cisco cyber vision center appliance quickstart guide ... · each cisco cyber vision center includes...

Cisco Cyber Vision Center ApplianceQuickstart Guide

Cisco Systems, Inc.Rev. 0.0.2, 17 January 2020

Cisco Cyber Vision Center Appliance Quickstart GuideRev. 0.0.2, 17 January 2020

Owner: Cisco IoT

Author: Juliette Maffet

Cisco Systems, Inc.

Trademark Acknowledgments

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Ciscotrademarks, go to this URL: www.cisco.com/go/trademarks.

Third party trademarks mentioned are the property of their respective owners.

The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Publication Disclaimer

Cisco Systems, Inc. assumes no responsibility for errors or omissions that may appear in this publication. We reserve the right to change this publication atany time without notice. This document is not to be construed as conferring by implication, estoppel, or otherwise any license or right under any copyright orpatent, whether or not the use of any information in this document employs an invention claimed in any existing or later issued patent. A printed copy of thisdocument is considered uncontrolled. Refer to the online version for the latest revision.

Copyright

© 2018 Cisco and/or its affiliates. All rights reserved.

Information in this publication is subject to change without notice. No part of this publication may be reproduced or transmitted in any form, by photocopy,microfilm, xerography, or any other means, or incorporated into any information retrieval system, electronic or mechanical, for any purpose, without theexpress permission of Cisco Systems, Inc.

Americas HeadquartersCisco Systems, Inc.San Jose, CA

Asia Pacific HeadquartersCisco Systems (USA) Pte. Ltd.Singapore

Europe HeadquartersCisco Systems International BV AmsterdamThe Netherlands

Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices.

Total pages: 29

Contents1 About this documentation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

1.1 Document purpose. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41.2 Warnings and notices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

2 Information & Characteristics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Connect the Center. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

3.1 Connect an external device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73.2 Connect interfaces for communication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73.3 Power up the Center. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

4 Configure the Center. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84.1 Basic Center configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84.2 Cisco Cyber Vision configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

4.2.1 Install the certificate in your browser. . . . . . . . . . . . . . . . . . . . . . . . 184.2.2 Install Cisco Cyber Vision. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Cisco Cyber Vision Center Appliance Quickstart GuideRev. 0.0.2

Contents

1.1

1.2

1 About this documentation

Document purposeThis quickstart guide shows how to connect, configure and install Cisco Cyber Visionrunning on Cisco Unified Computing C220.This documentation is applicable to system version 3.0.0.

IMPORTANT

Cisco Cyber Vision EAP is a snapshot of the ongoing development process and is in thequalifying phase. Testing for this program is under progress and may contain features that areincomplete or may change before the next full release.

Warnings and noticesThis manual contains notices you have to observe to ensure your personal safety as wellas to prevent damage to property.The notices referring to your personal safety and to your property damage arehighlighted in the manual by a safety alert symbol described below. These notices aregraded according to the degree of danger.

WARNING

Indicates risks that involve industrial network safety or production failure that could possiblyresult in personal injury or severe property damage if proper precautions are not taken.

IMPORTANT

Indicates risks that could involve property or Cisco equipment damage and minor personalinjury if proper precautions are not taken.

Note

Indicates important information on the product described in the documentation to whichattention should be paid.


About thisdocumentation

■

■

■

■

2 Information & CharacteristicsThe Cisco Cyber Vision solution is based on a 2-tier architecture made of:

Edge sensors which are installed in the industrial network. These sensors arededicated to capture network traffic, decode protocols using the Cisco Deep PacketInspection engine and send meaningful information to the Cisco Cyber Vision Center.The Cisco Cyber Vision Center, a central platform gathering data from all the EdgeSensors and acting as the monitoring, detection and management platform for thewhole solution.

The Center is therefore the central point of the Cisco Cyber Vision product. To safeguardthe data collected from the industrial network and ensure maximum reliability, theCenter includes a RAID storage array. It also includes redundant internal cooling fans (x3)and dual hot-swappable power supplies.To operate, the Center relies on two separate networks, respectively connected to thefollowing interfaces:

The Administration network interface, which gives access to the user interface.The Collection network interface, which connects the Center to the sensors.

The Center provides two dedicated and separate 10 Gigabit Ethernet network ports toconnect to these two networks.


Information &Characteristics


Information &Characteristics

3.1

3.2

■

■

3.3

3 Connect the CenterBefore turning on the Center for the first time, you will need to connect the Center to aVGA display and a keyboard or a console so you can configure it, and to networkinterfaces to make it operational.

Connect an external deviceYou need to connect an external device to access and configure the Center.To do so, connect an external display to the VGA port (1) and a keyboard to any USB port(2) on the Center, or a console to the console serial port (3).

Connect interfaces for communicationConnect network interfaces:

Administration interface (eth0):Connect the administration network cable to the Administration LAN port (1) toconnect the Center with the user interface.Collection interface (eth1):Connect the collection network cable to the Collection LAN port (2) to connect theCenter with its sensors.

Power up the CenterConnect the Center to the power supply and switch it ON from the Center front view.


Connect theCenter

4.1

■

■

■

■

■

4 Configure the CenterYou will need to complete two steps to configure the Center:1. The basic Center configuration through a VGA display and a keyboard or a console, to:

▪ Set the Center and the sensors passwords.▪ Synchronize the Center to the NTP server.▪ Configure the Administration and Collection interfaces.

2. The Cisco Cyber Vision configuration, through a browser, to create an admin accountand to enroll the sensors detected.

Basic Center configurationThis step will allow you to configure the Center network settings before using it with theuser interface.Required information:

Local NTP and DNS IP addresses.The Collection interface network address.

In the case of manual Administration network interface configuration:Its IP address.Its netmask (in a two-number format, e.g. 192.168.1.0/24).Its gateway (by default, to reach devices located outside the local network).

Access the basic Center configuration:

The Center wizard displays on your screen as you turn on the Center. Enter Start to startconfiguring the Center.


Configure theCenter

Accept the End User License Agreement:

Select the language to match your keyboard:


Configure theCenter

■

■

Note

By default, the system is configured to work with a QWERTY keyboard.

Configure the Center's Administration network interface:

The Center uses a dedicated sub-network on the Administration interface. It is possibleto change it if the default one doesn't fit the environment on which the Center will beconnected.The Administration network interface configuration can be done either:

Using a DHCP server, if there is one available on the network.

In this case, enter OK. Settings will be done automatically, and you will be directed tothe next step.Manually:


Configure theCenter

Enter the Administration network interface's IP address, netmask (in a two-numberformat), and gateway.

Configure the Center's DNS:

Type a DNS address and possible alternatives.


Configure theCenter

Synchronize the Center and the sensors to NTP servers:

Enter IP addresses of local or remote NTP servers (gateway configuration needed) tosynchronize the Center and the sensors with a clock reference. Each address must beseparated by a space.

The synchronization takes a few seconds.Check that the time is correct, or set the time manually.


Configure theCenter

Give the Center a name:

Note

This name will be used in the Center certificate.

Enter the Center name provided by your administrator or type 'Default' which is a securevalue.

Note

This name must match the DNS name you will use to access the Center through SSH or abrowser.

Set the Center's password:

The root password of the Center must be set for security reasons. It's hidden forconfidentiality reasons.


Configure theCenter

Confirm the password.

Configure the Center's Collection network interface:

Erase the network address suggested into the field to disable the DHCP server and enterOK to proceed to the next step. Once the basic Center configuration and Cisco CyberVision configuration is finished, you will proceed to a manual installation of the sensors(refer to the Cisco Cyber Vision Sensor Quickstart Guide).


Configure theCenter

Type the IP address of the Industrial network interface.

Configure the sensors' password:


Configure theCenter

The sensors' root password must be set for security reasons.

This password will be assigned once you will have enrolled the sensors with the Center.You will need this password for troubleshooting, diagnostics, and updates.Confirm the password.

Below is the last screen of the basic Center configuration. It reminds you the addressesset to be used to download the CA certificate and access Cisco Cyber Vision.


Configure theCenter

Enter OK to finish the basic Center configuration.

Close the Center configuration window and write 'logout' before proceeding with thenext steps of Cisco Cyber Vision configuration.To proceed with the Cisco Cyber Vision configuration, open your browser and go to thepreviously indicated URL to access the user interface.

Note

Each Cisco Cyber Vision Center includes its own PKI (Public Key Infrastructure), with a CA(Certification Authority), that will be used to establish the TLS connection to the sensors and toclients. The CA must be installed on each client browser (see the following chapters).


Configure theCenter

4.2

■

■

4.2.1

Cisco Cyber Vision configurationOnce the Center basic configuration is done, you must perform the second step througha browser:

to install the internal Center CA certificate,to access the user interface installation wizard thanks to the url provided during theprevious basic configuration step (i.e. the Center's IP address).

Required browsers:Cisco Cyber Vision supports Chrome 54, Firefox 49 and newer versions.

Install the certificate in your browser1. Open your browser.2. Enter 'http://<CENTERIPADDRESS>/ca.crt' inside the search bar.

The certificate downloads.3. Save the certificate on your computer.4. In the browser, access the administration menu.

Example: Chrome

5. Type 'certificate' in the search bar and access the certificates management menu.


Configure theCenter

6. Access the Trusted Root Certification menu.


Configure theCenter

7. Click Import.


Configure theCenter

A certificate importation wizard opens.8. Go to the next step.


Configure theCenter

9. Search for the certificate you registered earlier.10. Go to the next step.


Configure theCenter

11. Accept the default values by going to the next step.


Configure theCenter

12. The certificate is by now considered as trusted by the browser. It will be imported assoon as you will click Finish.


Configure theCenter

4.2.2 Install Cisco Cyber Vision

Access the Cisco Cyber Vision installation wizard:

1. With your browser, access https://<CENTERNAME>/.

Note

Accessing the Center using its name allows to use the HTTPS secure interface.Yet, this requires a DNS or local host configuration to associate the name andthe IP address. The Center access through its IP address is possible but theconnection is not secure.

The first access to Cisco Cyber Vision home screen displays:


Configure theCenter

2. Go to the next page.

Create an admin account:

1. Enter the information required.


Configure theCenter

♦♦♦♦

Note

Email will be asked for login access.

Passwords must contain at least ten characters belonging to three out of four of thefollowing character types:

Lower case.Capital letters.Numbers.Punctuation marks or symbols.

IMPORTANT

Passwords should be changed regularly to ensure the platform and the industrialnetwork security.


Enroll sensors:

This step doesn't apply to the UCS Center nor the Cisco IC3000 Industrial ComputeGateways.


Finish the installation:

The Center is by now correctly installed and Cisco Cyber Vision is ready to operate.


Configure theCenter



Configure theCenter

2. As you just created an Admin user account, you must accept the software licenseagreement to use Cisco Cyber Vision.

Cisco Cyber Vision installation is now complete. You can start installing the sensors. To doso, refer to the Cisco Cyber Vision Sensor Quickstart Guide.


Configure theCenter

cisco cyber vision center appliance quickstart guide ... · each cisco cyber vision center includes...

Documents