advertisement
Using Novell Security Manager
Use Upstream HTTP Proxy
In this window you can define the connection to an Upstream Proxy
Server. This function is required if you can only connect through such an Upstream Proxy to HTTP and
HTTPS ports.
Defining an Upstream Proxy Server:
1. Open the Up2Date Service menu in the System tab.
2. Click Enable next to Status to enable the function and make the following settings:
Proxy IP Address: Enter the IP address of the Upstream Proxy server into the entry field.
Proxy TCP Port: Enter the port number of the Upstream Proxy server into the entry field.
3. Save the settings by clicking Save.
4. If an authentication is required for accessing the Upstream Proxy
Server, enable the Use Authentication function and make the following settings:
Username: Enter a username in the entry field.
Password: Enter the password in this entry field.
5. Save the settings by clicking Save.
4.1.4. Backup
The Backup function allows you to save the settings of your Security
Manager to a file on a local disk.
This backup file allows you to install a known-good configuration on a new or misconfigured Security Manager.
This is especially useful in case of hardware failure, as it means replacement systems can be up and running within minutes.
45
Using Novell Security Manager
Attention:
Install the License Key in the Licensing menu before loading the backup.
Without the appropriate license, the system will only support three network cards – under certain circumstances, this can lead to WebAdmin not being reachable.
Note:
After every system change, be sure to make a backup. This will ensure that the most current Security Manager settings are always available.
Make sure that backups are kept securely, as the backup contains all of the configuration options, including certificates and keys.
After generating a backup file, you should always check it for readability. It is also a good idea to use an external MD5 program to generate checksums: this will allow you to check the integrity of the backup later.
Restore a Backup
This window allows you to install the backup file of the configuration.
Loading a Backup:
1. Open the Backup menu in the System tab.
2. In the Restore a Backup window next to the Upload Backup File entry field, click on the Browse button.
3. In the File Upload window, choose the Backup file, you would like to load and click on the Open button.
Note:
When using Microsoft Windows, make sure not to use a UNC Path for loading the backup. Select the Backup file with the help of the Look
in selection window.
4. Click on the Start button.
If, during the generation of the backup file, the Encryption function was enabled, the Enter Passphrase window will open.
5. In the Passphrase field, enter the password.
6. Confirm your settings by clicking Start.
Novell Security Manager will now load and check the backup file. If the ckecksums are correct, you will now receive the Backup
Information.
7. Check the Backup Information.
46
Using Novell Security Manager
8. To import the backed-up settings into the active system, click the
Start button.
When the message Backup has been restored successfully appears, the process has completed successfully.
Create a Backup
This window allows you to create and archive a backup file of the configuration of your Security Manager.
Manually Creating a Backup:
1. Open the Backup menu in the System tab.
2. In the Create a Backup window, in the Comment field, enter a description of this backup.
When restoring system backups, this description will be displayed to help distinguish between different configurations.
Important Note:
If the Encryption function has been enabled, the backup file will be encrypted with either the DES or 3DES algorithms, and can only be read or loaded using the correct password.
3. To generate the backup file, click the Start button.
The system will now generate a backup file. When the message
Backup has been created successfully appears, the process has completed successfully.
4. To copy the backup file to your local PC, click the Save button.
5. On the File download menu, choose the Save file to disk and click the OK button.
6. Choose a descriptive file name on the Save file as menu.
Novell Security Manager will automatically produce file names, consisting of backup, date and time: backup_yyyymmdd_hhmmss.abf (astaro-backup-file).
7. Check the generated backup file for readability by importing it back into WebAdmin and clicking on the Start button.
Novell Security Manager will now load and check the backup file. If the ckecksums are correct, you will now receive the Backup
Information.
8. Abort the restore process by opening a different menu within the tab.
47
Using Novell Security Manager
Attention:
After each system change, create a new backup file. If you load a new backup file and if, for example, you have changed the IP address or forgotten the password, you might not be able to access the newly configured system.
Advanced
Encryption: The backup file contains all configuration settings as well as the respective certificates and keys. The Encryption function allows you to encrypt the file using DES or 3DES.
Encryption of e-mail Backup Files:
1. Open the Backup menu in the System tab.
2. Scroll to the Advanced window.
3. Enable the Encryption function by clicking on the Enable button.
The Encryption function is enabled, when the status light shows green.
4. In the Passphrase entry field, enter the password.
Security Note:
With passwords with up to seven characters, the Backup file will be encrypted with DES and from eight characters on with 3DES.
5. To confirm, enter the password again into the Confirmation entry field.
6. Click the Save button to save these settings.
All Backup files that have been created manually or automatically by the system, will now be encrypted with the defined password.
Important Note:
A backup file that has been encrypted with Encryption can only be loaded to the system with the password that was used for the creation of the
Backup.
Send Backups by E-Mail: Novell Security Manager can also send you automatically created backup files by e-mail, so that you don’t have to remember to save the settings of your Security Manager manually on a data carrier. Then the file is e-mailed to the entered e-mail address. These e-mailed files are about 100 kilobytes long.
48
Using Novell Security Manager
Generating an E-Mail Backup File:
1. Open the Backup menu in the System tab.
2. In the Advanced window enable the Send Backups by E-Mail function by clicking on the Enable button.
The Backups by E-Mails function is enabled, if the status light shows green.
Important Note:
If the Encryption function has been enabled, the backup file will be encrypted with either the DES or 3DES algorithms, and can only be read or loaded using the correct password.
3. Use the Interval drop-down menu to define how often backups should be made.
The available choices are: Daily, weekly, and monthly.
4. In the E-Mail to field, enter the e-mail addresses, which should receive the backup files in regular intervals.
5. Click the Add button next to the E-Mail to entry field, to add this address to the ordered list.
If you would like to add more addresses, repeat step 5.
6. If you wish to generate and send a backup file immediately, click the
Start button next to Send backup now.
7. Check the generated files for readability by importing the respective backup file and clicking on the Start button.
Novell Security Manager will now load and check the backup file. If the ckecksums are correct, you will now receive the Backup Infor-
mation.
8. Abort the restore process by opening a different menu within the tab.
Editing E-Mail Addresses:
Please see chapter 3.3.5 on page 30 for a description of how to use the
ordered list.
49
Using Novell Security Manager
4.1.5. SNMP
The Simple Network Management
Protocol (SNMP) monitors and manages the local network. SNMP allows the administrator to make quick queries about the condition of the network devices, such as the number and configuration of the network interfaces, the forwarded traffic, the current processes and hard disk utilization. Next to the current state, tendencies and time rows are interesting.
They give a detailed insight into the functions of a network – the history can be monitored and remedied before turning into a real problem.
Configure the access rights to the SNMP service in the SNMP Access window. The users of the configured networks can then conduct queries about the SNMP server on Novell Security Manager with their read only rights.
Security Note:
The SNMP data traffic (Protocol version 2) between Novell Security
Manager and the network is not encrypted.
Authorizing Access to the SNMP Server:
1. Enable SNMP Access by clicking the Enable button.
2. From the Allowed Networks selection field, select the networks that you wish to allow for accessing the SNMP server.
3. Enter the Community String in this entry field.
4. Save your configuration by clicking Save.
In the SNMP Traps window you can define a Trap-Server, to which relevant information for the system administration is sent as SNMP Traps. To recognize those Traps a special SNMP monitoring software is required.
The messages, which are sent as SNMP Trap, contain the Object ID
(OID). The OID for messaging events (1500), the classification of the message (DEBUG = 0, INFO = 1, WARN = 2, CRIT = 3) and the relevant error code (000 bis 999) are attached.
Example: The notification
INFO-354: Intrusion Protection Pattern
Up2Date succeeded
Intrusion Protection Pattern Up2Date succeeded has in this case the OID
1.3.6.1.4.1.
and is assigned the following string:
50
advertisement
