱcouldȱhappenȱifȱtheȱAPsȱareȱreset,ȱ tamperedȱwith,ȱorȱifȱthereȱisȱaȱchangeȱinȱtheȱsecurityȱpolicy.ȱ x ClientȱMisȬassociation:ȱAuthorizedȱClientsȱthatȱconnectȱtoȱRogueȱorȱExternalȱ(neighboring)ȱAPs;ȱcorporateȱdataȱonȱ theȱAuthorizedȱClientȱisȱunderȱthreatȱdueȱtoȱsuchȱconnections.ȱAirTightȱrecommendsȱthatȱyouȱprovideȱautomaticȱ intrusionȱpreventionȱagainstȱAuthorizedȱClientsȱthatȱconnectȱtoȱExternalȱAPs.ȱ x UnauthorizedȱAssociations:ȱUnauthorizedȱandȱBannedȱClientsȱthatȱconnectȱtoȱAuthorizedȱAPs;ȱanȱattackerȱcanȱgainȱ accessȱtoȱyourȱnetworkȱthroughȱAuthorizedȱAPsȱifȱtheȱsecurityȱmechanismsȱareȱweak.ȱUnauthorizedȱorȱ UncategorizedȱClientȱconnectionsȱtoȱanȱAuthorizedȱAPȱusingȱaȱGuestȱSSIDȱareȱnotȱtreatedȱasȱunauthorizedȱ associations.ȱ x AdȱhocȱConnections:ȱPeerȬtoȬpeerȱconnectionsȱbetweenȱClients;ȱcorporateȱdataȱonȱtheȱAuthorizedȱClientȱisȱunderȱ threatȱifȱitȱisȱinvolvedȱinȱanȱadȱhocȱconnection.ȱ x MACȱSpoofing:ȱAnȱAPȱthatȱspoofsȱtheȱwirelessȱMACȱaddressȱofȱanȱAuthorizedȱAP;ȱanȱattackerȱcanȱlaunchȱanȱattackȱ throughȱaȱMACȱspoofingȱAP.ȱ x Honeypot/EvilȱTwinȱAPs:ȱNeighboringȱAPsȱthatȱhaveȱtheȱsameȱSSIDȱasȱanȱAuthorizedȱAP;ȱAuthorizedȱClientsȱcanȱ connectȱtoȱHoneypot/EvilȱTwinȱAPs.ȱCorporateȱdataȱonȱtheseȱAuthorizedȱClientsȱisȱunderȱthreatȱdueȱtoȱsuchȱ connections.ȱ x DenialȱofȱServiceȱ(DoS)ȱAttacks:ȱDoSȱattacksȱdegradeȱtheȱperformanceȱofȱanȱofficialȱWLAN.ȱ x WEPGuardȱTM:ȱActiveȱWEPȱcrackingȱtoolsȱallowȱattackersȱtoȱcrackȱtheȱWEPȱkeyȱandȱgainȱaccessȱtoȱconfidentialȱdataȱ inȱaȱmatterȱofȱminutesȱorȱevenȱseconds.ȱCompromisedȱWEPȱkeysȱareȱusedȱtoȱgainȱentryȱintoȱtheȱauthorizedȱWLANȱ byȱspoofingȱtheȱMACȱaddressȱofȱanȱinactiveȱAuthorizedȱClient.ȱ 73 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® SettingȱupȱtheȱServerȱConsoleȱ 7.1.8.2 IntrusionȱPreventionȱLevelȱ Theȱsystemȱcanȱpreventȱanyȱunwantedȱcommunicationȱinȱyourȱ802.11ȱnetwork.ȱItȱprovidesȱyouȱvariousȱlevelsȱofȱpreventionȬ blockingȱmechanismsȱofȱvaryingȱeffectiveness.ȱIntrusionȱPreventionȱLevelȱenablesȱyouȱtoȱspecifyȱaȱtradeȬoffȱbetweenȱtheȱ desiredȱlevelȱofȱpreventionȱandȱtheȱdesiredȱnumberȱofȱmultipleȱsimultaneousȱpreventionsȱacrossȱradioȱchannels.ȱ Theȱgreaterȱtheȱnumberȱofȱchannelsȱacrossȱwhichȱsimultaneousȱpreventionȱisȱdesired,ȱtheȱlesserȱisȱtheȱeffectivenessȱofȱ preventionȱinȱinhibitingȱunwantedȱcommunication.ȱScanningȱforȱnewȱdevicesȱcontinuesȱregardlessȱofȱtheȱchosenȱpreventionȱ level.ȱ ȱ Figure 101. Intrusion Prevention Level Youȱcanȱselectȱtheȱfollowingȱpreventionȱlevels:ȱ x Block:ȱAȱsingleȱSensorȱcanȱblockȱunwantedȱcommunicationȱonȱanyȱoneȱchannelȱinȱtheȱ802.11b/gȱbandȱandȱanyȱoneȱ channelȱinȱtheȱ802.11aȱband.ȱ x Disrupt:ȱAȱsingleȱSensorȱcanȱdisruptȱunwantedȱcommunicationȱonȱanyȱtwoȱchannelsȱinȱtheȱ802.11b/gȱbandȱandȱanyȱ twoȱchannelsȱinȱtheȱ802.11aȱband.ȱ x Interrupt:ȱAȱsingleȱSensorȱcanȱinterruptȱunwantedȱcommunicationȱonȱanyȱthreeȱchannelsȱinȱtheȱ802.11b/gȱbandȱandȱ anyȱthreeȱchannelsȱinȱtheȱ802.11aȱband.ȱ x Degrade:ȱAȱsingleȱSensorȱcanȱdegradeȱtheȱperformanceȱofȱunwantedȱcommunicationȱonȱanyȱfourȱchannelsȱinȱ 802.11b/gȱbandȱandȱanyȱfourȱchannelsȱinȱtheȱ802.11aȱband.ȱ Blockȱisȱtheȱmostȱpowerfulȱpreventionȱlevel,ȱthatȱis,ȱitȱcanȱseverelyȱblockȱalmostȱallȱpopularȱInternetȱapplicationsȱincludingȱ ping,ȱSSH,ȱtelnet,ȱFTP,ȱHTTP,ȱandȱtheȱlike.ȱHowever,ȱatȱthisȱlevel,ȱaȱsingleȱSensorȱcanȱsimultaneouslyȱpreventȱunwantedȱ communicationȱonȱonlyȱoneȱchannelȱinȱtheȱ802.11b/gȱbandȱandȱoneȱchannelȱinȱtheȱ802.11aȱband.ȱIfȱyouȱwantȱtheȱSensorȱtoȱ preventȱunwantedȱcommunicationȱonȱmultipleȱchannelsȱsimultaneouslyȱinȱtheȱ802.11ȱb/gȱand/orȱtheȱ802.11aȱband,ȱyouȱmustȱ selectȱotherȱpreventionȱlevels.ȱ 74ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ SettingȱupȱtheȱServerȱConsoleȱ Note:ȱPreventionȱTypeȱdeterminesȱtheȱblockingȱstrengthȱtoȱpreventȱcommunicationȱfromȱunwantedȱAPsȱandȱClients.ȱTheȱsystemȱcanȱ preventȱmultipleȱAPsȱandȱClientsȱonȱeachȱchannel.ȱPreventionȱTypeȱisȱnotȱapplicableȱforȱDenialȱofȱServiceȱ(DoS)ȱattacksȱorȱadȱhocȱ networks.ȱYouȱmustȱselectȱaȱlowerȱblockingȱlevelȱtoȱpreventȱdevicesȱonȱmoreȱchannels.ȱChoosingȱaȱlowerȱblockingȱlevelȱmeansȱthatȱsomeȱ packetsȱfromȱtheȱblockedȱdeviceȱmayȱgoȱthrough.ȱ 7.1.9 Stepȱ9:ȱConfiguringȱEventsȱandȱReportsȱ 26. TheȱEventȱConfigurationȱfunctionȱscreenȱofȱtheȱEventȱSettingsȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱ 7.1.9.1 Securityȱ Securityȱenablesȱyouȱtoȱviewȱeventsȱrelatedȱtoȱsecurityȱandȱthatȱposeȱaȱthreatȱtoȱyourȱnetwork.ȱ ȱ Figure 102. Event Configuration – Security Securityȱisȱfurtherȱdividedȱintoȱtheȱfollowing:ȱ x RogueȱAPȱ x MisȬConfiguredȱAPȱ x MisbehavingȱClientsȱ x Preventionȱ x DoSȱ x AdȱhocȱNetworkȱ x ManȬinȬtheȬMiddleȱ x MACȱSpoofingȱ x Reconnaissanceȱ x Systemȱ 7.1.9.2 Monitoringȱ Monitoringȱenablesȱyouȱtoȱviewȱeventsȱrelatedȱtoȱtheȱmonitoringȱofȱyourȱnetworkȱandȱthatȱareȱinformationalȱinȱnature.ȱ 75 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 103. Event Configuration – Monitoring Monitoringȱisȱfurtherȱdividedȱintoȱtheȱfollowing:ȱ x APȱ x Clientȱ x Sensorȱ x Serverȱ x Trafficȱ x Troubleshootingȱ OnceȱyouȱselectȱanyȱofȱtheȱaboveȱcategoriesȱandȱsubȬcategories,ȱaȱlistȱofȱrelatedȱeventsȱappears.ȱ Theȱeventsȱlistȱdisplaysȱtheȱfollowingȱcolumns:ȱ x Display:ȱSelectȱtheȱcheckboxesȱthatȱcorrespondȱtoȱtheȱtypesȱofȱeventsȱthatȱyouȱwantȱtoȱappearȱinȱtheȱmainȱEventsȱ screen.ȱ x EȬmail:ȱSelectȱtheȱcheckboxesȱthatȱcorrespondȱtoȱtheȱtypesȱofȱeventsȱforȱwhichȱyouȱwantȱemailsȱnotificationsȱsentȱtoȱ allȱusersȱwhoseȱemailȱaddressesȱyouȱhaveȱconfiguredȱinȱtheȱAdministrationÆEventȱSettingsÆEmailȱNotification.ȱ x Notify:ȱSelectȱtheȱcheckboxesȱthatȱcorrespondȱtoȱtheȱtypesȱofȱeventsȱforȱwhichȱyouȱwantȱnotificationsȱsentȱtoȱexternalȱ agentsȱsuchȱasȱSNMP,ȱSyslog,ȱArcSight,ȱandȱOPSEC.ȱ x Vulnerability:ȱSelectȱcheckboxesȱtoȱindicateȱwhichȱeventsȱmakeȱtheȱsystemȱVulnerable.ȱTheȱSecurityȱScorecardȱ showsȱVulnerableȱstatusȱifȱanyȱeventsȱofȱtheȱselectedȱtypeȱoccur.ȱ x Severity:ȱSelectȱtheȱseverityȱofȱeachȱeventȱasȱHigh,ȱMedium,ȱorȱLow.ȱThisȱfunctionȱhelpsȱyouȱtoȱorganizeȱeventsȱinȱ theȱmostȱusefulȱway.ȱ x Event:ȱProvidesȱaȱshortȱdescriptionȱofȱeachȱevent.ȱ x x Click…:ȱȱClickȱ ȱtoȱviewȱaȱdetailedȱdescriptionȱofȱtheȱcorrespondingȱeventȱcategory.ȱ AdvancedȱSettings:ȱClickȱ<Edit>ȱtoȱopenȱtheȱEventȱAdvancedȱSettingsȱdialogȱandȱchangeȱtheȱconfigurationȱ parametersȱofȱtheȱcorrespondingȱeventȱcategory.ȱ<Edit>ȱisȱdisabledȱwhenȱtheȱeventȱhasȱnoȱconfigurationȱparameters.ȱ Note:ȱTheȱparametersȱinȱtheȱEventȱAdvancedȱSettingsȱdialogȱchangesȱaccordingȱtoȱtheȱsettingsȱforȱtheȱselectedȱevent.ȱ 76ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 104. Event Advanced Settings 27. TheȱEmailȱNotificationȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱTheȱEmailȱNotificationȱnodeȱenablesȱyouȱtoȱ selectȱtheȱemailȱaddressesȱthatȱshouldȱbeȱnotifiedȱwhenȱanȱeventȱoccursȱatȱaȱparticularȱlocation.ȱYouȱcanȱselectȱfromȱtheȱ emailȱaddressesȱofȱsystemȱusersȱorȱaddȱaȱcustomȱemailȱaddress.ȱ ȱ Figure 105. Email Notification Clickȱ<Add>toȱopenȱCustomȱEmailȱAddressȱforȱNotificationȱdialogȱwhereȱyouȱcanȱaddȱaȱnewȱemailȱaddress.ȱ 77 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 106. Email Configuration Dialog Clickȱ<OK>ȱtoȱaddȱtheȱnewȱemailȱaddress.ȱ Selectȱanȱemailȱaddressȱandȱclickȱ<Delete>ȱtoȱdeleteȱanȱexistingȱemailȱaddress.ȱYouȱcanȱdeleteȱmultipleȱemailȱaddressesȱusingȱ clickȬandȬdragȱorȱusingȱtheȱ<Shift>ȱ+ȱ<DownȱArrow>ȱkeysȱandȱthenȱclickingȱ<Delete>.ȱ 28. TheȱReportsȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱTheȱsystemȱenablesȱyouȱtoȱuseȱreportsȱgeneratedȱbyȱtheȱ systemȱandȱcreateȱcustomȱreports.ȱYouȱcanȱscheduleȱemailȱdeliveryȱofȱaȱSharedȱreport.ȱYouȱcanȱselectȱoneȱtimeȱdeliveryȱorȱ recurringȱdelivery.ȱ ȱ Figure 107. 7.1.9.3 Reports Screen AddingȱaȱReportȱ Theȱsystemȱenablesȱyouȱtoȱdefineȱcustomizedȱreportsȱsoȱthatȱyouȱcanȱviewȱpreciseȱdetailsȱthatȱyouȱrequire.ȱUseȱtheȱfollowingȱ stepsȱtoȱaddȱaȱreport:ȱ a. SelectȱtheȱtabȱMyȱReports.ȱ b. UnderȱListȱofȱReports,ȱclickȱ<AddȱReport>.ȱ 78ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 108. c. d. e. f. g. h. Report Details Screen OnȱtheȱReportȱDetailsȱdialog,ȱunderȱReportȱName,ȱenterȱaȱunique,ȱuserȬfriendlyȱnameȱforȱtheȱreport.ȱ UnderȱReportȱDescription,ȱenterȱbriefȱnotesȱtoȱhelpȱidentifyȱtheȱreport.ȱ ClickȱUseȱdefaultȱlookȱandȱfeel,ȱtoȱretainȱtheȱdefaultȱtext,ȱtitle,ȱandȱcolorsȱforȱtheȱreports.ȱ Alternatively,ȱclickȱCustomizeȱlookȱandȱfeel,ȱtoȱcustomizeȱtheȱappearanceȱofȱtheȱreport.ȱ SelectȱtheȱReportȱHeaderȱtab.ȱ x UnderȱReportȱHeader,ȱspecifyȱtheȱfollowingȱparametersȱtoȱbeȱcustomizedȱinȱtheȱgeneratedȱreport:ȱ ¾ TitleȱText:ȱSpecifyȱtheȱtextȱthatȱshouldȱappearȱinȱtheȱheaderȱonȱtheȱleftȱside.ȱ ¾ TextȱonȱRight:ȱSpecifyȱtheȱtextȱthatȱshouldȱappearȱinȱtheȱheaderȱonȱtheȱrightȱside.ȱ ¾ Clickȱ<Pick…>ȱandȱselectȱtheȱForegroundȱandȱBackgroundȱcolorsȱforȱtheȱReportȱHeader.ȱ x UnderȱReportȱTitle,ȱspecifyȱtheȱfollowingȱparametersȱtoȱbeȱcustomizedȱinȱtheȱgeneratedȱreport:ȱ ¾ TitleȱText:ȱSpecifyȱaȱtitleȱthatȱappearsȱbelowȱtheȱheaderȱonȱtheȱleftȱside.ȱTheȱReportȱDescriptionȱfollowsȱthisȱtitle.ȱ ¾ Clickȱ<Pick…>ȱandȱselectȱtheȱForegroundȱandȱBackgroundȱcolorsȱforȱtheȱReportȱTitle.ȱ x Selectȱtheȱcheckbox,ȱDisplayȱReportȱGenerationȱInformationȱtoȱviewȱtheȱfollowingȱinformationȱbelowȱtheȱReportȱ Titleȱ ¾ Durationȱforȱwhichȱtheȱreportȱisȱgeneratedȱ ¾ Locationȱforȱwhichȱtheȱreportȱisȱgeneratedȱ ¾ Userȱwhoȱgeneratedȱtheȱreportȱ ¾ Dateȱandȱtimeȱwhenȱtheȱreportȱisȱgeneratedȱ x Selectȱtheȱcheckbox,ȱDisplayȱReportȱDescriptionȱTextȱtoȱviewȱaȱdetailedȱdescriptionȱofȱtheȱreport.ȱ SelectȱtheȱReportȱSummaryȱtab.ȱ 79 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 109. Report Details Screen showing Report Summary Tab x x i. DeȬselectȱtheȱcheckbox,ȱDisplayȱReportȱSummaryȱifȱyouȱdoȱnotȱwishȱtoȱviewȱtheȱReportȱSummaryȱinȱaȱtabularȱform.ȱ Alternatively,ȱselectȱtheȱcheckbox,ȱDisplayȱReportȱSummaryȱtoȱcustomizeȱparametersȱinȱtheȱReportȱSummaryȱtableȱ inȱtheȱgeneratedȱreport.ȱ ¾ SpecifyȱtheȱReportȱSummaryȱTextȱthatȱshouldȱappearȱasȱtheȱReportȱSummaryȱtableȱheading.ȱ ¾ Clickȱ<Pick…>ȱandȱselectȱtheȱForegroundȱandȱBackgroundȱcolorsȱforȱtheȱReportȱSummaryȱtableȱheading.ȱ x UnderȱSummaryȱTable,ȱselectȱtheȱcheckbox,ȱIncludeȱSectionȱwithȱzeroȱresultsȱtoȱviewȱsectionsȱinȱwhichȱtheȱresultȱ countȱisȱzero.ȱ x UnderȱSummaryȱTableȱHeader,ȱclickȱ<Pick…>,ȱselectȱtheȱForeground,ȱandȱBackgroundȱcolorsȱforȱtheȱReportȱ Summaryȱtableȱrowȱheader.ȱ x UnderȱSummaryȱTableȱColumnȱHeaderȱDefinition,ȱselectȱtheȱcheckbox,ȱDisplayȱReportȱSummaryȱTableȱtoȱ customizeȱtheȱfollowingȱcolumnȱnamesȱinȱtheȱReportȱSummaryȱtableȱinȱtheȱgeneratedȱreport.ȱ ¾ SectionȱNameȱ ¾ SectionȱDescriptionȱ ¾ QueryȱTypeȱ ¾ ResultȱCountȱ ¾ Jumpȱtoȱ x UnderȱSummaryȱCharts,ȱselectȱaȱradioȱbuttonȱtoȱviewȱtheȱchartsȱinȱtheȱdesiredȱformat.ȱ SelectȱtheȱReportȱSectionsȱtab.ȱ 80ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 110. Report Details Screen showing Report Sections Tab x j. UnderȱSectionȱTitle,ȱspecifyȱtheȱfollowingȱparametersȱtoȱbeȱcustomizedȱinȱtheȱgeneratedȱreport:ȱ ¾ SectionȱNameȱTitle:ȱSpecifyȱtheȱtextȱthatȱshouldȱappearȱasȱaȱcommonȱheadingȱforȱallȱtheȱSectionȱNames.ȱ ¾ Clickȱ<Pick…>ȱandȱselectȱtheȱForegroundȱandȱBackgroundȱcolorsȱforȱtheȱSectionȱNameȱTitle.ȱ x UnderȱSectionȱHeader,ȱspecifyȱtheȱfollowingȱparametersȱtoȱbeȱcustomizedȱinȱtheȱgeneratedȱreport:ȱ ¾ Clickȱ<Pick…>,ȱselectȱtheȱForeground,ȱandȱBackgroundȱcolorsȱforȱtheȱtableȱrowȱheadersȱinȱtheȱSectionȱSummaryȱ andȱSectionȱResultsȱsections.ȱ ¾ SelectȱDisplayȱSectionȱDescriptionȱtextȱtoȱviewȱaȱbriefȱdescriptionȱforȱeachȱsectionȱofȱtheȱreport.ȱ ¾ SelectȱDisplayȱSectionȱQueryȱtoȱviewȱallȱtheȱconstraintsȱspecifiedȱinȱtheȱdatabaseȱqueryȱforȱthatȱsection.ȱ ¾ SelectȱDisplayȱSectionȱSummaryȱtoȱviewȱaȱgraphicalȱandȱtabularȱatȬaȬglanceȱviewȱofȱtheȱresultsȱofȱtheȱsection.ȱ ¾ SelectȱDisplayȱSectionȱResultsȱtoȱviewȱallȱtheȱentriesȱinȱtheȱdatabaseȱthatȱsatisfyȱtheȱconstraintsȱspecifiedȱbyȱtheȱ sectionȱquery.ȱ SelectȱDisplayȱdetailsȱofȱSectionȱResultsȱtoȱviewȱadditionalȱdetailsȱforȱeachȱentryȱinȱtheȱSectionȱResultsȱ table.ȱ ToȱaddȱtheȱreportȱtoȱtheȱListȱofȱReports,ȱclickȱ<Save>.ȱTheȱnewȱreportȱappearsȱunderȱtheȱListȱofȱReportsȱtable.ȱ 7.1.9.4 AddingȱaȱSectionȱtoȱaȱReportȱ Aȱreportȱconsistsȱofȱoneȱorȱmoreȱsections.ȱEachȱsectionȱisȱaȱqueryȱtoȱtheȱdatabase.ȱTheȱsystemȱthenȱsearchesȱitsȱdatabaseȱforȱ thoseȱrecordsȱthatȱsatisfyȱtheȱconditionsȱthatȱyouȱimpose.ȱUseȱtheȱfollowingȱstepsȱtoȱaddȱaȱsectionȱtoȱaȱreport:ȱ a. FromȱtheȱListȱofȱReportsȱtable,ȱselectȱtheȱreportȱtoȱwhichȱyouȱneedȱtoȱaddȱaȱsection.ȱ b. Clickȱ<AddȱSectionȱtoȱReport>.ȱ ȱ 81 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 111. c. d. e. f. g. h. i. Adding a Section to a Report OnȱtheȱAddȱSectionȱtoȱReportȱdialog,ȱenterȱaȱSectionȱNameȱandȱaȱSectionȱDescriptionȱforȱtheȱnewlyȱaddedȱsection.ȱ SelectȱtheȱcheckboxȱDisplayȱthisȱsectionȱtoȱviewȱthisȱsectionȱinȱtheȱgeneratedȱreport.ȱ UnderȱSectionȱQueryȱType,ȱselectȱDevice,ȱEvent,ȱorȱSAFEȱasȱtheȱqueryȱtype.ȱ SelectȱanyȱcombinationȱofȱtheȱAP,ȱClient,ȱandȱSensorȱcheckboxesȱtoȱincludeȱtheseȱdeviceȱtypesȱinȱtheȱreport.ȱTheseȱ checkboxesȱareȱnotȱavailableȱforȱaȱSAFEȱquery.ȱ DescribeȱtheȱSectionȱQueryȱconstructionȱlogicȱbyȱselectingȱtheȱfollowing:ȱ x AȱcolumnȱfromȱSelectȱColumnȱ x AȱconditionȱfromȱSelectȱConditionȱ x Anȱobjectȱforȱtheȱquery,ȱwhichȱyouȱcanȱselectȱorȱenterȱ Optionally,ȱselectȱoneȱorȱmoreȱBooleanȱconnectorsȱ(ORȱorȱAND)ȱtoȱjoinȱtwoȱorȱmoreȱqueries.ȱClickȱ<Delete>ȱtoȱdeleteȱaȱ query.ȱ UnderȱSelectȱColumnsȱtoȱbeȱdisplayedȱinȱSectionȱResults,ȱdoȱtheȱfollowing.ȱ x Clickȱ<Add>ȱtoȱviewȱaȱlistȱofȱattributesȱandȱselectȱanȱattribute.ȱ x SelectȱtheȱcheckboxȱDisplayȱtoȱviewȱtheȱselectedȱattributeȱinȱtheȱgeneratedȱreport.ȱ x UnderȱSummary,ȱyouȱcanȱchooseȱtoȱdoȱtheȱfollowing:ȱ ¾ SelectȱtheȱtypeȱofȱchartȱfromȱtheȱdropȬdownȱlistȱtoȱviewȱaȱgraphȱforȱtheȱselectedȱattribute.ȱ ¾ SelectȱtheȱcheckboxȱTableȱtoȱviewȱaȱtabulatedȱcountȱforȱtheȱselectedȱattribute.ȱ Note:ȱPieȱchartsȱareȱnotȱvisibleȱinȱanȱHTMLȱreport.ȱYouȱcanȱviewȱpieȱchartsȱonlyȱinȱaȱPDFȱreport.ȱ x x j. Selectȱanȱattributeȱandȱclickȱ<Delete>ȱtoȱdeleteȱthatȱattribute.ȱ Selectȱanȱattributeȱandȱclickȱ<Up>ȱorȱ<Down>ȱtoȱorganizeȱtheȱattributesȱthatȱappearȱasȱcolumnsȱinȱtheȱSectionȱResultsȱ tableȱofȱtheȱgeneratedȱreport.ȱ Toȱsaveȱtheȱsectionȱtoȱanȱexistingȱreport,ȱclickȱ<SaveȱSectionȱtoȱReport>.ȱToȱsaveȱtheȱsectionȱwithȱaȱnewȱname,ȱclickȱ<Saveȱ toȱReportȱasȱNewȱSection>.ȱ 82ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ SettingȱupȱtheȱServerȱConsoleȱ 7.1.9.5 CreatingȱaȱReportȱScheduleȱ Useȱtheȱfollowingȱstepsȱtoȱscheduleȱemailȱdeliveryȱofȱaȱreport:ȱ a. FromȱtheȱListȱofȱReportsȱtable,ȱselectȱtheȱreportȱthatȱyouȱwantȱtoȱschedule.ȱ b. Clickȱ<AddȱSchedule>.ȱTheȱGenerationȱandȱDeliveryȱOptionsȱforȱSelectedȱLocationȱdialogȱappears.ȱ ȱ ȱ Figure 112. c. Scheduling a Report for One Time Delivery FromȱtheȱFormatȱdropȬdownȱlist,ȱselectȱtheȱoutputȱtypeȱforȱtheȱreport,ȱthatȱis,ȱHTML,ȱXML,ȱorȱPDF.ȱ Note:ȱTheȱsystemȱdoesȱnotȱsupportȱPDFȱreportȱgenerationȱonȱolderȱversionsȱofȱIEȱ(versionsȱlowerȱthanȱ7.0).ȱ d. SelectȱeitherȱOneȱTimeȱGenerationȱorȱRecurringȱGeneration.ȱ x ToȱscheduleȱaȱreportȱforȱOneȱTimeȱGeneration,ȱperformȱtheȱfollowing:ȱ ȱtoȱspecifyȱtheȱdateȱandȱtheȱtimeȱonȱwhichȱtoȱgenerateȱtheȱ ¾ UnderȱScheduleȱReport,ȱclickȱtheȱcalendarȱiconȱ report.ȱ ¾ UnderȱReportȱTimeȱPeriod,ȱcustomizeȱtheȱdurationȱforȱwhichȱtheȱreportȱshouldȱbeȱgeneratedȱbyȱdoingȱeitherȱofȱ theȱfollowing:ȱ SelectȱLastȱandȱthenȱtheȱnumberȱofȱhours,ȱdays,ȱorȱmonthsȱbeforeȱtheȱreportȱdeliveryȱtime.ȱ SelectȱCustomizeȱandȱthenȱtheȱexactȱdateȱandȱtimeȱinȱFromȱDateȱandȱToȱDateȱfields.ȱ 83 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 113. Scheduling a Report for Recurring Generation x e. f. ToȱscheduleȱaȱreportȱforȱRecurringȱGeneration,ȱperformȱtheȱfollowing:ȱ ¾ UnderȱScheduleȱReport,ȱfromȱtheȱGenerateȱReportȱEveryȱdropȬdownȱlist,ȱselectȱtheȱnumberȱofȱhours,ȱdays,ȱorȱ monthsȱoverȱwhichȱtoȱdeliverȱtheȱreport.ȱ ¾ ClickȱtheȱcalendarȱiconȱnextȱtoȱStartȱDateȱtoȱselectȱtheȱstartȱdateȱandȱtimeȱforȱtheȱreport.ȱ ¾ ClickȱtheȱcalendarȱiconȱnextȱtoȱEndȱDateȱtoȱselectȱtheȱendȱdateȱandȱtimeȱforȱtheȱreport.ȱTheȱEndȱDateȱmustȱbeȱ greaterȱthanȱtheȱStartȱDate.ȱTheȱsystemȱautomaticallyȱselectsȱtheȱEndȱDateȱandȱTimeȱfromȱtheȱStartȱDate.ȱ ¾ UnderȱReportȱTimeȱPeriod,ȱcustomizeȱtheȱdurationȱforȱwhichȱtheȱreportȱshouldȱbeȱgeneratedȱbyȱselectingȱLastȱ andȱthenȱtheȱnumberȱofȱhours,ȱdays,ȱorȱmonthsȱbeforeȱtheȱreportȱdeliveryȱtime.ȱ UnderȱDeliveryȱOptions,ȱperformȱtheȱfollowing:ȱ x SelectȱArchiveȱReportȱandȱthenȱchooseȱtheȱfollowing:ȱ ¾ NeverȱDeleteȱtoȱretainȱtheȱreportȱforeverȱ ¾ Deleteȱafterȱ‘n’ȱdaysȱtoȱdeleteȱtheȱreportȱafterȱtheȱspecifiedȱnumberȱofȱdaysȱ x SelectȱEmailȱReportȱtoȱemailȱaȱcopyȱofȱtheȱreportȱtoȱtheȱselectedȱuser(s).ȱ ¾ SelectȱZipȱbeforeȱemailȱtoȱcompressȱtheȱreportȱbeforeȱemailingȱit.ȱ Clickȱ<AddȱRecipients>ȱtoȱopenȱReportȱDeliveryȱdialog.ȱHere,ȱyouȱcanȱdoȱtheȱfollowing:ȱ x SelectȱoneȱorȱmoreȱemailȱaddressesȱunderȱSystemȱUsersȱandȱthenȱclickÆȱtoȱmoveȱtheȱchosenȱemailȱaddress(s)ȱtoȱ Recipients.ȱTheȱsystemȱdeliversȱscheduledȱreportsȱtoȱtheȱusersȱunderȱRecipients.ȱ x Clickȱ<Add>ȱtoȱopenȱAdditionalȱEmailȱAddressesȱdialogȱwhereȱyouȱcanȱspecifyȱaȱcustomȱemailȱaddressȱforȱaȱnonȬ systemȱuserȱwhoȱwillȱreceiveȱaȱscheduledȱreport.ȱInȱthisȱdialog,ȱyouȱcanȱaddȱmultipleȱemailȱaddressesȱoneȱatȱaȱtime.ȱ 84ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 114. g. h. i. Specifying Additional Email Addresses for Report Delivery Clickȱ<OK>ȱtoȱcloseȱtheȱAdditionalȱEmailȱAddressesȱdialog.ȱ Clickȱ<OK>ȱtoȱcloseȱtheȱReportȱDeliveryȱdialog.ȱ Toȱscheduleȱtheȱreport,ȱclickȱ<Save>.ȱ 7.1.10 Stepȱ10:ȱCalibratingȱLocationȱTrackingȱ 29. TheȱLocationsȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱCalibrateȱyourȱsystemȱforȱaccurateȱlocationȱtracking.ȱ ȱ Figure 115. Locations Screen – Calibration 85 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® SettingȱupȱtheȱServerȱConsoleȱ CalibrationȱhelpsȱinȱtuningȱRFȱparametersȱusedȱbyȱtheȱsystemȱtoȱcompareȱtheȱAPȱandȱSensorȱpredictionsȱtoȱactualȱ observations.ȱTheȱsystemȱhasȱaȱrobustȱcalibrationȱtechniqueȱthatȱalsoȱallowsȱmanualȱinterventionȱinȱcaseȱofȱdiscrepancy.ȱUseȱ theȱfollowingȱstepsȱtoȱcalibrateȱRFȱviews:ȱ a. Placeȱdevicesȱonȱtheȱfloormap.ȱ b. SelectȱtheȱViewerȱtab.ȱ c. SelectȱoneȱofȱtheȱAPȱorȱSensorȱviews.ȱ d. GenerateȱtheȱdesiredȱRFȱCoverageȱmapȱbyȱclickingȱ<Calibration>.ȱ e. Toȱimproveȱpredictions,ȱfineȬtuneȱtheȱMin.ȱSignalȱDecayȱConstantȱandȱtheȱMax.ȱSignalȱDecayȱConstant.ȱ Note:ȱMin.ȱSignalȱDecayȱConstantȱspecifiesȱtheȱamountȱofȱsignalȱlossȱthatȱisȱacceptableȱforȱregionsȱcloseȱtoȱtheȱtransmitterȱ(Sensor).ȱ Max.ȱSignalȱDecayȱConstantȱspecifiesȱtheȱamountȱofȱsignalȱlossȱthatȱisȱacceptableȱforȱregionsȱawayȱfromȱtheȱtransmitter.ȱSignalȱlossȱisȱ directlyȱproportionalȱtoȱtheȱsignalȱdecayȱconstants.ȱ f. ChangeȱtheȱvaluesȱofȱtheȱSignalȱDecayȱSlopeȱ(Beta)ȱandȱtheȱSignalȱDecayȱInflectionȱ(Alpha).ȱTheȱsystemȱusesȱtheseȱ parametersȱwhenȱcomputingȱtheȱRFȱandȱdefinesȱtheȱregionȱaroundȱtheȱtransmitterȱthatȱisȱunobstructed.ȱ Note:ȱWhenȱyouȱchangeȱtheȱvaluesȱofȱMin.ȱSignalȱDecayȱConstant,ȱMax.ȱSignalȱDecayȱConstant,ȱSignalȱDecayȱSlopeȱ(Beta),ȱandȱ SignalȱDecayȱInflectionȱ(Alpha)ȱtheȱRFȱviewȱandȱLocationȱTrackingȱforȱunobstructedȱregionsȱisȱaffected.ȱInȱtheȱobstructedȱregions,ȱonlyȱ LocationȱTrackingȱisȱaffected,ȱRFȱviewȱisȱnotȱaffected.ȱ g. Clickȱ<UpdateȱGraph>ȱtoȱviewȱyourȱselectionȱagainstȱtheȱpredictedȱvalues.ȱ Important:ȱTheȱPredictedȱvalueȱcurveȱshouldȱoverlapȱtheȱObservedȱvalueȱcurveȱasȱmuchȱasȱpossible.ȱ h. i. Clickȱ<Calibrate>ȱtoȱcompleteȱcalibrationȱifȱyouȱhaveȱadjustedȱtheȱparametersȱmanuallyȱsuchȱthatȱtheȱtwoȱcurvesȱareȱ parallelȱ(butȱnotȱcoinciding).ȱ Clickȱ<Apply>ȱtoȱcommitȱyourȱchanges.ȱ ȱ Figure 116. RF Calibration Dialog 86ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ SettingȱupȱtheȱServerȱConsoleȱ 7.1.11 Stepȱ11:ȱLockingȱtheȱSystemȱConfigurationȱ 30. TheȱEventȱActivationȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱIfȱtheȱsystemȱconfigurationȱisȱnotȱconfirmed,ȱyouȱ needȱtoȱgoȱbackȱtoȱtheȱpreviousȱstepsȱandȱcompleteȱanyȱadditionalȱconfiguration.ȱOtherwise,ȱinȱthisȱstep,ȱyouȱcanȱturnȱonȱ events.ȱTheȱsystemȱwillȱbecomeȱcompletelyȱoperationalȱafterȱactivatingȱintrusionȱprevention.ȱ ȱ Figure 117. Event Activation 31. TheȱIntrusionȱPreventionȱActivationȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱIfȱtheȱsystemȱconfigurationȱisȱnotȱ confirmed,ȱyouȱneedȱtoȱgoȱbackȱtoȱtheȱpreviousȱstepsȱandȱcompleteȱanyȱadditionalȱconfiguration.ȱOtherwise,ȱinȱthisȱstep,ȱ youȱcanȱturnȱonȱintrusionȱprevention.ȱThisȱmakesȱtheȱsystemȱoperational.ȱ 87 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 118. Intrusion Prevention Activation 32. TheȱDeviceȱListȱLockingȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱIfȱyouȱhadȱpreviouslyȱunlockedȱtheȱlistȱofȱ AuthorizedȱAPsȱandȱClientsȱatȱaȱlocationȱbyȱdeȬcheckingȱtheȱtwoȱcheckboxesȱLockȱAPȱListȱforȱlocationȱ‘<selectedȱ location’>ȱandȱLockȱClientȱListȱforȱlocationȱ‘<selectedȱlocation’>,ȱyouȱmayȱlockȱtheȱlistsȱforȱallȱlocationsȱwhereȱyouȱdoȱ notȱexpectȱmoreȱauthorizedȱAPsȱorȱClientsȱtoȱbeȱadded.ȱAirTightȱrecommendsȱthatȱyouȱlockȱtheȱAPȱlist.ȱIfȱyourȱClientsȱareȱ authorizedȱautomatically,ȱdoȱnotȱlockȱtheȱClientȱlists.ȱAnyȱnewȱdeviceȱaddedȱafterȱtheȱlistȱisȱlockedȱhasȱtoȱbeȱmanuallyȱ movedȱtoȱtheȱAuthorizedȱcategory.ȱ 88ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 119. Device List Locking 7.1.12 Stepȱ12:ȱCompletionȱofȱSetupȱWizardȱ 33. Thisȱmarksȱtheȱcompletionȱofȱtheȱsetupȱwizard.ȱTheȱDashboardȱscreenȱappearsȱasȱshownȱinȱtheȱfollowingȱfigure.ȱTheȱ Serverȱisȱconfiguredȱtoȱprotectȱyourȱnetworkȱagainstȱwirelessȱthreats.ȱ 89 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® SettingȱupȱtheȱServerȱConsoleȱ ȱ Figure 120. Dashboard Screen 90ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ ConfigȱShellȱCommandsȱ Chapterȱ8 8.1 ConfigȱShellȱCommandsȱ ServerȱConfigȱShellȱCommandsȱ ThisȱchapterȱdescribesȱtheȱcommandsȱinȱtheȱServerȱConfigȱShellȱusedȱtoȱreconfigureȱorȱmaintainȱtheȱServerȱafterȱrunningȱtheȱ ServerȱConfigurationȱWizard.ȱSomeȱcommandsȱdisplayȱtheȱstatusȱofȱtheȱServer.ȱ Database Commands Command Description db backup Backs up the database to the Remote Server specified by you db clean Resource clean-up without disruption of services db maintain Resource clean-up after temporary shutting down of services db reset Resets the database to factory defaults but maintains network settings db restore Restores the database from a previous backup on a Remote Server ȱ get Commands Command Description get allowed ip Displays the list of IP addresses or subnets that are allowed to access this device get cert Generates a self-signed certificate get certreq Generates a Certificate Signing Request (CSR) get date Displays the current time zone, date, and time on the Server get debug Creates a debug information ‘tarball’ file; this file can be used for debugging purposes get ha Displays High Availability (HA) Cluster configuration and service status get ha help Displays detailed High Availability (HA) setup help get interface Displays the Network and HA Interface speed and mode get locationinfo Extracts information about location hierarchy, imported images, and signal strength for all devices seen by Sensor get log config Displays the configuration of the logger get monitoring Displays the number of days that the system should keep the data for all performance monitoring charts get network Displays the Network Interface (eth0) configuration including the IP Address, Subnet mask, Gateway, DNS Address, and DNS Prefix get opsec log Displays the log messages generated by OPSEC API get route Displays the routing table 91 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® ConfigȱShellȱCommandsȱ get sensor list Displays a list of Sensors and NDs get server config Displays the complete Server configuration which includes the Server ID, Server Version, Server Build, MAC address of the Network and HA Interface, Server Mode, Server Time Zone, Date and Time Settings, WLSE Integration Settings, Settings of Network Interfaces, and Server Processes get server check Runs a Server consistency check and display the results. If any fatal item fails, a failure result is recorded get serverid Displays the Server ID get ssh Displays the status of the SSH Server get status Displays the status of Server processes get support Displays settings that control how, when, where, and what support information is to be sent get version Displays the version and build information of all the Server components ȱ 92ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ ConfigȱShellȱCommandsȱ set Commands Command Description set allowed ip Sets the list of IP addresses or subnets that are allowed to access this device set cert Installs a signed SSL certificate issued for the request generated using 'get certreq' set date Sets the current time zone, date, and time information on the Server; the Server needs to be rebooted for the date/time information to take effect set dbserver Starts/Stops the Database Server set erase Configures the backspace key set ha Enables or disables High Availability (HA) service set interface Sets the Network and HA Interface speed and mode set log config Sets the configuration of the logger set monitoring Sets the number of days that the system should keep the data for all performance monitoring charts set network Sets the Network Interface (eth0) configuration including the IP Address, Subnet mask, Gateway, DNS Address, and DNS Prefix set route Allows addition/deletion of routing table entries set server Starts/Stops the Application Server set serverid Sets the Server ID set ssh Starts/Stops the SSH access to the Server set support Sets up how, when, where, and what support information is to be sent set webserver Starts/Stops the Web Server ȱ 93 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® ConfigȱShellȱCommandsȱ Other Commands Command Description exit Exits the config shell session help Displays help for all the commands passwd Allows the admin to change the config shell password ping<Hostname/IP Address> Pings a host reboot Reboots the Server reset factory Resets the Server to the factory defaults/out of the box status reset password gui Sets the Graphical User Interface (GUI) password for the user ‘admin’ to the factory default ‘admin’ shutdown Shuts down the Server gracefully traceroute Shows the route to a host upgrade Upgrades the Server using the specified upgrade bundle from an HTTP location ȱ 94ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ ConfigȱShellȱCommandsȱ ȱ 8.2 SensorȱConfigȱShellȱCommandsȱ get Commands Command Description get ap Displays all the currently visible APs get interface Displays Network Interface speed and mode get ip config Displays the IP information get log Displays the log information as it is created get log config Displays the configuration of the logger get mode Displays the mode in which the Sensor is currently configured get rf Displays if RF monitoring for a Sensor is ‘ON’ or ‘OFF’ get serial num Displays the Board Number get server discovery Displays the Server discovery/setting information get status Displays the current running status of all the components get version Displays the version and build information of all the components get vlan config Displays the VLAN information (set info and dynamic info) get vlan id Displays the VLAN IDs seen by the ND get vlan status Displays the VLAN status information get model Displays the Sensor Model ȱ set Commands Command Description set erase Sets the erase character to ^H set interface Sets Network Interface speed and mode set ip config Runs through the current VLAN and IP config wizard set server discovery Sets the Server discovery information set vlan config Sets multiple VLAN monitoring to ‘ON’ or ‘OFF’ set mode Sets the mode to Sensor, Sensor/ Network Detector Combo, Network Detector, or Sentry ȱ 95 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® ConfigȱShellȱCommandsȱ Other Commands Command Description exit Exists the Sensor config Shell session help Displays help for all commands help set Displays help for ‘set’ commands help get Displays help for ‘get’ commands help other Displays help for ‘other’ commands passwd Changes the config Shell password ping Pings a host. Usage: ping <IP_address/host_name> e.g. ping 192.168.1.246 reboot Reboots the Sensor restart Restarts the Sensor application reset factory Resets the Sensor to ‘out of the box’ status upgrade Upgrades the Sensor manually from a given IP address ȱ ȱ 96ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ Troubleshootingȱ Chapterȱ9 9.1 Troubleshootingȱ ServerȱTroubleshootingȱ ȱ Problem After changing the IP address of the Server, the computer used to configure the Server gets disconnected. On typing ‘https:// wifisecurity-server’ in the IE 5.5 browser, the ‘Login’ screen does not appear even after adding a DNS entry ‘wifi-security-server’ for the Server. Solution The subnet mask of the computer used to configure the Server may not be the same as that of the Server. Change the subnet mask of the computer so that it is in the same subnet as the Server. The Default gateway and Preferred DNS Server settings of the computer used to access the Server Console may be incorrect. Ensure that the Default gateway and Preferred DNS Server settings of the computer used to access the Server Console match the Server settings. On rebooting the Server, the get network command does not show an IP address. The IP address that you have assigned to the Server conflicts with some other IP address on the network. Change the IP address of the Server using the set network command. No Sensors connect to the Server after setting the Server ID. The Server ID used by the Server may be used by another Server on the network. Verify that no other Server with the Server ID set for the Server is running on the network. Change the Server ID using the set serverid command. No connection to the Server Check if the Server is powered on. If the Server is not powered on, switch it on. Else, check the IP Address or the DNS Name on the Server Config Shell. Important: Please ensure that you have used the correct IP Address or the DNS name to connect to the Server. If the IP Address or the DNS name is correct, try pinging other computers on the network from the Server Config Shell interface. If the problem still exits, reset the Server and attempt to reconnect to the Server. The Console reports “Java Runtime Environment Detection” not installed message. Follow the instructions provided on the Console to install the Java Runtime Environment. Unable to log into the Console. If you are logging in for the first time, refer to the Initializing section for the default Login Name and Password. Try recovering the password using the Recover option in the Forgot Password? section of the Login Screen. The Console has frozen (Clicks do not work). Close the browser and try connecting to the Server in another window. If you cannot connect to the Server, follow the steps listed in Problem 1 of this table. 97 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® Troubleshootingȱ No events are being reported or the device status is stale (not updated). Check the status of the Server on the Administration screen. If the Current Status field shows or , click the Start Server button in the Server Status section. Check the status of the Server on the Administration screen. No Sensor is connected to the Server. If the Current Status field shows or , click the Start Sever button in the Server Status section. If the Current Status field shows , refer to the Sensors Troubleshooting section for the solution. Server response time is high. Restart the Console. If the problem persists, run the db clean command from the Server Config Shell. ȱ 98ȱ SpectraGuard®ȱEnterpriseȱInstallationȱGuideȱ Troubleshootingȱ ȱ 9.2 SensorȱTroubleshootingȱ ȱ ȱ Symptoms Diagnosis Solution LED1: Solid Orange LED2: Fast Blink The Sensor did not receive a valid IP address via the DHCP. The DHCP Server is unreachable. Restore the connectivity to the DHCP Server or set a static IP address via the HTTP interface or the Config Shell CLI. LED1: Solid Orange LED2: Slow Blink Unable to connect to the Server. Ensure that the Server is running and is reachable from the network to which the Sensor is attached. If there is a firewall or a router with ACLs enabled between the Sensor and the Server, ensure that the traffic is allowed on UDP port 3851. If utilizing the Server ID based discovery, ensure that multicast is enabled on the network. Alternatively, if utilizing the Server IP based discovery, ensure that the DNS name ‘wifi-securityserver’ has been correctly entered on the DNS Server. Also ensure that the DNS Server IP addresses are either correctly configured on the Sensor, or are provided by the DHCP Server. LED1: Solid Orange LED2: Solid Green The Ethernet cable is loose. It is probably disconnected from the network. Ensure that the Ethernet cable is connected. An error on the 802.11 interface has occurred. Contact [email protected] for more details. A fatal Software error has occurred. Contact [email protected] for more details. LED1: Solid Orange LED3: Solid Green LED1: Solid Orange LED4: Solid Green 99 SpectraGuard ȱEnterpriseȱInstallationȱGuideȱ ® ">
Advertisement
Key features
- Wireless Vulnerability Management
- Intrusion Prevention
- Server and Sensor Installation
- Network Security
- Threat Detection and Mitigation
- Wireless Security
- Wireless Access Management
- Real-time Threat Intelligence
Frequently asked questions
You can access the wizard using SSH or a serial cable.
To launch the System Console, you need a web browser and a supported operating system.
To connect the server, you need to mount it, power it up, and connect it to the network.
You can activate the license from the System Console.
You can connect the sensor by mounting it and connecting it to the server.