4_Deploying AirDefen..
advertisement
Deploying AirDefense Enterprise Copyright © 2002-2006 AirDefense Proprietary and Confidential. Deploying AirDefense Enterprise Needs Assessment Installation Requirements Network Connections & User Interfaces Users & Roles Setting up AirDefense Enterprise Sensor Setup Sensor Deployment Enterprise UI Copyright © 2002-2006 AirDefense Proprietary and Confidential. Needs Assessment What is at Risk ? Which Locations are at Risk ? Intended System Use Sensor Needs Server Needs Employee Educational Needs Copyright © 2002-2006 AirDefense Proprietary and Confidential. What Devices are a Possible Threat ASSETS What WLAN devices are in my air space? Which devices are mine? Copyright © 2002-2006 AirDefense Proprietary and Confidential. Setup Checklist Physical Resources Standard, grounded 120/240 VAC connection Keyboard and monitor (for local access to the Server) Standard 19-inch rack (1U height) with mounting rails Network Information IP address (supports DHCP) Subnet Mask Default Gateway DNS Servers Mail Relay Server IP Address (of the System the Admin uses) Copyright © 2002-2006 AirDefense Proprietary and Confidential. Interfaces Server GUI – Web Browser Connection Perform most administrative and operational tasks Four roles: admin, manager, guest and network op Command Line Interface or SSH Initial setup and configuration; as well as backup Sensor GUI – Web Browser Connection Initially configure sensor settings Console (serial port connection – M400 only) Sensor maintenance Copyright © 2002-2006 AirDefense Proprietary and Confidential. Network Connectivity Enterprise Appliance 510 Sensor Console Client 8543 443 or 80* 520 Sensor 22 443 or 80* SSH Client https: 443 Browser Client * Use port 443 if Encrypted (default) or port 80 if Unencrypted Copyright © 2002-2006 AirDefense Proprietary and Confidential. Server Communication: Backup Server Sensors can be configured to support a backup server for failover purposes. Install a separate AirDefense server at same or an alternate location Configure sensors with the address of the backup server Periodically restore backup of primary server onto failover server If a primary server failure occurs, or if the network for the primary server fails, sensors will connect to the backup server Copyright © 2002-2006 AirDefense Proprietary and Confidential. Server GUI Roles Admin User Only Admin users have full read and write privileges, enabling them to make changes in all of AirDefense, including deleting users, and changing policy. Can add new users to AirDefense and can assign them to a role, including as another admin user. Manager Same as admin, but can’t create new users, manage the appliance or clear edit log Guest User Guest users have read-only access to the following GUI program areas: Dashboard, Alarm Manager, Sensor Manager, Policy Manager, Notification Manager In addition, Guests have privileges to Set their own user preferences and passwords in the Admin program area Create and save alarm filters in Alarm Manager Network Operator Network operators have the same read-only access as Guest users But, they can acknowledge, clear, and purge alarms in the Alarm Manager program area. Copyright © 2002-2006 AirDefense Proprietary and Confidential. ADDadmin Set of utilities for setup, basic configuration, and backup Default server IP address 192.168.100.2 Important! AirDefense reboots on exit from the Command Line Interface on execution of some programs. AirDefense will automatically reboot and the new settings will take effect. Copyright © 2002-2006 AirDefense Proprietary and Confidential. Accessing ADDadmin: Direct Access Via Keyboard / Monitor Connect monitor / keyboard to AD server Wait for login prompt and type credentials Type ADDadmin Via SSH Launch SSH client (version 2+) Enter username / password Type ADDadmin Remember command line username / password different then web browser Copyright © 2002-2006 AirDefense Proprietary and Confidential. Launching ADDadmin Copyright © 2002-2006 AirDefense Proprietary and Confidential. Changing Passwords Log in to the Command Line Interface. Type m, press <Enter> at the command prompt. Copyright © 2002-2006 AirDefense Proprietary and Confidential. Changing Passwords: Command Line Type the line number of the user whose password you want to change (smxmgr or smxarchive). Press <Enter>. If you are the Command Line User smxmgr and you pressed “1,” AirDefense prompts you for your current UNIX password. Type in your password now. AirDefense then prompts you for a new password. If you are the Command Line User smxarchive and you pressed “2,” AirDefense prompts you for a new password. Type the new password. Press <Enter>. Type the new password again. Press <Enter>. Copyright © 2002-2006 AirDefense Proprietary and Confidential. Add a User Type WEBU, press <Enter>. Select Change a Password. Type the name of the Web User for the password change, press <Enter>. Type the current Web User password, press <Enter>. Type the new Web User password, press <Enter>. Type the new Web User password again, press <Enter>. AirDefense asks you if you would like to change the password for this user. Type yes or no, press <Enter>. Copyright © 2002-2006 AirDefense Proprietary and Confidential. Entering Configuration Type “c” then press enter for configuration Copyright © 2002-2006 AirDefense Proprietary and Confidential. Configuring Initial Settings For each required setting, type the name of the ADDadmin utility at the prompt and provide the required information for each setting. Type “Yes” to save the input. IP—to set the IP address, subnet mask, and default gateway of the AirDefense Server DNS—to define DNS servers HNAME—to set the Host Name DNAME—to set the Domain Name HALLOW—to set Allowed Hosts (for SSH access) MRELAY—to configure the AirDefense Server to point to a mail relay host TIME—to set the AirDefense Server’s operating time and date (alternative: enable NTP) TZ—to set the AirDefense Server’s time zone (alternative: enable NTP) NTP—enable a specific network time server (NTP) instead of setting TIME and TZ Type q, press <Enter> to return to the ADDadmin main menu. Type q, press <Enter> again to quit the Command Line Interface—The system automatically reboots. Copyright © 2002-2006 AirDefense Proprietary and Confidential. Sensor Setup Checklist AirDefense Sensor IP Address of the Primary AirDefense Server IP Address of Secondary server for Failover. IP Address of Sensor (DHCP default) Copyright © 2002-2006 AirDefense Proprietary and Confidential. Sensor Setup Four Options: Cross-over cable via Default IP Address Use Crossover RED cable in the box Setup Laptop to 192.168.100.x IP Range Connect to sensor : https://192.168.100.100 DHCP/Static IP connected via Hub/Switch Connect Sensor to network. Determine IP Address (e.g. Kiwi Syslog) Connect to sensor via web UI : https://<IP-of-Sensor> Console access via Serial Cable and Hyperterm (M400 only) Connection setup : Port-COM1, Speed-1152000bps, Flow-None, Data bits-8, Parity-None, Stop bits-1 Login - admin/airdefense Zero-Config Option – DHCP server provides IP, ServerIP “043 Vendor Specific Option” in your DHCP Server Use gendhcp.exe to generate value string. Copyright © 2002-2006 AirDefense Proprietary and Confidential. Sensor Communication: Overview Sensors connect to server only through wired network Sensors use PKI authentication Communicate in Clear text or Encrypted (default) Communication over TCP/IP (Layer 3) Sensors Initiate communication (no Network Address Translation needed) 3 Missed Heartbeats result in Sensor Failover to secondary server Copyright © 2002-2006 AirDefense Proprietary and Confidential. Sensor UI Copyright © 2002-2006 AirDefense Proprietary and Confidential. Sensor Deployment Use Sensor deployment guide PDF for planning Use AirDefense Architect to predict sensor placements Determine if Power-over-Ethernet will be used or not Model 400 : custom AirDefense POE Model 510 / Model 520: Standard 802.3af compatible POE Determine if ZeroCabling option can be used Note down Sensor Info (IP, MAC etc) and location on Map Order cabling (if needed) Install Sensor at the specified location. Copyright © 2002-2006 AirDefense Proprietary and Confidential. Enterprise-Class Scalability with Lowest TCO Scalable & Easily Managed Platform View by Locations/Groups/ Sensors Hundreds of locations can report back to a centralized server Supports up to 100,000 devices & hundreds of sensors per server Start-up wizard to simplify initial system setup & configuration Low bandwidth requirements (< 3 Kbps per sensor) Appliance-based solution Zero-config sensors Simple Daily Administration Easy to use dashboards and wizards Automatic classification of network devices Role-based & domain-based views Events prioritized by threat level Actionable alarms allow administrators to efficiently solve problems Easy to understand alarm explanations & recommendations Copyright © 2002-2006 AirDefense Proprietary and Confidential. 23 Sensor Density Recommendations Copyright © 2002-2006 AirDefense Proprietary and Confidential. AirDefense ZeroCabling solution POE Switch with power on data pair 802.3af compliant Access Point Y-cable Y-cable Up to 300 ft. Cat5 Obviates the need for Sensor Cabling 802.3af compliant AirDefense Sensor Piggy-backs on the existing AP cabling Substantial cost and time reduction for sensor deployment Uses 2 Switch ports and provides full 12.95W – 15.4W to each device Sensor is not inline: hence sensor failure does not impact AP Copyright © 2002-2006 AirDefense Proprietary and Confidential. Sensor Troubleshooting Solving Orphaned Sensor Problem Cross-over cable via Default IP Address Use Crossover RED cable in the box Setup Laptop to 192.168.100.x IP Range Connect to sensor : https://192.168.100.100 Network Sniffing for ARP requests Either connect to sensor via Crossover or on network Using Ethereal, sniff ARP requests from Sensor MAC address Console access via Serial Cable and Hyperterm Connection setup : Port-COM1, Speed-1152000bps, Flow-None, Data bits-8, Parity-None, Stop bits-1 Login - admin/airdefense Note down Sensor Configuration from the status screen Copyright © 2002-2006 AirDefense Proprietary and Confidential. Sensor Troubleshooting Solving Connectivity Problems Check light on the Sensor for network connectivity On Console, verify the Sensor boot up process Check Switch Port for Sensor MAC Check Link Speed (default Auto : 100Mbps Full Duplex) Ensure Port 443 can connect from sensor to server (No firewalls blocking that port) View Sensor Status (Web UI – status) View Sensor Syslog (Web UI - status) Run Netstat command on the Server to check Sensor connection with Server Check Server UI for Sensor Online/Offline status Copyright © 2002-2006 AirDefense Proprietary and Confidential. AirDefense Enterprise GUI Downloadable Application Certain prerequisites Copyright © 2002-2006 AirDefense Proprietary and Confidential. Enterprise GUI Use Before you access the GUI for the first time, you must download and run the installer from the thin client web page at one of the following locations: • https://<server_ip_address>:8543 • https://<server_name>:8543 After you finish the GUI installation, you can log in remotely from a browser. The GUI is not accessible directly from the AirDefense Server. Copyright © 2002-2006 AirDefense Proprietary and Confidential. Logging Into the Enterprise GUI 1. Accept the Security Certificate 2. Download the correct application for your OS 3. Supports both Linux and Windows Platforms Copyright © 2002-2006 AirDefense Proprietary and Confidential. GUI Prerequisites The AirDefense GUI requires a minimal resolution setting of: 1024 x 768, which you set on your computer. Copyright © 2002-2006 AirDefense Proprietary and Confidential. Summary Basic Needs and Requirements Network Connections & User Interfaces Enterprise Setup Sensor Setup Copyright © 2002-2006 AirDefense Proprietary and Confidential. Summary Copyright © 2002-2006 AirDefense Proprietary and Confidential. 33
