security management system user guide...security management system user guide iii distribute a tos...
TRANSCRIPT
-
HP TippingPoint
Security Management SystemUser GuideVersion 4.3.0
5998-2909January 2016
-
Legal and notice information
© Copyright 2013–2015 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material.
This document contains proprietary information, which is protected by copyright. No part of this document may be photocopied, reproduced, or translated into another language without the prior written consent of Hewlett-Packard. The information is provided “as is” without warranty of any kind and is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
TippingPoint®, the TippingPoint logo, and Digital Vaccine® are registered trademarks of Hewlett-Packard All other company and product names may be trademarks of their respective holders. All rights reserved. This document contains confidential information, trade secrets or both, which are the property of Hewlett-Packard No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from Hewlett-Packard or one of its subsidiaries. All other company and product names may be trademarks of their respective holders.
HP TippingPoint Security Management System User GuidePublication Part Number: 5998-2909
-
Security Management System User Guide i
ContentsAbout this guide........................................................................................................................1
Target audience.......................................................................................................................................... 1
Related documentation..............................................................................................................................1
Conventions................................................................................................................................................ 1
Customer support.......................................................................................................................................3
Getting started......................................................................................................................... 4
SMS components........................................................................................................................................ 4
Installation.................................................................................................................................................. 5
SMS server home page.............................................................................................................................. 5
Log in to the SMS server home page..................................................................................................... 6
Download SMS client software............................................................................................................... 6
View or download reports.......................................................................................................................6
View reports from the SMS website.................................................................................................... 6
View or download documentation..........................................................................................................7
View or download exports and archives................................................................................................ 7
View or save exported les..................................................................................................................7
Connect to the TMC................................................................................................................................. 7
SMS client................................................................................................................................................... 7
Install the SMS client...............................................................................................................................8
Install the SMS client............................................................................................................................8
Log in to the SMS.................................................................................................................................... 8
Log in to the SMS................................................................................................................................. 8
View notications.................................................................................................................................... 9
SMS dashboard........................................................................................................................................... 9
Main user interface.................................................................................................................................. 10
-
ii Security Management System User Guide
Menu bar................................................................................................................................................ 11
SMS toolbar........................................................................................................................................... 11
Workspace..............................................................................................................................................11
Navigation pane.....................................................................................................................................12
Content pane......................................................................................................................................... 12
Features................................................................................................................................................. 12
Auto complete.................................................................................................................................... 12
Tabbed views...................................................................................................................................... 12
Table ltering......................................................................................................................................13
Expandable table columns................................................................................................................. 13
Table column controls........................................................................................................................ 13
Realtime data..................................................................................................................................... 13
Named resources................................................................................................................................14
IDResolver........................................................................................................................................... 14
Right-click menus...............................................................................................................................14
System preferences..................................................................................................................................14
Security preferences............................................................................................................................. 14
Congure security preferences.......................................................................................................... 15
Device Preferences................................................................................................................................ 15
Congure device preferences.............................................................................................................16
Dashboard preferences......................................................................................................................... 16
SSH client preferences.......................................................................................................................... 16
Change the SSH client setting........................................................................................................... 16
Banner message preferences............................................................................................................... 17
Congure banner message preferences............................................................................................17
Congure PCAP download preferences................................................................................................ 17
Report preferences................................................................................................................................18
Software updates..................................................................................................................................... 18
Install TOS updates............................................................................................................................... 18
Download a TOS update.....................................................................................................................18
-
Security Management System User Guide iii
Distribute a TOS update..................................................................................................................... 19
Download, activate, and distribute Digital Vaccines............................................................................ 19
Download a Digital Vaccine from the TMC........................................................................................ 19
Activate a Digital Vaccine...................................................................................................................20
Distribute a Digital Vaccine to one or more devices......................................................................... 20
Install SMS updates...............................................................................................................................20
Download an SMS update from the TMC...........................................................................................20
Migrate to another SMS version........................................................................................................... 20
Manage your system................................................................................................................................21
Add a device to the SMS....................................................................................................................... 21
Tools.......................................................................................................................................22
IP Lookup.................................................................................................................................................. 22
Use the IP Lookup utility.......................................................................................................................23
TMC............................................................................................................................................................23
Access the TMC......................................................................................................................................23
ThreatLinQ................................................................................................................................................ 24
Diagnostics............................................................................................................................................... 24
IDResolver.................................................................................................................................................24
Congure and enable IDResolver..........................................................................................................25
Query IDResolver...................................................................................................................................25
Dashboard...............................................................................................................................26
Dashboard palette....................................................................................................................................26
Default dashboard conguration.............................................................................................................27
Dashboard gadgets.................................................................................................................................. 27
Health and Status gadgets................................................................................................................... 28
Task Status gadgets..............................................................................................................................29
Inspection Event gadgets......................................................................................................................29
-
iv Security Management System User Guide
Event Rate gadget.............................................................................................................................. 29
Security gadgets.................................................................................................................................30
Reputation gadgets............................................................................................................................ 31
Application gadgets............................................................................................................................31
User gadgets.......................................................................................................................................32
Firewall gadgets.................................................................................................................................... 33
Customize the SMS dashboard................................................................................................................ 34
Select a dashboard theme.................................................................................................................... 34
Change the dashboard layout...............................................................................................................34
Restore dashboard defaults................................................................................................................. 35
Add or remove a gadget....................................................................................................................... 35
Congure a gadget................................................................................................................................ 35
Events.....................................................................................................................................37
Navigate the Events workspace.............................................................................................................. 37
Inspection events..................................................................................................................................... 38
Criteria panels........................................................................................................................................38
Inspection Events table.........................................................................................................................38
Firewall events......................................................................................................................................... 40
Monitor events......................................................................................................................................... 42
Monitor inspection or rewall events...................................................................................................42
Right-click options from the events table............................................................................................43
Customizing display options.................................................................................................................46
Events display........................................................................................................................................46
Severity level...................................................................................................................................... 46
Table properties..................................................................................................................................47Customize table property settings................................................................................................. 47Add a comment............................................................................................................................... 47Edit a comment............................................................................................................................... 47
Viewing event details......................................................................................................................... 48Edit a geographic lter....................................................................................................................50
-
Security Management System User Guide v
View geographic lter description.................................................................................................. 51View event details........................................................................................................................... 51Reputation information................................................................................................................... 51TMC ThreatLinQ charts and graphs................................................................................................ 52
Packet trace........................................................................................................................................ 52Packet trace options........................................................................................................................52
Right-click packet trace menu options........................................................................................ 53External packet trace viewer........................................................................................................53View the packet trace...................................................................................................................53Save packet trace les..................................................................................................................53Download packet trace les to the SMS...................................................................................... 53Congure packet trace view settings...........................................................................................54
Exporting query results......................................................................................................................54Export query results........................................................................................................................54ThreatLinQ........................................................................................................................................55
Saving queries.......................................................................................................................................... 55
Open a saved query.............................................................................................................................. 55
Edit a saved query.................................................................................................................................55
Delete a saved query............................................................................................................................ 55
Filter criteria.......................................................................................................................................... 56
Create an inspection query with lter criteria...................................................................................57
Filter taxonomy criteria.........................................................................................................................58
Create a query with lter taxonomy criteria..................................................................................... 58
Network criteria (Inspection Events).................................................................................................... 59
Create a query with network criteria.................................................................................................59
User info criteria (Inspection Event viewer)......................................................................................... 60
Create a query with user information criteria...................................................................................61
Device/segment/rule criteria................................................................................................................ 61
Create a query with device segment criteria.....................................................................................62
Tuning event lters (Inspection events)...............................................................................................62
Filter modications.............................................................................................................................63
Application, transaction, and user criteria (Firewall Events)............................................................... 63
Add application, transaction, and user criteria................................................................................. 64
-
vi Security Management System User Guide
Edit application criteria...................................................................................................................... 64
Firewall policy criteria........................................................................................................................... 65
Create a rewall query with lter criteria......................................................................................... 65
Device, Segment/Interface criteria....................................................................................................... 65
Network criteria (Firewall Events)........................................................................................................ 66
Create a rewall query with network criteria....................................................................................66
Schedule, Service Criteria......................................................................................................................66
Create a query with schedule or service criteria...............................................................................66
Network Address Translation criteria...................................................................................................67
Users criteria (Firewall Events)............................................................................................................. 67
Event criteria (Firewall Events).............................................................................................................67
Threshold lter state............................................................................................................................... 67
Right-click options.................................................................................................................................67
Edit a traffic threshold lter................................................................................................................. 67
Reset a traffic threshold lter.............................................................................................................. 68
Reset all traffic threshold lters...........................................................................................................68
Reports................................................................................................................................... 70
Navigate the Reports workspace.............................................................................................................70
Templates................................................................................................................................................. 71
Report permissions............................................................................................................................... 71
AD User reports........................................................................................................................................ 71
Inspection criteria panels......................................................................................................................71
Firewall templates....................................................................................................................................73
Firewall criteria panels..........................................................................................................................74
Reputation templates.............................................................................................................................. 75
Reputation criteria panels.....................................................................................................................75
Rate Limit templates................................................................................................................................77
Rate Limit criteria panels......................................................................................................................77
-
Security Management System User Guide vii
Device Traffic templates.......................................................................................................................... 78
Device Traffic criteria panels.................................................................................................................78
Traffic Threshold templates.....................................................................................................................79
Traffic Threshold criteria panels...........................................................................................................79
Advanced DDoS templates.......................................................................................................................80
Advanced DDoS criteria panels.............................................................................................................81
Executive reports templates....................................................................................................................82
Executive report criteria panels............................................................................................................82
Traffic Analysis templates........................................................................................................................83
Traffic Analysis criteria panels..............................................................................................................84
Run a report............................................................................................................................................. 84
Run a report.......................................................................................................................................... 85
Clear lters............................................................................................................................................ 86
Customize the criteria panels.................................................................................................................. 86
Change the criteria panels that display on a report............................................................................ 86
Customize a query................................................................................................................................... 87
Create a custom query for a report......................................................................................................87
Saved reports........................................................................................................................................... 87
Create a saved report............................................................................................................................88
Run a saved report................................................................................................................................89
Edit a saved report................................................................................................................................90
Save as a rew report............................................................................................................................. 90
Report results...........................................................................................................................................90
Open a saved report..............................................................................................................................90
Edit result settings and permissions....................................................................................................91
Delete a saved report............................................................................................................................91
Export report results................................................................................................................................92
-
viii Security Management System User Guide
Export a report result........................................................................................................................... 92
Report schedules......................................................................................................................................92
Create a new schedule.......................................................................................................................... 93
Edit an existing schedule...................................................................................................................... 93
Delete a schedule.................................................................................................................................. 94
All schedules.............................................................................................................................................94
Edit a report schedule...........................................................................................................................94
Delete a report schedule.......................................................................................................................94
Proles................................................................................................................................... 95
Prole support areas................................................................................................................................96
Planning and using proles..................................................................................................................... 96
Navigation and menu options................................................................................................................. 96
Global search............................................................................................................................................ 97
Shared settings........................................................................................................................................ 98
Action sets............................................................................................................................................. 99
Create or edit an action set............................................................................................................. 100
Default action sets........................................................................................................................... 100
Manage action sets.......................................................................................................................... 101Flow control................................................................................................................................... 101Notications...................................................................................................................................102Packet trace................................................................................................................................... 102Quarantine settings.......................................................................................................................103Quarantine exceptions.................................................................................................................. 103
Application groups.............................................................................................................................. 103
Create or edit an application group.................................................................................................104
Notication contacts........................................................................................................................... 105
Create or edit an email notication contact....................................................................................106
Create or edit an SNMP notication contact................................................................................... 106
Alert aggregation for notications.................................................................................................. 107Aggregation period........................................................................................................................107
-
Security Management System User Guide ix
Set aggregation settings for global contacts...............................................................................107
Schedules.............................................................................................................................................108
Create a schedule............................................................................................................................. 108
Edit a schedule................................................................................................................................. 108
Delete a schedule............................................................................................................................. 109
Security zones..................................................................................................................................... 109
Create and edit security zones........................................................................................................ 109
Services................................................................................................................................................110
Add a non-standard port................................................................................................................. 110
Delete a non-standard port............................................................................................................. 111
Add a new service............................................................................................................................ 111
Service groups.....................................................................................................................................112
Create and edit service groups........................................................................................................ 112
Inspection proles..................................................................................................................................112
Inventory pane.................................................................................................................................... 112
Distribution progress pane................................................................................................................. 113
Management tasks..............................................................................................................................114
Import proles..................................................................................................................................115Import a prole..............................................................................................................................116
Export proles.................................................................................................................................. 117Export a prole..............................................................................................................................117
Distribute inspection proles...........................................................................................................117Segment groups............................................................................................................................ 118Required distributions................................................................................................................... 118DV and DV Toolkit version verication......................................................................................... 118High/low priority distributions......................................................................................................118
Distributing proles..........................................................................................................................118Manual prole distribution............................................................................................................119Distribute an inspection prole manually to inspection segments and rewall devices.............119Distribute multiple proles........................................................................................................... 120Distribute multiple proles........................................................................................................... 120Cancel a distribution in progress.................................................................................................. 121
Creating new proles....................................................................................................................... 121
-
x Security Management System User Guide
Deployment mode......................................................................................................................... 121Inheritance..................................................................................................................................... 122
Create a new prole................................................................................................................... 122Use the ‘Save As’ option to copy a prole................................................................................. 123
Deleting a prole..............................................................................................................................124
Compare proles.............................................................................................................................. 124Compare proles........................................................................................................................... 124
View prole details...........................................................................................................................125Details view................................................................................................................................... 125
Prole distribution schedule...................................................................................................... 126Distribution details..................................................................................................................... 126
Versions tab...................................................................................................................................126View prole details and version options................................................................................... 127Edit prole details...................................................................................................................... 128Create a snapshot of a prole version.......................................................................................128View prole version details........................................................................................................128Activate a prole version........................................................................................................... 128
Search options.....................................................................................................................................129
Global search.................................................................................................................................... 129
Search............................................................................................................................................... 130
Find................................................................................................................................................... 130
Default inspection prole................................................................................................................... 130
Prole overview................................................................................................................................130
Prole settings................................................................................................................................. 130
Security lter.................................................................................................................................... 131Create or edit a security lter prole restriction..........................................................................131Create or edit a security lter exception...................................................................................... 132Delete a security restriction or exception.................................................................................... 132
Application lters............................................................................................................................. 132Application lter categories..........................................................................................................134View and edit application lter details.........................................................................................137Edit the state or action set for application lter category settings............................................ 138
Custom lter exceptions.................................................................................................................. 138Create or edit application lter restrictions................................................................................. 138Delete application restrictions......................................................................................................139Create or edit application lter exceptions.................................................................................. 139
User dened lters..............................................................................................................................140
-
Security Management System User Guide xi
Advanced DDoS lters......................................................................................................................140Advanced DDoS conguration.......................................................................................................146Create or edit an Advanced DDoS lter........................................................................................ 146
Traffic Threshold lters....................................................................................................................147Create or edit a Traffic Threshold lter........................................................................................ 148
Reputation lters..............................................................................................................................149
Geographic lters............................................................................................................................. 150Any country....................................................................................................................................150Inclusions and exclusions..............................................................................................................150
Reputation lters table.................................................................................................................... 151Management tasks........................................................................................................................ 152Right-click options.........................................................................................................................152Reputation settings.......................................................................................................................153
Edit Reputation settings............................................................................................................ 153Create a Reputation lter...........................................................................................................154Edit a Reputation lter............................................................................................................... 154Create a Geographic lter.......................................................................................................... 155Edit a Geographic lter...............................................................................................................156Delete a Reputation or Geographic lter...................................................................................156Change the precedence of a Reputation or Geographic lter (move up/down)........................157Create or edit Reputation lter exceptions............................................................................... 157
Traffic Management lters...............................................................................................................158Edit a Traffic Management lter................................................................................................... 158
Firewall proles...................................................................................................................................... 159
Manage rewall proles......................................................................................................................160
Import a rewall prole................................................................................................................... 161
Create a new prole......................................................................................................................... 161
Create a snapshot of a rewall prole version............................................................................... 161
Activate a rewall prole version.................................................................................................... 162
Delete a rewall prole....................................................................................................................162
Firewall rules....................................................................................................................................... 162
Add items to rewall rules...............................................................................................................162
Create rewall rules......................................................................................................................... 163
Captive portal rules.............................................................................................................................165
Create a captive portal rule............................................................................................................. 165
-
xii Security Management System User Guide
Special captive portal rules to allow blocked users to log out....................................................... 166
NAT rules..............................................................................................................................................167
Create source NAT rules................................................................................................................... 167
Create destination NAT rules........................................................................................................... 168
Distribute rewall proles.................................................................................................................. 169
Distribute proles to rewall devices.............................................................................................. 169
Cancel a distribution in progress..................................................................................................... 170
Digital Vaccines...................................................................................................................................... 170
DV Inventory tab................................................................................................................................. 170
Download and manage Digital Vaccine packages........................................................................... 172
Scheduled Distributions tab.............................................................................................................173
Importing DV packages.......................................................................................................................173
Auto-download and distribute a DV or Auxiliary DV....................................................................... 173
Import a DV or Auxiliary DV package.............................................................................................. 174
Download a DV or Auxiliary DV package......................................................................................... 175
Managing DV packages....................................................................................................................... 175
Delete a DV or Auxiliary DV package...............................................................................................175
Activate a DV or Auxiliary DV package............................................................................................ 175
View details of a DV or Auxiliary DV package................................................................................. 175
Search lters in a DV package......................................................................................................... 176
Distributing DV packages overview....................................................................................................176
Scheduled distributions....................................................................................................................176
Distribute a DV or Auxiliary DV package......................................................................................... 177
Stop distribution of a DV or Auxiliary DV........................................................................................ 177
Create a new scheduled distribution............................................................................................... 177
Edit a scheduled distribution........................................................................................................... 178
Auxiliary DV............................................................................................................................................ 178
ThreatDV.............................................................................................................................................. 178
Auxiliary DV screen............................................................................................................................. 178
Auxiliary Digital Vaccine tasks............................................................................................................180
-
Security Management System User Guide xiii
Import Auxiliary DV packages..........................................................................................................180
Manage Auxiliary DV packages........................................................................................................180
Uninstall an Auxiliary DV..................................................................................................................180
Distribute Auxiliary DV packages.....................................................................................................181
Clear an obsolete distribution listing for Auxiliary DVs.................................................................. 181
Digital Vaccine Toolkit............................................................................................................................181
Associate DV Toolkit packages with devices and proles in the SMS................................................181
Create DV Toolkit packages............................................................................................................. 182
Use multitenancy to limit access to DV Toolkit packages...............................................................182
DV Toolkit Packages screen................................................................................................................ 182
Import a DV Toolkit package.............................................................................................................. 184
Activate a DV Toolkit package............................................................................................................ 185
Search for DV Toolkit packages from an Inspection Prole...............................................................185
Distribute a DV Toolkit package to the device................................................................................... 186
View DV Toolkit details....................................................................................................................... 187
Remove DV Toolkit packages from the device and the SMS..............................................................188
Deactivate a DV Toolkit package on the SMS..................................................................................188
Uninstall a DV Toolkit package from the device............................................................................. 188
Delete a DV Toolkit package from the SMS.....................................................................................189
Reputation database..............................................................................................................................189
Reputation database interface........................................................................................................... 190
Summary tab.......................................................................................................................................190
Database summary.......................................................................................................................... 190
Activity tab.......................................................................................................................................... 190
Sync progress................................................................................................................................... 190
Tasks................................................................................................................................................. 191View Reputation database details for distribution to device targets.......................................... 191Perform a full synchronization of the Reputation database....................................................... 192Stop a synchronization of the Reputation database................................................................... 192Clear obsolete distribution entries............................................................................................... 192
Tag Categories tab.............................................................................................................................. 192
-
xiv Security Management System User Guide
Import all tag categories................................................................................................................. 194
Export all tag categories..................................................................................................................194
Add or edit a Reputation tag category............................................................................................194
Delete a Reputation tag category................................................................................................... 195
ThreatDV.............................................................................................................................................. 195
View license details for a ThreatDV reputation lter......................................................................196
Enable or disable automatic DV download for a Reputation DV.....................................................196
Import a ThreatDV package............................................................................................................. 196
Reset a Reputation DV..................................................................................................................... 197
User-provided entries......................................................................................................................... 197
Import entries into the Reputation database................................................................................. 197Import user-provided entries to the Reputation database from a le........................................ 197
Adding user-provided entries to the Reputation database............................................................ 198Add a user-provided entry (addresses only) to the Reputation Database.................................. 198Add an address, tag category, or tag value to the Reputation database.................................... 199
Exporting user-provided Reputation entries.................................................................................. 199Export a user-provided entry from the Reputation Database.....................................................199
Reputation database search............................................................................................................... 199
Search criteria...................................................................................................................................200
Search results................................................................................................................................... 201Search for entries in the Reputation database............................................................................ 201Edit bulk (all searched database entries)..................................................................................... 201Delete bulk (all searched database entries).................................................................................202Edit a user-provided entry in the Reputation database.............................................................. 202Edit multiple user-provided entries in the Reputation database................................................ 202
Scheduled distributions......................................................................................................................... 203
Create a new prole distribution........................................................................................................ 203
View a prole schedule....................................................................................................................... 203
Edit a prole schedule........................................................................................................................ 203
Vulnerability Scans.................................................................................................................................204
Overview.............................................................................................................................................. 204
Vulnerability Scans..............................................................................................................................204
-
Security Management System User Guide xv
To import a CSV le..........................................................................................................................205
To import a le using a custom converter...................................................................................... 205
Show CVEs........................................................................................................................................ 206
Prole Tuning................................................................................................................................... 206Functions of the Prole Tuning Wizard........................................................................................ 206
Dialog Page 1..............................................................................................................................206Dialog Page 2..............................................................................................................................206Dialog Page 3..............................................................................................................................207Dialog Page 4..............................................................................................................................207
Comments.........................................................................................................................................207
Delete................................................................................................................................................208
CVE Search...........................................................................................................................................208
Scan Criteria pane............................................................................................................................ 208
CVE Criteria pane.............................................................................................................................. 208
CVE Search Results...........................................................................................................................208Details............................................................................................................................................ 209
Details Dialog..............................................................................................................................209
Vulnerability Criteria........................................................................................................................... 210
Vulnerability Criteria search pane................................................................................................... 210
Vulnerability Criteria Search Results............................................................................................... 210Edit Filter Dialog............................................................................................................................ 211
System preferences............................................................................................................................ 212
Responder............................................................................................................................. 213
Before you begin....................................................................................................................................213
Responder conguration........................................................................................................................214
Working with the Responder (Response History)................................................................................. 214
Monitoring and managing responses................................................................................................. 216
Filter responses...................................................................................................................................216
Create a named resource.................................................................................................................... 217
Close a response................................................................................................................................. 217
View events for a response................................................................................................................ 217
-
xvi Security Management System User Guide
Responder actions..................................................................................................................................218
Notication actions............................................................................................................................. 218
Reputation entry (blacklist) actions................................................................................................... 219
IPS Quarantine actions........................................................................................................................219
Switch actions..................................................................................................................................... 220
Creating or editing response actions................................................................................................. 220
Create or edit a response action..................................................................................................... 220
Email response action......................................................................................................................221
Move quarantined host onto a VLAN response action....................................................................221
NMS trap response action................................................................................................................222
Reputation entry response action................................................................................................... 223
SNMP trap response action..............................................................................................................223
Syslog response action.................................................................................................................... 224
Web response action........................................................................................................................224
IPS quarantine response action.......................................................................................................225
Delete a response action................................................................................................................. 226
Response action scripts......................................................................................................................... 226
Import an active responder action script........................................................................................... 226
Export an active responder action script........................................................................................... 226
Delete an active responder action script........................................................................................... 227
Policies....................................................................................................................................................227
Policy setup options............................................................................................................................227
Policy initiation.................................................................................................................................228
Policy remediation communication (timeout).................................................................................228
Inclusions and exclusions................................................................................................................ 228
IP correlation and thresholding....................................................................................................... 229
Actions.............................................................................................................................................. 229
IPS destinations................................................................................................................................229
Default response policy...................................................................................................................... 229
-
Security Management System User Guide xvii
Edit the default response policy......................................................................................................229
Manual response................................................................................................................................. 231
Initiate a manual response.............................................................................................................. 231
New response policies........................................................................................................................ 231
Create or edit a new response policy.............................................................................................. 231
Delete a new response policy..........................................................................................................233
Responder network devices.................................................................................................................. 233
Auto discovery of switches................................................................................................................. 234
Congure auto discovery of network devices................................................................................. 234
Adding a switch................................................................................................................................... 235
Add or edit a switch......................................................................................................................... 235
RADIUS.................................................................................................................................................... 236
Congure RADIUS................................................................................................................................ 236
IP Correlation..........................................................................................................................................237
Conguring IP Correlation...................................................................................................................237
Network mapping using the GUI......................................................................................................238Add/edit network mapping........................................................................................................... 238
Network mapping – bulk load via service mode.............................................................................238
IP Correlation conguration – RFC1213.......................................................................................... 238
IP Correlation conguration – 3Com Network Director or 3Com Enterprise Management Suite... 238
IP Correlation conguration – external Web API.............................................................................239IP Correlation query conguration............................................................................................... 239Build IP Correlation queries over HTTP(S)....................................................................................239
IP Correlation web services................................................................................................................ 240
Add/edit web services......................................................................................................................240
Control web service precedence...................................................................................................... 240
Testing IP Correlation..........................................................................................................................240
Perform a test of IP Correlation...................................................................................................... 241
Managing manual response policies..................................................................................................... 241
Managing responder through an external/third-party interface......................................................... 241
-
xviii Security Management System User Guide
Devices................................................................................................................................. 242
The Devices workspace..........................................................................................................................242
Devices (All Devices)............................................................................................................................243
Member Summary............................................................................................................................ 244Network summary.........................................................................................................................245Events summary............................................................................................................................245
Blocked and rate limited streams.............................................................................................. 245Firewall sessions.........................................................................................................................247Trusted streams..........................................................................................................................247Quarantined hosts...................................................................................................................... 248Adaptive Filter.............................................................................................................................249
System health summary............................................................................................................... 249Performance.................................................................................................................................. 250
Packet statistics..........................................................................................................................250CPU.............................................................................................................................................. 251
Device users...................................................................................................................................251Traffic capture................................................................................................................................253
Concurrent traffic capture.......................................................................................................... 253
Device Details...................................................................................................................................... 256
Status indicators.............................................................................................................................. 257
Status indicator legends.................................................................................................................. 257
Device Conguration wizard............................................................................................................ 258
System update and snapshots........................................................................................................ 260System snapshots......................................................................................................................... 260
TippingPoint Operating System..........................................................................................................260
Virtual segments................................................................................................................................. 262
Special notes.................................................................................................................................... 262Migration........................................................................................................................................ 263Limitations: 3.1 devices other than N-Platform or NX-Platform IPS devices..............................263
Virtual Segment table...................................................................................................................... 264
Traffic ow analyzer.........................................................................................................................264
Segment groups.................................................................................................................................. 264
Common device tasks............................................................................................................................ 265
Adding, editing, or deleting a device..................................................................................................266
-
Security Management System User Guide xix
Add a device..................................................................................................................................... 266
Edit devices.......................................................................................................................................267
Delete a device................................................................................................................................. 268
Creating or deleting a device group................................................................................................... 268
Create a device group...................................................................................................................... 268
Delete a device group...................................................................................................................... 268
Unmanaging or remanaging a device.................................................................................................268
Unmanage a Device..........................................................................................................................269
Manage a device...............................................................................................................................269
Importing or exporting device conguration..................................................................................... 269
Export device settings..................................................................................................................... 269
Import device settings..................................................................................................................... 270
Viewing and searching events............................................................................................................ 270
View events for all devices.............................................................................................................. 271
View events for a specic device.....................................................................................................271
Flush events lists............................................................................................................................. 272
Managing versions, updates, and snapshots.....................................................................................272
Rollback to a previous version........................................................................................................ 272
Delete a previous TOS version.........................................................................................................272
Create a new system snapshot on the device.................................................................................273
Import a system snapshot from a le.............................................................................................273
Export a system snapshot to a le................................................................................................. 273
Archive a system snapshot to the SMS........................................................................................... 274
Restore from a system snapshot.................................................................................................... 274
Delete a system snapshot............................................................................................................... 274
Importing and downloading the TOS..................................................................................................275
Download the TOS software............................................................................................................ 275
Import TOS software from a le......................................................................................................275
Managing TOS distribution..................................................................................................................276
Distribute the TOS............................................................................................................................ 276
-
xx Security Management System User Guide
Managing virtual segments................................................................................................................ 276
Create a virtual segment................................................................................................................. 276
Delete a virtual segment................................................................................................................. 277
Analyze traffic ow for virtual segments........................................................................................278
Managing segment groups................................................................................................................. 278
View segment group details............................................................................................................ 279
Create a segment group.................................................................................................................. 279
Edit segment group membership.................................................................................................... 280
Edit the name and descriptions for a segment group member........................