Symantec 10521146 - Network Security 7120 Administration Manual

Category
General utility software
Type
Administration Manual

This manual is also suitable for

Symantec™ Network Security
Administration Guide
2
Symantec Network Security Administration Guide
The software described in this book is furnished under a license agreement and may be used only in
accordance with the terms of the agreement.
Documentation version 4.0
PN: 10268960
Copyright Notice
Copyright © 2004 Symantec Corporation.
All Rights Reserved.
Any technical documentation that is made available by Symantec Corporation is the copyrighted work
of Symantec Corporation and is owned by Symantec Corporation.
NO WARRANTY. The technical documentation is being delivered to you AS-IS, and Symantec
Corporation makes no warranty as to its accuracy or use. Any use of the technical documentation or the
information contained therein is at the risk of the user. Documentation may include technical or other
inaccuracies or typographical errors. Symantec reserves the right to make changes without prior
notice.
No part of this publication may be copied without the express written permission of Symantec
Corporation, 20330 Stevens Creek Blvd., Cupertino, CA 95014.
Trademarks
Symantec, the Symantec logo, LiveUpdate, Network Security, Symantec Decoy Server, and Norton
AntiVirus are U.S. registered trademarks of Symantec Corporation. Symantec AntiVirus, Symantec
Enterprise Security Architecture, and Symantec Security Response are trademarks of Symantec
Corporation.
Other brands and product names mentioned in this manual may be trademarks or registered
trademarks of their respective companies and are hereby acknowledged.
Windows is a registered trademark, and 95, 98, NT and 2002 are trademarks of Microsoft Corporation.
Pentium is a registered trademark of Intel Corporation. Sun is a registered trademark, and Java, Solaris,
Ultra, Enterprise, and SPARC are trademarks of Sun Microsystems. UNIX is a registered trademark of
UNIX System Laboratories, Inc. Cisco and Catalyst are registered trademarks of Cisco Systems, Inc.
Foundry is a registered trademark of Foundry Networks. Juniper is a registered trademark of Juniper
Networks, Inc. iButton is a trademark of Dallas Semiconductor Corp. Dell is a registered trademark of
Dell Computer Corporation. Check Point and OPSEC are trademarks and FireWall-1 is a registered
trademark of Check Point Software Technologies, Ltd. Tripwire is a registered trademark of Tripwire,
Inc.
Symantec Network Security software contains/includes the following Third Party Software from
external sources:
"bzip2" and associated library "libbzip2," Copyright © 1996-1998, Julian R Seward. All rights reserved.
(http://sources.redhat.com/bzip2).
" Castor,"ExoLab Group, Copyright 1999-2001 © 199-2001 Intalio, Inc. All rights reserved.
(http://www.exolab.org).
Printed in the United States of America. 10 9 8 7 6 5 4 3 2 1
3
Technical support
As part of Symantec Security Response, the Symantec global Technical Support
group maintains support centers throughout the world. The Technical Support
group’s primary role is to respond to specific questions on product
feature/function, installation, and configuration, as well as to author content for
our Web-accessible Knowledge Base. The Technical Support group works
collaboratively with the other functional areas within Symantec to answer your
questions in a timely fashion. For example, the Technical Support group works
with Product Engineering as well as Symantec Security Response to provide
Alerting Services and Virus Definition Updates for virus outbreaks and security
alerts.
Symantec technical support offerings include:
A range of support options that give you the flexibility to select the right
amount of service for any size organization
Telephone and Web support components that provide rapid response and
up-to-the-minute information
Upgrade insurance that delivers automatic software upgrade protection
Content Updates for virus definitions and security signatures that ensure
the highest level of protection
Global support from Symantec Security Response experts, which is
available 24 hours a day, 7 days a week worldwide in a variety of languages
Advanced features, such as the Symantec Alerting Service and Technical
Account Manager role, offer enhanced response and proactive security
support
Please visit our Web site for current information on Support Programs. The
specific features available may vary based on the level of support purchased and
the specific product that you are using.
Licensing and registration
If the product that you are implementing requires registration and/or a license
key, the fastest and easiest way to register your service is to access the
Symantec licensing and registration site at www.symantec.com/certificate.
Alternatively, you may go to www.symantec.com/techsupp/ent/enterprise.html,
select the product that you wish to register, and from the Product Home Page,
select the Licensing and Registration link.
Contacting Technical Support
Customers with a current support agreement may contact the Technical
Support group via phone or online at www.symantec.com/techsupp.
Customers with Platinum support agreements may contact Platinum Technical
Support via the Platinum Web site at www-secure.symantec.com/platinum/.
4
When contacting the Technical Support group, please have the following:
Product release level
Hardware information
Available memory, disk space, NIC information
Operating system
Version and patch level
Network topology
Router, gateway, and IP address information
Problem description
Error messages/log files
Troubleshooting performed prior to contacting Symantec
Recent software configuration changes and/or network changes
Customer Service
To contact Enterprise Customer Service online, go to www.symantec.com, select
the appropriate Global Site for your country, then choose Service and Support.
Customer Service is available to assist with the following types of issues:
Questions regarding product licensing or serialization
Product registration updates such as address or name changes
General product information (features, language availability, local dealers)
Latest information on product updates and upgrades
Information on upgrade insurance and maintenance contracts
Information on Symantec Value License Program
Advice on Symantec's technical support options
Nontechnical presales questions
Missing or defective CD-ROMs or manuals
Contents
Section 1 Overview
Chapter 1 Introduction
About the Symantec Network Security foundation ....................................... 15
About the Symantec Network Security 7100 Series ............................... 15
About other Symantec Network Security features .................................17
Finding information ............................................................................................ 20
About 7100 Series appliance documentation ..........................................20
About Network Security software documentation ................................. 21
About the Web sites .....................................................................................22
About this guide ........................................................................................... 23
Chapter 2 Architecture
About Symantec Network Security ...................................................................25
About the core architecture ...............................................................................25
About detection ............................................................................................ 26
About analysis .............................................................................................. 30
About response ............................................................................................. 31
About management and detection architecture .............................................32
About the Network Security console ........................................................ 32
About the node architecture ...................................................................... 34
About the 7100 Series appliance node ..................................................... 37
Chapter 3 Getting started
Getting started .....................................................................................................41
General checklist ................................................................................................. 42
General software and appliance checklist ...............................................42
Additional appliance-specific checklist ................................................... 43
About the management interfaces .................................................................... 44
Using the Network Security console ......................................................... 44
Using the serial console .............................................................................. 49
Using the LCD panel .................................................................................... 51
Managing user access .........................................................................................54
Managing user login accounts ................................................................... 55
6 Contents
Managing user passphrases ....................................................................... 57
Controlling user access ............................................................................... 59
Planning the deployment ................................................................................... 60
Deploying single nodes ....................................................................................... 61
Deploying a single Network Security software node ............................. 61
Deploying a single 7100 Series appliance node ...................................... 62
Configuring single-node parameters ........................................................ 63
Deploying node clusters ..................................................................................... 64
Deploying software and appliance nodes in a cluster ............................ 65
Monitoring groups within a cluster .......................................................... 66
Section 2 Initial Configuration
Chapter 4 Populating the topology database
About the network topology .............................................................................. 71
About the Devices tab ................................................................................. 72
About topology mapping ............................................................................ 74
Managing the topology tree ............................................................................... 78
Viewing auto-generated objects ................................................................ 79
Viewing node details ................................................................................... 79
Viewing node status .................................................................................... 79
Adding objects for the first time ............................................................... 80
Editing objects .............................................................................................. 81
Deleting objects ............................................................................................ 81
Reverting changes ....................................................................................... 82
Saving changes ............................................................................................. 82
Forcing nodes to synchronize .................................................................... 83
Backing up ..................................................................................................... 83
Adding nodes and objects ................................................................................... 83
About location objects ................................................................................. 83
About nodes and interfaces ........................................................................ 85
About Network Security software nodes ................................................. 86
About 7100 Series appliance nodes .......................................................... 92
About router objects ..................................................................................101
About Smart Agents ..................................................................................104
About managed network segments .........................................................108
Chapter 5 Protection policies
About protection policies .................................................................................111
Responding to malicious or suspicious events .....................................112
Understanding the protection policy work area ...........................................112
Using protection policies .................................................................................113
7Contents
Selecting pre-defined policies ..................................................................114
Setting policies to interfaces ....................................................................115
Applying to save changes .........................................................................115
Overriding blocking rules globally ..........................................................115
Undoing policy settings ............................................................................116
Adjusting the view of event types ...................................................................117
Searching to create a subset of event types ...........................................117
Adjusting the view by columns ................................................................119
Viewing event type details .......................................................................119
Defining new protection policies ....................................................................120
Adding or editing user-defined protection policies ..............................121
Cloning existing protection policies .......................................................121
Enabling or disabling logging rules ........................................................122
Enabling or disabling blocking rules ......................................................123
Deleting user-defined protection policies ..............................................125
Updating policies automatically .....................................................................125
Annotating policies and events .......................................................................126
Backing up protection policies ........................................................................128
Chapter 6 Responding
About response rules .........................................................................................129
About automated responses .............................................................................131
Managing response rules ..................................................................................132
Viewing response rules .............................................................................132
Adding new response rules ......................................................................133
Editing response rules ...............................................................................134
Searching event types ...............................................................................134
Deleting response rules ............................................................................135
Saving or reverting changes ....................................................................135
Backing up response rules ........................................................................135
Setting response parameters ...........................................................................136
Setting event targets .................................................................................136
Setting event types ....................................................................................136
Setting severity levels ...............................................................................137
Setting confidence levels ..........................................................................139
Setting event sources ................................................................................139
Setting response actions ...........................................................................140
Setting next actions ...................................................................................140
Setting response actions ...................................................................................141
Setting no response action .......................................................................142
Setting email notification .........................................................................142
Setting SNMP notification ........................................................................145
Setting TrackBack response action .........................................................147
8 Contents
Setting a custom response action ...........................................................147
Setting a TCP reset response action .......................................................150
Setting traffic record response action ....................................................150
Setting a console response action ...........................................................152
Setting export flow response action .......................................................153
Managing flow alert rules ................................................................................154
Viewing flow alert rules ............................................................................155
Adding flow alert rules .............................................................................155
Editing flow alert rules .............................................................................156
Deleting flow alert rules ...........................................................................156
Chapter 7 Detecting
About detection ..................................................................................................159
Configuring sensor detection ..........................................................................160
Configuring sensor parameters ...............................................................161
Restarting or stopping sensors ................................................................161
Basic sensor parameters ...........................................................................162
Data collection parameters ......................................................................163
Threshold parameters ...............................................................................164
Saturation parameters ..............................................................................165
Miscellaneous parameters ........................................................................167
Checksum validation parameters ............................................................168
Advanced sensor parameters ...................................................................169
Interval and flow parameters ..................................................................170
Miscellaneous parameters ........................................................................172
Table element parameters ........................................................................173
Segment parameters .................................................................................175
Configuring port mapping ...............................................................................177
Configuring signature detection .....................................................................179
About Symantec signatures .....................................................................179
About user-defined signatures ................................................................180
Managing signatures .................................................................................180
Managing signature variables .................................................................184
Section 3 Using Symantec Network Security
Chapter 8 Monitoring
About incident and event data .........................................................................189
Viewing incident and event data .............................................................190
Adjusting the view .....................................................................................191
Examining incident and event data ................................................................192
Examining incident data ...........................................................................193
9Contents
Examining event data ...............................................................................196
Managing incident and event data ..................................................................201
Selecting columns ......................................................................................202
Selecting view filters .................................................................................205
Marking and annotating ...........................................................................207
Saving, copying, and printing data .........................................................209
Emailing incident or event data ..............................................................211
Tuning incident parameters ............................................................................213
Setting Incident Idle Time ........................................................................213
Setting Maximum Incidents .....................................................................214
Setting Maximum Active Incident Life ..................................................214
Setting Incident Unique IP Limit ............................................................215
Setting Event Correlation ‘Name’ Weight .............................................215
Event Correlation ‘Source IP’ Weight .....................................................216
Event Correlation ‘Destination IP’ Weight ............................................217
Event Correlation ‘Source Port’ Weight .................................................217
Event Correlation ‘Destination Port’ Weight ........................................218
Monitoring flow statistics ................................................................................219
Enabling flow data collection ...................................................................219
Configuring FlowChaser ...........................................................................220
Chapter 9 Reporting
About reports and queries ................................................................................223
Scheduling reports ............................................................................................224
Adding or editing report schedules .........................................................224
Refreshing the list of reports ...................................................................225
Deleting report schedules .........................................................................226
Managing scheduled reports ....................................................................226
Reporting top-level and drill-down .................................................................228
About report formats ................................................................................228
About report types .....................................................................................229
About incident/event reports ..................................................................229
Printing and saving reports .....................................................................230
About top-level report types ............................................................................230
Reports of top events ................................................................................231
Reports per incident schedule .................................................................232
Reports per event schedule ......................................................................233
Reports by event characteristics .............................................................233
Reports per Network Security device .....................................................235
Drill-down-only reports ............................................................................236
Querying flows ...................................................................................................237
Viewing current flows ...............................................................................238
Viewing Flow Statistics .............................................................................239
10 Contents
Viewing exported flows ............................................................................239
Playing recorded traffic ....................................................................................240
Replaying recorded traffic flow data ......................................................241
Chapter 10 Managing log files
About the log files ..............................................................................................243
About the install log ..................................................................................243
About the operational log .........................................................................244
Managing logs ....................................................................................................244
Viewing log files .........................................................................................244
Viewing live log files .................................................................................245
Archiving log files ......................................................................................246
Copying log files .........................................................................................246
Deleting log files ........................................................................................247
Refreshing the list of log files ..................................................................247
Configuring automatic archiving ....................................................................248
Setting automatic logging levels .............................................................248
Archiving log files ......................................................................................249
Compressing log files ................................................................................252
Exporting data ....................................................................................................254
Exporting to file .........................................................................................254
Exporting to SESA .....................................................................................255
Exporting to SQL ........................................................................................257
Exporting to syslog ....................................................................................260
Transferring via SCP .................................................................................264
Chapter 11 Advanced configuration
About advanced setup .......................................................................................269
Updating Symantec Network Security ...........................................................269
About LiveUpdate ......................................................................................270
Scanning for available updates ...............................................................271
Applying updates .......................................................................................271
Setting the LiveUpdate server .................................................................272
Scheduling live updates ....................................................................................273
Adding or editing automatic updates ....................................................273
Deleting automatic update schedules .....................................................274
Reverting automatic update schedules ..................................................274
Backing up LiveUpdate configurations ..................................................274
Managing node clusters ....................................................................................275
Creating a new cluster ..............................................................................275
Managing an established cluster .............................................................278
Setting a cluster-wide parameter ............................................................281
11Contents
Backup up cluster-wide data ....................................................................282
Integrating third-party events ........................................................................282
Integrating via Smart Agents ..................................................................283
Integrating with Symantec Decoy Server ..............................................285
Establishing high availability failover ...........................................................287
Monitoring node availability ...................................................................287
Configuring availability for single nodes ...............................................288
Configuring availability for multiple nodes ..........................................289
Configuring watchdog processes .............................................................293
Backing up and restoring ..................................................................................297
Backing up and restoring on the Network Security console ...............298
Backing up and restoring on compact flash ..........................................302
Configuring advanced parameters ..................................................................308
About parameters for clusters, nodes, and sensors .............................309
About basic setup and advanced tuning .................................................309
Configuring node parameters ..................................................................310
Configuring basic parameters ..................................................................310
Configuring Network Security console parameters .............................311
Configuring advanced parameters ..........................................................311
Section 4 Appendices
Appendix A User groups reference
About user groups .............................................................................................319
About group permissions .........................................................................319
Permissions by group ................................................................................320
Permissions by task ...................................................................................321
Appendix B SQL reference
About SQL export parameters .........................................................................325
Setting up SQL export ...............................................................................325
Using Oracle tables ............................................................................................326
Oracle incident table .................................................................................326
Oracle event table ......................................................................................328
Using MySQL tables ..........................................................................................332
MySQL incident table ................................................................................332
MySQL event table .....................................................................................334
Glossary
Acronyms
12 Contents
Index
Part I
Overview
Symantec Network Security is a new generation of security software that
provides an unprecedented ability to detect, analyze, and respond to network
intrusions and prevent damage from attacks. Symantec Network Security
contains multiple tools and techniques that work together to gather attack
information, analyze the attacks, and then initiate an appropriate response.
The Symantec Network Security 7100 Series is a family of highly scalable
integrated hardware and software intrusion detection appliances, designed to
detect and prevent attacks across multiple network segments at multi-gigabit
speeds. The 7100 Series combines Symantec Network Security’s powerful
detection capabilities with robust hardware features and the convenience of an
appliance.
This section introduces you to the Symantec Network Security intrusion
detection system, describes the architecture of the core Symantec Network
Security software and the Symantec Network Security 7100 Series appliance,
and outlines how to get started with basic deployment schemes as follows:
Copyright Notice
Introduction
Architecture
Getting started
14
Chapter
1
Introduction
This chapter includes the following topics:
About the Symantec Network Security foundation
Finding information
About the Symantec Network Security foundation
The Symantec™ Network Security software and the Symantec Network Security
7100 Series appliance employ a common core architecture that provides
detection, analysis, storage, and response functionality. Most procedures in this
section apply to both the 7100 Series appliance and the Symantec Network
Security 4.0 software. The 7100 Series appliance also provides additional
functionality that is unique to an appliance. This additional functionality is
described in detail in each section.
This section includes the following topics:
About the Symantec Network Security 7100 Series
About other Symantec Network Security features
About the Symantec Network Security 7100 Series
Symantec™ Network Security 7100 Series security appliances provide real-time
network intrusion prevention and detection to protect critical enterprise assets
from the threat of known, unknown (zero-day) and DoS attacks. The 7100 Series
appliances employ the new and innovative Network Threat Mitigation
Architecture that combines anomaly, signature, statistical and vulnerability
detection techniques into an Intrusion Mitigation Unified Network Engine
(IMUNE), that proactively prevents and provides immunity against malicious
attacks including denial of service attempts, intrusions and malicious code,
network infrastructure attacks, application exploits, scans and reconnaissance
16 Introduction
About the Symantec Network Security foundation
activities, backdoors, buffer overflow attempts and blended threats like MS
Blaster and SQL Slammer.
In addition to the features it shares with the Symantec Network Security 4.0
software, the Symantec Network Security 7100 Series appliance offers:
In-line Operation: The 7100 Series appliance can be deployed in-line as a
transparent bridge to perform real-time monitoring and blocking of
network-based attacks. This ability to prevent attacks before they reach
their targets takes network security to the next level over passive event
identification and alerting. The 7100 Series appliance's One-Click Blocking
feature enables users to automatically enable blocking on all in-line
interfaces with the click of a single button, saving critical time in the event
of worm attacks.
Policy-based Attack Prevention: Deployed in-line, the 7100 Series appliance
is able to perform session-based blocking against malicious traffic,
preventing attacks from reaching their targets. Predefined and customizable
protection policies enable users to tailor their protection based on their
security policies and business need. Policies can be tuned based on threat
category, severity, intent, reliability and profile of protected resources, and
common or individualized policies can be applied per sensor for both in-line
and passive monitoring.
Interface Grouping: 7100 Series appliance users can configure up to four
monitoring interfaces as an interface group to perform detection of attacks
for large networks that have asymmetric routed traffic. A single sensor
handles all network traffic seen by the interface group, keeping track of
state even when traffic enters the network on one interface and departs on
another. This feature greatly increases the attack detection capacity of the
7100 Series and allows it to operate more effectively in enterprise network
environments.
Dedicated Response Ports: The Symantec Network Security 7100 Series
provides special network interfaces for sending anonymous TCP resets to
attackers. With this configuration, network monitoring continues
uninterrupted even when sending resets.
Reduced Total Cost of Solution: A single 7100 Series appliance can monitor
up to eight network segments or VLANs. The Symantec Network Security
7100 Series reduces the cost of a network security solution by enhancing the
security and reliability of the hardware, simplifying deployment and
management, and providing a single point of service and support.
Flexible Licensing Options: Each model of the Symantec Network Security
7100 Series offers licensing at multiple bandwidth levels. Whether you
17Introduction
About the Symantec Network Security foundation
deploy the appliance at a slow WAN connection or on your gigabit backbone,
you can select the license that fits your needs.
Fail-open: When using in-line mode, the Symantec Network Security 7100
Series appliance is placed directly into the network path. The optional
Symantec Network Security In-line Bypass unit provides fail-open capability
to prevent an unexpected hardware failure from causing a loss of network
connectivity. The Symantec In-line Bypass Unit provides a customized
solution that will keep your network connected even if the appliance has a
sudden hardware failure.
See also “About other Symantec Network Security features” on page 17.
About other Symantec Network Security features
Symantec Network Security is highly scalable, and meets a range of needs for
aggregate network bandwidth. Symantec Network Security reduces the total
cost of implementing a complete network security solution through simplified
and rapid deployment, centralized management, and cohesive and streamlined
security content, service, and support.
Symantec Network Security is centrally managed via the Symantec™ Network
Security Management Console, a powerful and scalable security management
system that supports large, distributed enterprise deployments and provides
comprehensive configuration and policy management, real-time threat analysis,
enterprise reporting, and flexible visualization.
The Network Security Management System automates the process of delivering
security and product updates to Symantec Network Security using Symantec™
LiveUpdate to provide real-time detection of the latest threats. In addition, the
Network Security Management System can be used to expand the intrusion
protection umbrella using the Symantec Network Security Smart Agents to
provide enterprise-wide, multi-source intrusion management by aggregating,
correlating, and responding to events from multiple Symantec and third-party
host and network security products.
Symantec Network Security provides the following abilities:
Multi-Gigabit Detection for High-speed Environments: Symantec Network
Security sets new standards with multi-gigabit, high-speed traffic
monitoring allowing implementation at virtually any level within an
organization, even on gigabit backbones. On a certified platform, Symantec
Network Security can maintain 100% of its detection capability at 2Gbps
across 6 gigabit network interfaces with no packet loss.
Hybrid Detection Architecture: Symantec Network Security uses an array of
detection methodologies for effective attack detection and accurate attack
identification. It collects evidence of malicious activity with a combination
18 Introduction
About the Symantec Network Security foundation
of protocol anomaly detection, stateful signatures, event refinement, traffic
rate monitoring, IDS evasion handling, flow policy violation, IP
fragmentation reassembly, and user-defined signatures.
Zero-Day Attack Detection: Symantec Network Security's protocol anomaly
detection helps detect previously unknown and new attacks as they occur.
This capability, dubbed “zero-day” detection, closes the window of
vulnerability inherent in signature-based systems that leave networks
exposed until signatures are published.
Symantec SecurityUpdates with LiveUpdate: Symantec Network Security
now includes LiveUpdate, allowing users to automated the download and
deployment of regular and rapid response SecurityUpdates from Symantec
Security Response, the world's leading Internet security research and
support organization. Symantec Security Response provides top-tier
security protection and the latest security context information, including
exploit and vulnerability information, event descriptions, and event
refinement rules to protect against ever-increasing threats.
Real-Time Event Correlation and Analysis: Symantec Network Security's
correlation and analysis engine filters out redundant data and analyzes only
the relevant information, providing threat awareness without data overload.
Symantec Network Security gathers intelligence across the enterprise using
cross-node analysis to quickly spot trends and identify related events and
incidents as they happen. In addition, new user-configurable correlation
rules enable users to tune correlation performance to meet the needs of
their own organization and environment.
Full packet capture, session playback and flow querying capabilities:
Symantec Network Security can be configured on a per-interface basis to
capture the entire packet when an attack is detected so that you can quickly
determine if the offending packet is a benign event that can be filtered or
flagged for further investigation. Automated response actions can initiate
traffic recording and flow exports, and you can query existing or saved flows
as well as playback saved sessions to further assist in drill-down analysis of
a security event.
Proactive Response Rules: Contains and controls the attack in real-time and
initiates other actions required for incident response. Customized policies
provide immediate response to intrusions or denial-of-service attacks based
on the type and the location of the event within the network. Symantec
Network Security implements session termination, traffic recording and
playback, flow export and query, TrackBack, and custom responses to be
combined with email and SNMP notifications to protect an enterprise's most
critical assets.
19Introduction
About the Symantec Network Security foundation
Policy-Based Detection: Predefined policies speed deployment by allowing
users quickly configure immediate response to intrusions or
denial-of-service attacks based on the type and the location of the event
within the network. Independently configurable detection settings make it
easy for users to create granular responses. Using the robust policy editor,
users can quickly create monitoring policies that are customized to the
needs of their particular environment. Policies can applied at the cluster,
node, or interface level for complete, scalable control.
Role-based Administration: Symantec Network Security provides the ability
to define administrative users and assign them roles to grant them varying
levels of access rights. Administrative users can be assigned roles all the
way from full SuperUser privileges down to RestrictedUser access that only
allows monitoring events without packet inspection capabilities. All
administrative changes made from the Network Security console are logged
for auditing purposes.
TrackBack and FlowChaser: Symantec Network Security incorporates
sophisticated FlowChaser technology that uses flow information from both
Network Security software nodes and 7100 Series appliance nodes, and from
other network devices to trace attacks to the source.
Cost-effective Scalable Deployment: A single Network Security software node
or 7100 Series appliance node can monitor multiple segments or VLANs.
Each node can be configured to monitor up to 12 Fast Ethernet ports or 6 to
8 Gigabit Ethernet ports. As the network infrastructure grows, network
interface cards can be added to the same node to support additional
monitoring requirements.
High Availability Deployment: Network Security software nodes and 7100
Series appliance nodes can be deployed in a High Availability (H/A)
configuration to ensure continuous attack detection without any loss of
traffic or flow data in your mission-critical environment.
Centralized Cluster Management: A Symantec Network Security deployment
can consist of multiple clusters, each cluster consisting of up to 120 nodes,
and an entire Network Security cluster can be securely and remotely
managed from a centralized management console. The Network Security
console provides complete cluster topology and policy management, node
and sensor management, incident and event monitoring, and drill-down
incident analysis and reporting.
Enterprise Reporting Capabilities: Symantec Network Security provides
cluster-wide, on-demand, drill-down, console-based reports that can be
generated in text, HTML, and PDF formats and can also be emailed, saved,
or printed. In addition, Symantec Network Security provides cluster-wide
20 Introduction
Finding information
scheduled reports generated on the software and appliance nodes that can
be emailed or archived to a remote computer using secure copy.
Symantec Network Security Smart Agents Technology: Symantec Network
Security Smart Agents enable enterprise-wide, multi-source intrusion event
collection, helping companies to expand the security umbrella and enhance
the threat detection value of their existing security assets. Third-party
intrusion events are aggregated into a centralized location, leveraging the
power of the Symantec Network Security correlation and analysis
framework, along with the ability to automate responses to intrusions
across the enterprise.
See also “About the Symantec Network Security 7100 Series” on page 15.
Finding information
You can find information about Symantec Network Security software and
Symantec Network Security 7100 Series appliances in the documentation sets,
on the product CDs, and on the Symantec Web sites.
This section includes the following topics:
About 7100 Series appliance documentation
About Network Security software documentation
About the Web sites
About this guide
About 7100 Series appliance documentation
The documentation set for the Symantec Network Security 7100 Series includes:
Symantec Network Security 7100 Series Implementation Guide (printed and
PDF). This guide explains how to install, configure, and perform key tasks on
the Symantec Network Security 7100 Series.
Symantec Network Security Administration Guide (printed and PDF). This
guide provides the main reference material, including detailed descriptions
of the Symantec Network Security features, infrastructure, and how to
configure and manage effectively.
Depending on your appliance model, one of the following:
Symantec Network Security 7100 Series: Model 7120 Getting Started
Card
Symantec Network Security 7100 Series: Models 7160 and 7161 Getting
Started Card
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38
  • Page 39 39
  • Page 40 40
  • Page 41 41
  • Page 42 42
  • Page 43 43
  • Page 44 44
  • Page 45 45
  • Page 46 46
  • Page 47 47
  • Page 48 48
  • Page 49 49
  • Page 50 50
  • Page 51 51
  • Page 52 52
  • Page 53 53
  • Page 54 54
  • Page 55 55
  • Page 56 56
  • Page 57 57
  • Page 58 58
  • Page 59 59
  • Page 60 60
  • Page 61 61
  • Page 62 62
  • Page 63 63
  • Page 64 64
  • Page 65 65
  • Page 66 66
  • Page 67 67
  • Page 68 68
  • Page 69 69
  • Page 70 70
  • Page 71 71
  • Page 72 72
  • Page 73 73
  • Page 74 74
  • Page 75 75
  • Page 76 76
  • Page 77 77
  • Page 78 78
  • Page 79 79
  • Page 80 80
  • Page 81 81
  • Page 82 82
  • Page 83 83
  • Page 84 84
  • Page 85 85
  • Page 86 86
  • Page 87 87
  • Page 88 88
  • Page 89 89
  • Page 90 90
  • Page 91 91
  • Page 92 92
  • Page 93 93
  • Page 94 94
  • Page 95 95
  • Page 96 96
  • Page 97 97
  • Page 98 98
  • Page 99 99
  • Page 100 100
  • Page 101 101
  • Page 102 102
  • Page 103 103
  • Page 104 104
  • Page 105 105
  • Page 106 106
  • Page 107 107
  • Page 108 108
  • Page 109 109
  • Page 110 110
  • Page 111 111
  • Page 112 112
  • Page 113 113
  • Page 114 114
  • Page 115 115
  • Page 116 116
  • Page 117 117
  • Page 118 118
  • Page 119 119
  • Page 120 120
  • Page 121 121
  • Page 122 122
  • Page 123 123
  • Page 124 124
  • Page 125 125
  • Page 126 126
  • Page 127 127
  • Page 128 128
  • Page 129 129
  • Page 130 130
  • Page 131 131
  • Page 132 132
  • Page 133 133
  • Page 134 134
  • Page 135 135
  • Page 136 136
  • Page 137 137
  • Page 138 138
  • Page 139 139
  • Page 140 140
  • Page 141 141
  • Page 142 142
  • Page 143 143
  • Page 144 144
  • Page 145 145
  • Page 146 146
  • Page 147 147
  • Page 148 148
  • Page 149 149
  • Page 150 150
  • Page 151 151
  • Page 152 152
  • Page 153 153
  • Page 154 154
  • Page 155 155
  • Page 156 156
  • Page 157 157
  • Page 158 158
  • Page 159 159
  • Page 160 160
  • Page 161 161
  • Page 162 162
  • Page 163 163
  • Page 164 164
  • Page 165 165
  • Page 166 166
  • Page 167 167
  • Page 168 168
  • Page 169 169
  • Page 170 170
  • Page 171 171
  • Page 172 172
  • Page 173 173
  • Page 174 174
  • Page 175 175
  • Page 176 176
  • Page 177 177
  • Page 178 178
  • Page 179 179
  • Page 180 180
  • Page 181 181
  • Page 182 182
  • Page 183 183
  • Page 184 184
  • Page 185 185
  • Page 186 186
  • Page 187 187
  • Page 188 188
  • Page 189 189
  • Page 190 190
  • Page 191 191
  • Page 192 192
  • Page 193 193
  • Page 194 194
  • Page 195 195
  • Page 196 196
  • Page 197 197
  • Page 198 198
  • Page 199 199
  • Page 200 200
  • Page 201 201
  • Page 202 202
  • Page 203 203
  • Page 204 204
  • Page 205 205
  • Page 206 206
  • Page 207 207
  • Page 208 208
  • Page 209 209
  • Page 210 210
  • Page 211 211
  • Page 212 212
  • Page 213 213
  • Page 214 214
  • Page 215 215
  • Page 216 216
  • Page 217 217
  • Page 218 218
  • Page 219 219
  • Page 220 220
  • Page 221 221
  • Page 222 222
  • Page 223 223
  • Page 224 224
  • Page 225 225
  • Page 226 226
  • Page 227 227
  • Page 228 228
  • Page 229 229
  • Page 230 230
  • Page 231 231
  • Page 232 232
  • Page 233 233
  • Page 234 234
  • Page 235 235
  • Page 236 236
  • Page 237 237
  • Page 238 238
  • Page 239 239
  • Page 240 240
  • Page 241 241
  • Page 242 242
  • Page 243 243
  • Page 244 244
  • Page 245 245
  • Page 246 246
  • Page 247 247
  • Page 248 248
  • Page 249 249
  • Page 250 250
  • Page 251 251
  • Page 252 252
  • Page 253 253
  • Page 254 254
  • Page 255 255
  • Page 256 256
  • Page 257 257
  • Page 258 258
  • Page 259 259
  • Page 260 260
  • Page 261 261
  • Page 262 262
  • Page 263 263
  • Page 264 264
  • Page 265 265
  • Page 266 266
  • Page 267 267
  • Page 268 268
  • Page 269 269
  • Page 270 270
  • Page 271 271
  • Page 272 272
  • Page 273 273
  • Page 274 274
  • Page 275 275
  • Page 276 276
  • Page 277 277
  • Page 278 278
  • Page 279 279
  • Page 280 280
  • Page 281 281
  • Page 282 282
  • Page 283 283
  • Page 284 284
  • Page 285 285
  • Page 286 286
  • Page 287 287
  • Page 288 288
  • Page 289 289
  • Page 290 290
  • Page 291 291
  • Page 292 292
  • Page 293 293
  • Page 294 294
  • Page 295 295
  • Page 296 296
  • Page 297 297
  • Page 298 298
  • Page 299 299
  • Page 300 300
  • Page 301 301
  • Page 302 302
  • Page 303 303
  • Page 304 304
  • Page 305 305
  • Page 306 306
  • Page 307 307
  • Page 308 308
  • Page 309 309
  • Page 310 310
  • Page 311 311
  • Page 312 312
  • Page 313 313
  • Page 314 314
  • Page 315 315
  • Page 316 316
  • Page 317 317
  • Page 318 318
  • Page 319 319
  • Page 320 320
  • Page 321 321
  • Page 322 322
  • Page 323 323
  • Page 324 324
  • Page 325 325
  • Page 326 326
  • Page 327 327
  • Page 328 328
  • Page 329 329
  • Page 330 330
  • Page 331 331
  • Page 332 332
  • Page 333 333
  • Page 334 334
  • Page 335 335
  • Page 336 336
  • Page 337 337
  • Page 338 338
  • Page 339 339
  • Page 340 340
  • Page 341 341
  • Page 342 342
  • Page 343 343
  • Page 344 344
  • Page 345 345
  • Page 346 346
  • Page 347 347
  • Page 348 348
  • Page 349 349
  • Page 350 350
  • Page 351 351
  • Page 352 352
  • Page 353 353
  • Page 354 354
  • Page 355 355
  • Page 356 356
  • Page 357 357
  • Page 358 358
  • Page 359 359
  • Page 360 360
  • Page 361 361
  • Page 362 362
  • Page 363 363
  • Page 364 364
  • Page 365 365
  • Page 366 366
  • Page 367 367
  • Page 368 368
  • Page 369 369
  • Page 370 370
  • Page 371 371
  • Page 372 372
  • Page 373 373
  • Page 374 374
  • Page 375 375
  • Page 376 376
  • Page 377 377
  • Page 378 378
  • Page 379 379
  • Page 380 380
  • Page 381 381
  • Page 382 382
  • Page 383 383
  • Page 384 384
  • Page 385 385
  • Page 386 386
  • Page 387 387
  • Page 388 388
  • Page 389 389
  • Page 390 390
  • Page 391 391
  • Page 392 392

Symantec 10521146 - Network Security 7120 Administration Manual

Category
General utility software
Type
Administration Manual
This manual is also suitable for

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI