Вы находитесь на странице: 1из 53

Manager Installation Guide

revision 7.0

McAfee Network Security Platform


Network Security Manager version 5.1

McAfee Network Protection


Industry-leading network security solutions

COPYRIGHT
Copyright 2001 - 2010 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.

TRADEMARKS
ACTIVE FIREWALL, ACTIVE SECURITY, ACTIVESECURITY (AND IN KATAKANA), ACTIVESHIELD, CLEAN-UP, DESIGN (STYLIZED E), DESIGN (STYLIZED N), ENTERCEPT, EPOLICY ORCHESTRATOR, FIRST AID, FOUNDSTONE, GROUPSHIELD, GROUPSHIELD (AND IN KATAKANA), INTRUSHIELD, INTRUSION PREVENTION THROUGH INNOVATION, McAfee, McAfee (AND IN KATAKANA), McAfee AND DESIGN, McAfee.COM, McAfee VIRUSSCAN, NET TOOLS, NET TOOLS (AND IN KATAKANA), NETSCAN, NETSHIELD, NUTS & BOLTS, OIL CHANGE, PRIMESUPPORT, SPAMKILLER, THREATSCAN, TOTAL VIRUS DEFENSE, VIREX, VIRUS FORUM, VIRUSCAN, VIRUSSCAN, VIRUSSCAN (AND IN KATAKANA), WEBSCAN, WEBSHIELD, WEBSHIELD (AND IN KATAKANA) are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. The color red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.

LICENSE AND PATENT INFORMATION License Agreement


NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANIES YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEB SITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO McAfee OR THE PLACE OF PURCHASE FOR A FULL REFUND.

License Attributions
This product includes or may include: * Software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). * Cryptographic software written by Eric A. Young and software written by Tim J. Hudson. * Some software programs that are licensed (or sublicensed) to the user under the GNU General Public License (GPL) or other similar Free Software licenses which, among other rights, permit the user to copy, modify and redistribute certain programs, or portions thereof, and have access to the source code. The GPL requires that for any software covered under the GPL, which is distributed to someone in an executable binary format, that the source code also be made available to those users. For any such software covered under the GPL, the source code is made available on this CD. If any Free Software licenses require that McAfee provide rights to use, copy or modify a software program that are broader than the rights granted in this agreement, then such rights shall take precedence over the rights and restrictions herein. * Software originally written by Henry Spencer, Copyright 1992, 1993, 1994, 1997 Henry Spencer. * Software originally written by Robert Nordier, Copyright (C) 1996-7 Robert Nordier. * Software written by Douglas W. Sauder. * Software developed by the Apache Software Foundation (http://www.apache.org/). A copy of the license agreement for this software can be found at www.apache.org/licenses/LICENSE-2.0.txt. * International Components for Unicode ("ICU") Copyright (C) 1995-2002 International Business Machines Corporation and others. * Software developed by CrystalClear Software, Inc., Copyright (C) 2000 CrystalClear Software, Inc. * FEAD(R) Optimizer(R) technology, Copyright Netopsystems AG, Berlin, Germany. * Outside In(R) Viewer Technology (C) 1992-2001 Stellent Chicago, Inc. and/or Outside In(R) HTML Export, (C) 2001 Stellent Chicago, Inc. * Software copyrighted by Thai Open Source Software Center Ltd. and Clark Cooper, (C) 1998, 1999, 2000. * Software copyrighted by Expat maintainers. * Software copyrighted by The Regents of the University of California, (C) 1996, 1989, 1998-2000. * Software copyrighted by Gunnar Ritter. * Software copyrighted by Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, U.S.A., (C) 2003. * Software copyrighted by Gisle Aas. (C) 1995-2003. * Software copyrighted by Michael A. Chase, (C) 1999-2000. * Software copyrighted by Neil Winton, (C) 1995-1996. * Software copyrighted by RSA Data Security, Inc., (C) 1990-1992. * Software copyrighted by Sean M. Burke, (C) 1999, 2000. * Software copyrighted by Martijn Koster, (C) 1995. * Software copyrighted by Brad Appleton, (C) 1996-1999. * Software copyrighted by Michael G. Schwern, (C) 2001. * Software copyrighted by Graham Barr, (C) 1998. * Software copyrighted by Larry Wall and Clark Cooper, (C) 1998-2000. * Software copyrighted by Frodo Looijaard, (C) 1997. * Software copyrighted by the Python Software Foundation, Copyright (C) 2001, 2002, 2003. A copy of the license agreement for this software can be found at www.python.org. * Software copyrighted by Beman Dawes, (C) 1994-1999, 2002. * Software written by Andrew Lumsdaine, Lie-Quan Lee, Jeremy G. Siek (C) 1997-2000 University of Notre Dame. * Software copyrighted by Simone Bordet & Marco Cravero, (C) 2002. * Software copyrighted by Stephen Purcell, (C) 2001. * Software developed by the Indiana University Extreme! Lab (http://www.extreme.indiana.edu/). * Software copyrighted by International Business Machines Corporation and others, (C) 1995-2003. * Software developed by the University of California, Berkeley and its contributors. * Software developed by Ralf S. Engelschall <rse@engelschall.com> for use in the mod_ssl project (http:// www.modssl.org/). * Software copyrighted by Kevlin Henney, (C) 2000-2002. * Software copyrighted by Peter Dimov and Multi Media Ltd. (C) 2001, 2002. * Software copyrighted by David Abrahams, (C) 2001, 2002. See http://www.boost.org/libs/bind/bind.html for documentation. * Software copyrighted by Steve Cleary, Beman Dawes, Howard Hinnant & John Maddock, (C) 2000. * Software copyrighted by Boost.org, (C) 1999-2002. * Software copyrighted by Nicolai M. Josuttis, (C) 1999. * Software copyrighted by Jeremy Siek, (C) 1999-2001. * Software copyrighted by Daryle Walker, (C) 2001. * Software copyrighted by Chuck Allison and Jeremy Siek, (C) 2001, 2002. * Software copyrighted by Samuel Krempp, (C) 2001. See http://www.boost.org for updates, documentation, and revision history. * Software copyrighted by Doug Gregor (gregod@cs.rpi.edu), (C) 2001, 2002. * Software copyrighted by Cadenza New Zealand Ltd., (C) 2000. * Software copyrighted by Jens Maurer, (C) 2000, 2001. * Software copyrighted by Jaakko Jrvi (jaakko.jarvi@cs.utu.fi), (C) 1999, 2000. * Software copyrighted by Ronald Garcia, (C) 2002. * Software copyrighted by David Abrahams, Jeremy Siek, and Daryle Walker, (C) 1999-2001. * Software copyrighted by Stephen Cleary (shammah@voyager.net), (C) 2000. * Software copyrighted by Housemarque Oy <http://www.housemarque.com>, (C) 2001. * Software copyrighted by Paul Moore, (C) 1999. * Software copyrighted by Dr. John Maddock, (C) 1998-2002. * Software copyrighted by Greg Colvin and Beman Dawes, (C) 1998, 1999. * Software copyrighted by Peter Dimov, (C) 2001, 2002. * Software copyrighted by Jeremy Siek and John R. Bandela, (C) 2001. * Software copyrighted by Joerg Walter and Mathias Koch, (C) 2000-2002. * Software copyrighted by Carnegie Mellon University (C) 1989, 1991, 1992. * Software copyrighted by Cambridge Broadband Ltd., (C) 2001-2003. * Software copyrighted by Sparta, Inc., (C) 2003-2004. * Software copyrighted by Cisco, Inc and Information Network Center of Beijing University of Posts and Telecommunications, (C) 2004. * Software copyrighted by Simon Josefsson, (C) 2003. * Software copyrighted by Thomas Jacob, (C) 2003-2004. * Software copyrighted by Advanced Software Engineering Limited, (C) 2004. * Software copyrighted by Todd C. Miller, (C) 1998. * Software copyrighted by The Regents of the University of California, (C) 1990, 1993, with code derived from software contributed to Berkeley by Chris Torek.

Issued NOVEMBER 2010 / Manager Installation Guide


700-1801-00/ 7.0 - English

Contents

Preface ........................................................................................................... v
Introducing McAfee Network Security Platform............................................................................. v About this Guide............................................................................................................................ v Audience ....................................................................................................................................... v Conventions used in this guide ..................................................................................................... v Related Documentation.................................................................................................................vi Contacting Technical Support ......................................................................................................vii

Chapter 1 Introduction to McAfee Network Security Platform ................. 1


About the Network Security Manager............................................................................................ 1 Manager components ............................................................................................................1 Update Server ........................................................................................................................3

Chapter 2 About Network Security Central Manager ................................ 5 Chapter 3 Preparing for installation ............................................................ 6
Pre-requisites ................................................................................................................................ 6 General settings .....................................................................................................................6 Other third-party applications .................................................................................................7 Browser display settings (Windows) ......................................................................................7 Server requirements...............................................................................................................7 Client system requirements..................................................................................................10 Java Runtime Environment (JRE) requirement....................................................................10 Database requirements........................................................................................................10 Pre-installation recommendations ............................................................................................... 11 Planning for installation ........................................................................................................11 Functional requirements.......................................................................................................12 Using anti-virus software with the Manager .........................................................................12 User interface responsiveness.............................................................................................13

Chapter 4 Installing and upgrading the Central Manager/Manager ....... 14


Installing the Manager ................................................................................................................. 14 Manager installation with Local Service account privileges .................................................24 Installing the Central Manager .................................................................................................... 25 Sensor license types ................................................................................................................... 25 Adding a Sensor license ......................................................................................................26 Manually Assigning a Sensor License .................................................................................27 Java installation for client systems .............................................................................................. 28 Updating or upgrading in Network Security Platform .................................................................. 28 Upgrading your software ......................................................................................................29 Updating your signature set or Sensor software ..................................................................29 Adding a Sensor.......................................................................................................................... 29

Chapter 5 Working with Manager software .............................................. 30


Starting Network Security Manager............................................................................................. 30 Accessing Manager from a client machine ..........................................................................31 Logging onto Network Security Manager .............................................................................31 Properly shutting down Network Security Manager services ...............................................32

iii

Starting Network Security Central Manager ................................................................................ 35 Logging onto Central Manager.............................................................................................36 Properly shutting down Central Manager.............................................................................37

Chapter 6 Authenticating Access to the Manager using CAC ............... 40 Chapter 7 Uninstalling the Manager.......................................................... 43
Uninstalling using Add/Remove Programs.................................................................................. 43 Uninstalling via script................................................................................................................... 45

Index ............................................................................................................. 46

iv

Preface
This preface provides a brief introduction to the product, discusses the information in this document, and explains how this document is organized. It also provides information such as the supporting documents for this guide and how to contact McAfee Technical Support.

Introducing McAfee Network Security Platform


McAfee Network Security Platform [formerly McAfee IntruShield] delivers the most comprehensive, accurate, and scalable Network Access Control (NAC) and network Intrusion Prevention System (IPS) for mission-critical enterprise, carrier, and service provider networks, while providing unmatched protection against spyware and known, zero-day, and encrypted attacks. McAfee Network Security Platform combines real-time detection and prevention to provide the most comprehensive and effective network IPS in the market.

About this Guide


This guide provides step-by-step instructions for the successful installation of the McAfee Network Security Manager [formerly McAfee IntruShield Security Manager] interface software. When the McAfee Network Security Manager (Manager) software is installed on your target server, you can configure your security system by sending commands through the Manager to all installed McAfee Network Security Sensors [formerly McAfee IntruShield Sensors]. This guide is best followed by reading the Manager Configuration Basics Guide and then followed by the other Configuration Guides for implementation. Note: If you are upgrading to this version of Network Security Platform, we recommend you first review the corresponding Network Security Platform Upgrade Guide.

Audience
This guide is intended for use by network technicians and maintenance personnel responsible for installing, configuring, and maintaining the Manager and the McAfee Network Security Sensors (Sensors), but is not necessarily familiar with NAC or IPSrelated tasks, the relationship between tasks, or the commands necessary to perform particular tasks.

Conventions used in this guide


This document uses the following typographical conventions:

McAfee Network Security Platform 5.1

Preface

Convention

Example

Terms that identify fields, buttons, tabs, options, selections, and commands on the User Interface (UI) are shown in Arial N3arrow bold font. Menu or action group selections are indicated using a right angle bracket. Procedures are presented as a series of numbered steps. Names of keys on the keyboard are denoted using UPPER CASE. Text such as syntax, keywords, and values that you must type exactly are denoted using Courier New font. Variable information that you must type based on your specific situation or environment is shown in italics. Parameters that you must supply are shown enclosed in angle brackets. Information that you must read before beginning a procedure or that you to negative consequences of certain actions, such as loss of data is denoted using this notation. Information that you must read to prevent injury, accidents from contact with electricity, or other serious consequences is denoted using this notation. Notes that provide related, but non-critical, information are denoted using this notation.

The Service field on the Properties tab specifies the name of the requested service. Select My Company > Admin Domain > Summary. On the Configuration tab, click Backup.

Press ENTER. Type: setup and then press ENTER. Type: sensor-IP-address and then press ENTER. set Sensor ip <A.B.C.D> Caution:

Warning:

Note:

Related Documentation
Quick Tour 4.1 to 5.1 Upgrade Guide Getting Started Guide IPS Deployment Guide Manager Configuration Basics Guide Administrative Domain Configuration Guide Manager Server Configuration Guide Sensor CLI Guide Sensor Configuration Guide IPS Configuration Guide NAC Configuration Guide

vi

McAfee Network Security Platform 5.1

Preface

Integration Guide System Status Monitoring Guide Reports Guide User-Defined Signatures Guide Central Manager Administrator's Guide Best Practices Guide Troubleshooting Guide I-1200 Sensor Product Guide I-1400 Sensor Product Guide I-2700 Sensor Product Guide I-3000 Sensor Product Guide I-4000 Sensor Product Guide I-4010 Sensor Product Guide Gigabit Optical Fail-Open Bypass Kit Guide Gigabit Copper Fail-Open Bypass Kit Guide Special Topics GuideIn-line Sensor Deployment Special Topics GuideSensor High Availability Special Topics GuideVirtualization Special Topics GuideDenial-of-Service

Contacting Technical Support


If you have any questions, contact McAfee for assistance:

Online
Contact McAfee Technical Support http://mysupport.mcafee.com. Registered customers can obtain up-to-date documentation, technical bulletins, and quick tips on McAfee's 24x7 comprehensive KnowledgeBase. In addition, customers can also resolve technical issues with the online case submit, software downloads, and signature updates.

Phone
Technical Support is available 7:00 A.M. to 5:00 P.M. PST Monday-Friday. Extended 24x7 Technical Support is available for customers with Gold or Platinum service contracts. Global phone contact numbers can be found at McAfee Contact Information http://www.mcafee.com/us/about/contact/index.html page. Note: McAfee requires that you provide your GRANT ID and the serial number of your system when opening a ticket with Technical Support. You will be provided with a user name and password for the online case submission.

vii

CHAPTER 1

Introduction to McAfee Network Security Platform


This section provides a brief introduction to the components of the McAfee Network Security Manager [formerly McAfee IntruShield Security Manager] and the part it plays in the overall McAfee Network Security Platform [formerly McAfee IntruShield]. The complete McAfee Network Security Platform is a combination of network appliances and software built for Network Access Control (NAC) as well as accurate detection and prevention of intrusions, denial of service (DoS) and distributed denial of service (DDoS) attacks, and network misuse. Network Security Platform combines real-time detection and prevention for the most comprehensive and effective network security system. Note: For a high-level overview of Network Security Platform IPS components and features, see the Getting Started Guide. For details of the NAC Module of Network Security Platform, see the NAC
Configuration Guide.

About the Network Security Manager


McAfee Network Security Manager (Manager) consists of hardware and software resources that are used to configure and manage your Network Security Platform deployment. Note: From version 5.1.17.2 or above, you do not require a license file to use the Manager. For more details on licenses, refer to the Chapter Licensing in the Best
Practices Guide.

Manager components
Manager is a term that represents the hardware and software resources that are used to configure and manage Network Security Platform. The Manager consists of the following components: One of the following hardware/OS server platform (on page 2): Microsoft Windows Server 2003 - SP2, (32 or 64 bit) Standard Edition, English Microsoft Windows Server 2003 - R2, (32 or 64 bit) Standard Edition, Japanese

Microsoft Windows Server 2008 - R2, (64 bit) Standard Edition, English. Note that this platform is supported only for fresh installations of Manager 5.1.11.22 or above. the Manager software (on page 2) a back end database (on page 3) to persist data (MySQL version 5.0.91)

McAfee Network Security Platform 5.1

Introduction to McAfee Network Security Platform

a connection to the McAfee Network Security Update Server [formerly IPS Update Server] (on page 3)

Manager server platform


The Manager server is a dedicated Windows Server hosting the Manager software. You can remotely access the Network Security Platform user interface from a Windows XP or Windows 7 system using Internet Explorer 6.0, 7.0, or 8.0. Sensors use a built-in 10/100 Management port to communicate with the Manager server. You can connect a segment from a Sensor Management port directly to the Manager server; however, this means you can only receive information from one Sensor (typically, your server has only one 10/100 network port). During Sensor configuration, described in the Sensor CLI Guide, you will establish communication between your Sensor(s) and your Manager server.

Manager software
The Manager software has a Web-based user interface for configuring and managing the Network Security Platform. Network Security Platform users connect to the Manager server from a Windows XP or Windows 7 system using the Internet Explorer browser program. The Network Security Platform user interface runs with Internet Explorer versions 6.0, 7.0, and 8.0. The Manager functions are configured and managed through a GUI application, the Network Security Platform user interface, which includes complementary interfaces for system status, system configuration, report generation, and fault management. All interfaces are logically parts of the Manager program. Manager has five components:
Manager Home. The Manager Home page is the first screen displayed after the user logs

on to the system. The Manager Home page displays Operational Status-that is, whether all components of the system are functioning properly, the number of unacknowledged alerts in the system, and the configuration options available to the current user. Options available within the Manager Home page are determined by the current user's assigned role(s). The Manager Home page is refreshed every 5 seconds by default. Operational Status. The Operational Status page displays the status of Manager, database, and any deployed Sensors; including all system faults. Configuration. The Configuration page provides all system configuration options, and facilitates the configuration of your Sensors, failover pairs of Sensors, administrative domains, users, roles, Network Access Control (NAC), attack policies and responses, user-created signatures, and system reports. Access to various activities, such as user management, system configuration, or policy management is based on the current user's role(s) and privileges. For more information on NAC configuration, see NAC Configuration Guide. Threat Analyzer. The Threat Analyzer page displays the hosts detected on your network as well as the detected security events that violate your configured security policies. The Threat Analyzer provides powerful drill-down capabilities to enable you to see all of the details on a particular alert, including its type, source and destination addresses, and packet logs where applicable. Reports. Users can generate reports for the security events detected by the system and reports on system configuration. Reports can be generated manually or automatically, saved for later viewing, and/or e-mailed to specific individuals.

McAfee Network Security Platform 5.1

Introduction to McAfee Network Security Platform

Other key features of Manager include: The Incident Generator: The Incident Generator enables creation of attack incident conditions, which, when met, provide real-time correlative analysis of attacks. Once incidents are generated, view them using the Incident Viewer, which is within the Threat Analyzer tool. For more information on Manager components, see Manager Server Configuration Guide. Integration with other McAfee products: You can integrate Network Security Platform with other McAfee products such as McAfee ePolicy Orchestrator (ePO), McAfee Host Intrusion Prevention [formerly McAfee Entercept] , and so on. Then Network Security Platform collaborates with these products to provide you with a comprehensive network security solution. For details, see Integration Guide. Integration with third-party products: Network Security Platform enables the use of multiple third-party products for analyzing faults, alerts, and generated packet logs. Fault/Alert forwarding and viewing: You have the option to forward all fault management events and actions, as well as IPS alerts to a third-party application. This enables you to integrate with third-party products that provide trouble ticketing, messaging, or any other response tools you may wish to incorporate. Fault and/or alert forwarding can be sent to the following ways: - Syslog Server: forward IPS alerts and system faults - SNMP Server (NMS): forward IPS alerts and system faults - Java API: forward IPS alerts - Crystal Reports: view alert data from database via email, pager, or script Packet log viewing: view logged packets/flows using third-party software, such as Ethereal.

Manager database
The Manager server operates with an RDBMS (relational database management system) for storing persistent configuration information and event data. The compatible database is MySQL (current version 5.0.91). The Manager server for Windows (only) includes a MySQL database that can be installed (embedded) on the target Windows server during Manager software installation. Your MySQL database can be tuned on-demand or by a set schedule via Manager user interface configuration. Tuning promotes optimum performance by defragmenting split tables, re-sorting and updating indexes, computing query optimizer statistics, and checking and repairing tables. To graphically administrate and view your MySQL database, you can download the MySQL administrator from the MySQL Web site http://dev.mysql.com/downloads/gui-tools.

Update Server
For your Network Security Platform to properly detect and protect against malicious activity, the Manager and Sensors must be frequently updated with the latest signatures and software patches available. Thus, the Network Security Platform team constantly researches and develops performance-enhancing software and attack-detecting signatures that combat the latest in hacking, misuse, and denials of service (DoS). When a severe-impact attack happens that cannot be detected with the current signatures, a new

McAfee Network Security Platform 5.1

Introduction to McAfee Network Security Platform

signature update is developed and released. Since new vulnerabilities are discovered regularly, signature updates are released frequently. New signatures and patches are made available to customers via the McAfee Network Security Update Server (Update Server). The Update Server is a McAfee owned and operated file server that houses updated signature and software files for Managers and Sensors in customer installations. The Update Server securely provides fully automated, real-time signature updates without requiring any manual intervention. Note: Communication between Manager and the Update Server is SSL-secured.

Configuring software and attack signature updates


You configure interaction with the Update Server using the Manager Configuration page. You can pull updates from the Update Server on demand or you can schedule update downloads. With scheduled downloads, the Manager polls the Update Server (over the Internet) at the desired frequency. If an update has been posted, that update is registered as Available in the Manager interface for on-demand downloaded. Once downloaded to the Manager, you can immediately download (via an encrypted connection) the update to deployed Sensors or deploy the update based on a Sensor update schedule you define. Acceptance of a download is at the discretion of the administrator. You have a total of five update options:
Automatic update to Manager, manual update from Manager to Sensors. This option enables Manager server to receive updates automatically, but allows the administrator to selectively apply the updates to the Sensors. Manual update to Manager, automatic update from Manager to Sensors. This option enables the administrator to select updates manually, but once the update is selected, it is applied to the Sensors automatically, without reboot. Fully manual update. This option allows the security administrator to determine which signature update to apply per update, and when to push the update out to the Sensor(s). You may wish to manually update the system when you make some configuration change, such as updating a policy or response. Fully automatic update. This option enables every update to pass directly from the Update Server to the Manager, and from the Manager to the Sensor(s) without any intervention by the security administrator. Note that fully automatic updating still happens according to scheduled intervals. Real-time update. This option is similar to fully automatic updating. However, rather than wait for a scheduled interval, the update is pushed directly from Update Server to Manager to Sensor. No device needs to be rebooted; the Sensor does not stop monitoring traffic during the update, and the update is active as soon as it is applied to the Sensor.

CHAPTER 2

About Network Security Central Manager


From release 4.1, McAfee Network Security Platform [formerly McAfee IntruShield] provides a centralized, manager of managers capability, named McAfee Network Security Central Manager [formerly McAfee IntruShield Command Center]. McAfee Network Security Central Manager (Central Manager) allows users to create a management hierarchy that centralizes policy creation, management, and distribution across multiple McAfee Network Security Managers [formerly McAfee IntruShield Security Managers]. For example, a policy can be created in Central Manager and synchronized across all McAfee Network Security Managers (Managers) added to that Central Manager. This avoids manual customization of policy at every Manager. Central Manager provides you with a single sign-on mechanism to manage the authentication of global users across all Managers. McAfee Network Security Sensor [formerly McAfee IntruShield Sensor] configuration and threat analysis tasks are performed at the Manager level.

CHAPTER 3

Preparing for installation


This section describes the McAfee Network Security Manager (Manager) hardware and software requirements and pre-installation tasks you should perform prior to installing the software. Unless explicitly stated, the information in this chapter applies to both the McAfee Network Security Central Manager [formerly McAfee IntruShield Command Center] and Manager though the sections refer to Manager.

Pre-requisites
The following sections list Manager installation and functionality requirements for your operating system, database, and browser. Caution: We strongly recommend that you also check the corresponding Release Notes and Network Security Platform 4.1 to 5.1 Upgrade Guide for the hardware/software requirements.

General settings
McAfee recommends you use a dedicated server, hardened for security, and placed on its own subnet. This server should not be used for programs like instant messaging or other non-secure Internet functions. You must have Administrator/root privileges on your Windows server to properly install the Manager software, as well as the installation of an embedded MySQL database for Windows Managers during Manager installation. It is essential that you synchronize the time on the Manager server with the current time. To keep time from drifting, use a timeserver. If the time is changed on the Manager server, the Manager will lose connectivity with all McAfee Network Security Sensors (Sensors) and the McAfee Network Security Update Server [formerly IPS Update Server] because SSL is time sensitive. If Manager Disaster Recovery (MDR) is configured, ensure that the time difference between the Primary and Secondary Managers is less than 60 seconds. (If the spread between the two exceeds more than two minutes, communication with the Sensors will be lost.

Tip: For more information about setting up a time server on Windows Server 2003 SP2, see the following Microsoft KnowledgeBase article: http://support.microsoft.com/kb/816042 http://support.microsoft.com/kb/816042//. Note: Once you have set your server time and installed the Manager, do not change the time on the Manager server for any reason. Changing the time may result in errors that could lead to loss of data.

McAfee Network Security Platform 5.1

Preparing for installation

Other third-party applications


Install a packet log viewing program to be used in conjunction with the Threat Analyzer interface. Your packet log viewer, also known as a protocol analyzer, must support library packet capture (libpcap) format. This viewing program must be installed on each client you intend to remotely log onto the Manager from and view packet logs.
Wireshark (formerly known as Ethereal) is recommended for packet log viewing. WireShark is a network protocol analyzer for Windows servers that enables you to examine the data captured by your Sensors. For information on downloading and using Ethereal, go to www.wireshark.com. http://www.wireshark.org

Browser display settings (Windows)


The Manager is viewed via client browser session. Only Windows XP and Windows 7 clients are supported using Internet Explorer 6.0, 7.0, or 8.0. Both 32 and 64-bit Internet Explorer 8.0 are supported. Set your display to 32-bit or higher by selecting Start > Settings > Control Panel > Display > Setting, and configuring the Colors field to True Color (32bit). McAfee recommends setting your monitors Screen Area to 1024 x 768 pixels. This can be done by changing the display settings at: Start > Settings > Control Panel > Display > Settings. When working with the Manager using Internet Explorer, your browser should check for newer versions of stored pages. By default, Internet Explorer is set to automatically check for newer stored page versions. To check this function, open your IE browser and go to Tools > Internet Options > General, click the Settings button under Temporary Internet files or "Browsing history" and under Check for newer versions of stored pages: select any of the four choices except for Never. Selecting Never will cache Manager interface pages that require frequent updating, and not refreshing these pages may lead to system errors.

Server requirements
The following are the system requirements for a Manager server running with a MySQL database.

McAfee Network Security Platform 5.1

Preparing for installation

Minimum

Recommended

OS

Any one of the following:

Any one of the following: Windows Server 2008 R2, (64 bit) Standard Edition, English. Windows Server 2003 R2 (Standard Edition), Japanese OS (64 bit)

Microsoft Windows Server 2003 - SP2, (32 or 64 bit) Standard Edition, English Microsoft Windows Server 2003 - R2, (32 or 64 bit) Standard Edition, Japanese Microsoft Windows Server 2008 - R2, (64 bit) Standard Edition, English. Note that this platform is supported only from Central Manager/Manager 5.1.11.22 and above.

Note: For 64-bit, only X64 architecture is

supported. For Japanese, only Central Manager/Manager of version 5.1.11.x and above are supported on 64-bit. 2GB or higher for 32-bit 4GB or higher for 64-bit Server model processor such as Intel Xeon 40GB 100Mbps card 32-bit color, 1024 x 768 display setting

Memory CPU Disk space Network Monitor

4GB Same as the minimum requirement. 80GB disk with 8MB memory cache 10/100/1000Mbps card 1280 x 1024

Hosting the Manager on a VMware platform


The following are the system requirements for hosting Manager server on a VMware platform.

McAfee Network Security Platform 5.1

Preparing for installation

Minimum

Recommended

OS

Any one of the following: Microsoft Windows Server 2003 - SP2, (32 or 64 bit) Standard Edition, English Microsoft Windows Server 2003 - R2, (32 or 64 bit) Standard Edition, Japanese Microsoft Windows Server 2008 - R2, (64 bit) Standard Edition, English. Note that this platform is supported only for fresh installations of Manager 5.1.11.22 or above.

Same as the minimum requirement

Note: For 64-bit, only X64

architecture is supported. For Japanese, only Central Manager/Manager of version 5.1.11.x and above are supported on 64-bit.
Memory Virtual CPUs Disk Space

2GB 2 40GB

2GB or higher 2 or more 80GB

The following are the system requirements for hosting Manager server on a VMware platform using Dell Powered Edge 1950.
System

Virtualization software Virtual Infrastructure Client CPU

VMWare ESX Server Version 3.5.0 Update 3 Build 123630 Version 2.5.0 Build 19826 Intel Xeon CPU ES 5335 @ 2.00GHz; Physical Processors 2; Logical Processors 8; Processor Speed 2.00GHz. Physical Memory: 16GB 364.25 GB

Memory Internal Disks

McAfee Network Security Platform 5.1

Preparing for installation

Client system requirements


The following table contains the minimum system requirements that you need to access the Central Manager or the Manager from a client system.
Minimum

OS Memory Browser

Windows XP (Standard Edition) SP2 or Windows 7 512 MB Internet Explorer 6.0, 7.0, or 8.0. Both 32 and 64 bit Internet Explorer 8.0 are supported.

Monitor

32-bit color, 1024 x 768 display setting

Note: Internet Explorer is the supported browser for all clients. Internet Explorer, by default, has pop-up blocking enabled. You must disable pop-up blocking to log on to the Manager or the Central Manager.

Java Runtime Environment (JRE) requirement


When you first log onto the Manager, you are prompted to install a version of JRE on the client machine (if it is not already installed). This version of the JRE software is required for operation of various components within Manager including the Threat Analyzer and the User-Defined Signature Editor. Refer the Release Notes for the current JRE version. Note: If you are using both 32-bit and 64-bit Internet Explorer 8.0 to access the Manager from the same machine, then you are prompted to install the 32-bit as well as the 64-bit JRE.

Database requirements
The Manager requires communication with MySQL database for the archiving and retrieval of data. The Manager CD-ROM includes a MySQL database for installation (that is, embedded on the target Manager server) and use on the Manager server only. You must use the Network Security Platform-supplied version of MySQL (currently 5.0.91). The MySQL database must be dedicated to the Manager. Note: If you have a MySQL database previously installed on the target server, uninstall the previous version and install the Network Security Platform version.

10

McAfee Network Security Platform 5.1

Preparing for installation

Pre-installation recommendations
These McAfee Network Security Platform [formerly McAfee IntruShield] pre-installation recommendations are a compilation of the information gathered from individual interviews with some of the most seasoned McAfee Network Security Platform System Engineers at McAfee.

Planning for installation


Before installation, ensure that you complete the following tasks: The server, on which McAfee Network Security Manager [formerly McAfee IntruShield Security Manager] software will be installed, should be configured and ready to be placed online. You must have administrator privileges for McAfee Network Security Manager (Manager) server. This server should be dedicated, hardened for security, and placed on its own subnet. This server should not be used for programs like instant messaging or other nonsecure Internet functions. Make sure the server meets at least the minimum requirements as mentioned in Server requirements (on page 7). Make sure the Windows operating system required for this version of the Manager software is installed as defined by the system requirements in the versions release notes. The same holds true for the Windows Operating System required for the client(s). Ensure the proper static IP address has been assigned to the Manager server. For the Manager server, McAfee strongly recommends assigning a static IP against using DHCP for IP assignment. If applicable, configure name resolution for the Manager. Ensure that all parties have agreed to the solution design, including the location and mode of all McAfee Network Security Sensors [formerly McAfee IntruShield Sensors], the use of sub-interfaces or interface groups, and if and how the Manager will be connected to the production network. Get the required license file and grant number. Note that you do not require a license file for using Manager/Central Manager version 5.1.17.2 or above. Accumulate the required number of wires and (supported) GBICs, SFPs, or XFPs. Ensure these are approved hardware from McAfee or a supported vendor. Ensure that the required number of Network Security Platform dongles, which ship with the McAfee Network Security Sensors (Sensors), are available. Crossover cables will be required for 10/100 or 10/100/1000 monitoring ports if they are directly connected to a firewall, router, or end node. Otherwise, standard patch cables are required for the Fast Ethernet ports. If applicable, identify the ports to be mirrored, and someone who has the knowledge and rights to mirror them. Allocate the proper static IP addresses for the Sensor. For the Sensors, you cannot assign IPs using DHCP. Identify hosts that may cause false positives, for example, HTTP cache servers, DNS servers, mail relays, SNMP managers, and vulnerability scanners.

11

McAfee Network Security Platform 5.1

Preparing for installation

Functional requirements
Following are the functional requirements to be taken care of: Install Wireshark (formerly known as Ethereal http://www.wireshark.com http://www.wireshark.org) on the client PCs. Ethereal is a network protocol analyzer for Unix and Windows servers, used to analyze the packet logs created by Sensors. Ensure the correct version of JRE is installed on the client system, as described in the Release Notes. This can save a lot of time during deployment. Determine a way in which Manager maintains the correct time. To keep time from drifting, for example, point the Manager server to an NTP timeserver. (If the time is changed on the Manager server, the Manager will lose connectivity with all Sensors and the McAfee Network Security Update Server [formerly IPS Update Server] because SSL is time sensitive.) If Manager Disaster Recovery (MDR) is configured, ensure that the time difference between the Primary and Secondary Managers is less than 60 seconds. (If the spread between the two exceeds more than two minutes, communication with the Sensors will be lost.) If you are upgrading from a previous version, we recommend that you follow the instructions in the respective versions release notes or, if one is available for your release, Upgrade Guide.

Using anti-virus software with the Manager


If you plan to install anti-virus software such as McAfee VirusScan on the Manager, be sure the Central Manager or Manager installation directory and its sub-directories are excluded from the anti-virus scanning processes. This is because the temporary files created in the installation directory may conflict with the anti-virus scanner. The anti-virus software may also delete essential MySQL files.

McAfee VirusScan and SMTP notification


From 8.0i, VirusScan includes an option (enabled by default) to block all outbound connections over TCP port 25. This helps reduce the risk of a compromised host propagating a worm over SMTP using a homemade mail client. VirusScan avoids blocking outbound SMTP connections from legitimate mail clients, such as Outlook and Eudora, by including the processes used by these products in an exclusion list. In other words, VirusScan ships with a list of processes it will allow to create outbound TCP port 25 connections; all other processes are denied that access. The Manager takes advantage of the JavaMail API to send SMTP notifications. If you enable SMTP notification and also run VirusScan 8.0i or above, you must therefore add java.exe to the list of excluded processes. If you do not explicitly create the exclusion within VirusScan, you will see a Mailer Unreachable error in the Manager Operational Status to each time the Manager attempts to connect to its configured mail server. To add the exclusion, follow these steps:

12

McAfee Network Security Platform 5.1

Preparing for installation

1 2 3 4 5 6

Launch the VirusScan Console. Right-click the task called Access Protection and choose Properties. Highlight the rule called Prevent mass mailing worms from sending mail. Click Edit. Append java.exe to the list of Processes to Exclude. Click OK to save the changes.

User interface responsiveness


The responsiveness of the user interface, the Threat Analyzer in particular, has a lasting effect on your overall product satisfaction. In this section we suggest some easy but essential steps, to ensure that Network Security Platform responsiveness is optimal: During Manager software installation, use the recommended values for memory and connection allocation. You will experience better performance in your configuration and data forensic tasks by connecting to the Manager from a browser on a client machine. Performance may be slow if you connect to the Manager using a browser on the server machine itself. Perform monthly or semi-monthly database purging and tuning. The greater the quantity of alert records stored in the database, the longer it will take the user interface to parse through those records for display in the Threat Analyzer. The default Network Security Platform settings err on the side of caution and leave alerts (and their packet logs) in the database until the user explicitly decides to remove them. However, most users can safely remove alerts after 30 days. Caution: It is imperative that you tune the MySQL database after each purge operation. Otherwise, the purge process will fragment the database, which can lead to significant performance degradation. Defragment the disks on the Manager on a routine basis, with the exception of the MySQL directory. The more often you run your defragmenter, the quicker the process will be. Consider defragmenting the disks at least once a month. Warning: Do NOT attempt to defragment the MySQL directory using an O/S defrag utility. To defragment MySQL tables, use a MySQL-specific utility, myisamchk available in the <mysqlinstallation>\bin directory. Limit the quantity of alerts to view when launching the Threat Analyzer. This will reduce the total quantity of records the user interface must parse and therefore potentially result in a faster initial response on startup. When scheduling certain Manager actions (backups, file maintenance, archivals, database tuning), set a time for each that is unique and is a minimum of an hour after/before other scheduled actions. Do not run scheduled actions concurrently.

13

CHAPTER 4

Installing and upgrading the Central Manager/Manager


This section contains installation instructions for the McAfee Network Security Manager (Manager) software on your Windows server, including the installation of a MySQL database. Unless explicitly stated, the information in this chapter applies to both the McAfee Network Security Central Manager [formerly McAfee IntruShield Command Center] and Manager though the sections refer to Manager. Caution: Close all open programs, including email, the Administrative Tools > Services window, and instant messaging to avoid port conflicts. A port conflict may cause the Manager program to incur a BIND error on startup, hence failing initialization. Close any open browsers and restart your server after installation is complete. Open browsers may be caching old class files and cause conflicts. IIS (Internet Information Server) and PWS (Personal Web Server) must be disabled or uninstalled from the target server. The following are the high-level steps for installing and starting the Manager: 1 2 3 Prepare your target server for Manager software installation. See Preparing for installation (on page 6). Install the Manager software. See Installing the Manager (on page 14). Start the Manager program. During initial client login from the Manager server or a client machine, Java runtime engine software (provided) must be installed for proper program functionality. See Starting the Manager software (on page 30).

Installing the Manager


The steps presented are for installation of the Network Security Central Manager/Network Security Manager software on a Windows Server meeting the requirements mentioned in Server requirements (on page 7). The following procedure prompts you to submit program and icon locations, including the location and access information of your database. Please read each step carefully before proceeding to the next. Note 1: Ensure that the Pre-requisites (on page 6) have been met and your target server has been prepared before commencing installation. Note 2: You can exit the setup program by clicking Cancel in the setup wizard. Upon cancellation, all temporary setup files are removed, restoring your server to its same state prior to installation. Note 3: After you complete a step, click Next; click Previous to go one step back in the installation process.

14

McAfee Network Security Platform 5.1

Installing and upgrading the Central Manager/Manager

Note 4: Unless specified during installation, Network Security Manager is installed by default. Note 5: The Installation Wizard creates the default folders based on the Manager Type you are installing. For example, for a first-time installation of Network Security Manager, the default location is C:\Program Files\McAfee\Network Security Manager\App. For Network Security Central Manager, it is C:\Program Files\McAfee\Network Security Central Manager\App. Similarly, the Wizard creates default folders for the MySQL database as well. For the sake of explanation, this section mentions only the folder paths for Network Security Manager unless it is necessary to mention the path for Network Security Central Manager. Note 6: This note is relevant if you are installing the Central Manager or the Manager on a 64-bit OS. Before you begin to install, make sure the Windows Regional and Language Options are configured accordingly. For example, if you are installing it on Windows Server 2003 R2 (Standard Edition), Japanese 64 bit OS, ensure that the Windows Regional and Language Options are configured for Japanese. If not, the Installation Wizard will treat the server as a 32-bit machine. 1 2 Log onto your Windows server as Administrator and close all open programs. Insert the Manager CD-ROM into the appropriate drive or, if you downloaded the software, double-click the executable file. The Installation Wizard starts with an introduction screen.

Figure 1: Manager Installation Wizard - Welcome screen

Note: If the Installation Wizard does not automatically appear, locate and open the Network Security Platform CD-ROM in My Computer, then find and doubleclick the setup.exe file. 3 Confirm your acknowledgement of the License Agreement by selecting I accept the terms of the License Agreement. You will not be able to continue the installation if you do not select this option.

15

McAfee Network Security Platform 5.1

Installing and upgrading the Central Manager/Manager

Figure 2: Manager Installation Wizard - License Agreement

Select the Manager type to choose installation of either Network Security Manager or Network Security Central Manager. For an upgrade, Network Security Manager or Network Security Central Manager is displayed accordingly which you cannot change.

Figure 3: Select Manager type

Note: The Network Security Central Manager once installed cannot be converted to Network Security Manager and vice versa. 5 Choose a folder where you want to install the Manager software. For a first-time installation, the default location is C:\Program Files\McAfee\Network Security Manager\App. For an upgrade, it is the same location as that of the earlier version.
Restore Default Folder: resets the installation folder to the default location. Choose: Browse to a different location.

16

McAfee Network Security Platform 5.1

Installing and upgrading the Central Manager/Manager

Caution: Installing the Manager software on a network-mapped drive may result in improper installation. The Manager software cannot be installed to a directory path containing special characters such as a comma (,), equal sign (=), or pound sign (#).

Figure 4: Manager Installation Wizard - Choose Install Folder

Choose a location for the Manager shortcut icon:


In a new Program Group: enter the name for the new program folder where you want to place the Manager icon: Manager is the default. In an existing Program Group: select an existing program folder from the list where you want to place the Manager icon.

The Create Icons for All Users is automatically selected if you select a common program folder.
In the Start Menu: select to place the Manager icon in your Start menu. On the Desktop: select to place the Manager icon on your Desktop. In the Quick Launch Bar: select to place the Manager icon on your Quick Launch Bar. Other: select a different Programs folder to place the Manager icon. The default is

C:\Documents and Settings\All Users\Start Menu\Programs\McAfee\Network Security Manager for Manager and C:\Documents and Settings\All Users\Start Menu\Programs\McAfee\Network Security Central Manager for Central Manager.
Dont Create Icons: skip the creation of Manager icon. The Manager program is

listed only within its directory folder.


Create Icons for All Users: Select this if you want the Manager icon to be available to

all users logging on to the Manager server (including users without Windows administrator privileges) This is similar to NT domain administration where more than user may log onto a workstation and use it with varying access roles.

17

McAfee Network Security Platform 5.1

Installing and upgrading the Central Manager/Manager

Figure 5: Manager Installation Wizard - Choose Shortcut Folder

Set the following:


Database Type is displayed as MySQL.

A MySQL database is provided on the Manager CD-ROM for installation and use by Windows Manager servers only. You must use the provided MySQL version. The database must reside on the same server as the Manager. Provide the database connection information as follows:
Database Name: Type a name for your database. It is recommended you keep the default entry of lf intact. Database User: Type a user name for database-Manager communication; this account name is used by the Manager. This account enables communication between the database and the Manager. When typing a user name, observe the following rules:

- The MySQL database user name can be a combination of alphabets [both uppercase (A-Z) and lowercase (a-z)], numbers [0-9] and/or, special characters like "~ ` ! @ # $ % - * _ + [ ] : ; , ( ) ? { }". - The first character must be a letter. - Do not use null or empty characters. - Do not use more than 16 characters.
Database Password: Type a password for the database-Manager communication account. This password relates to the Database User account.

- The MySQL database password can be a combination of alphabets [both uppercase (A-Z) and lowercase (a-z)], numbers [0-9] and/or, special characters like "~ ` ! @ # $ % - * _ + [ ] : ; , ( ) ? { }". - Do not use null or empty characters. Important: This password is not the root password for database management; the root password is added/entered in Step 9.

18

McAfee Network Security Platform 5.1

Installing and upgrading the Central Manager/Manager

MySQL Installation Directory: Type or browse to the absolute location of your selected Manager database. For a first-time installation, the default location is: C:\program files\McAfee\Network Security Manager\MySQL. For upgrades, the default location is the previous installation directory. You can type or browse to a location different from the default.

Figure 6: Manager Installation Wizard - Customize Installation

Click Next. Note: If you are creating a new database, Network Security Platform will ask you, through a pop-up window, to confirm that you really want to create a new database. Click Continue to continue with the installation.

Figure 7: New MySQL Installation

Type the root password for your database. If this is the initial installation, type a root password and then type it again to confirm. The MySQL Root Password is required for root access configuration privileges for your MySQL database. Use a combination of alphabets [both uppercase (A-Z) and lowercase (a-z)], numbers [0-9] and/or, special characters like "~ ` ! @ # $ % - * _ + [ ] : ; , ( ) ? { }". Do not use null or empty characters.

Tip: For security reasons, you can set a MySQL Root Password that is different from the Database Password in Step 7.

19

McAfee Network Security Platform 5.1

Installing and upgrading the Central Manager/Manager

Figure 8: MySQL Installation Root Password

10 Click Next.

Figure 9: Manager Installation Wizard - specify RAM usage

Note: Make sure the OS version displayed in the Customize Installation page of the Wizard is correct. If your server is 64-bit and if the OS Version displays as 32-bit then you may not have set the Windows Regional and Language Options to match the language of the OS. For example, if it is a Japanese OS, then you must have configured the Regional and Language Options for Japanese. You can access the Regional and Language Options dialog from Windows Control Panel. If the OS version is incorrect, then you must abort the Manager installation, change the Regional and Language Options accordingly, and then begin the installation again.

20

McAfee Network Security Platform 5.1

Installing and upgrading the Central Manager/Manager

11 Enter a value to set Actual Maximum RAM Usage. The RAM size indicated here determines the recommended amount of program memory (virtual memory) to allocate for server processes required by Network Security Platform. Since Jboss memory uses hard-disk-based memory (program memory), the total amount of both can exceed the Manager servers RAM memory size. Note: For 32-bit, the Recommended Maximum RAM Usage is 1170 MB and the Actual Maximum RAM Usage can be between 512 and 1170 MB. For 64-bit, the Recommended Maximum RAM Usage is Physical Server Memory divided by 2 or 1170 MB - whichever is greater. The Actual Maximum RAM Usage can be between 512 MB up to the Physical Server Memory size. 12 Set the following (applicable only Network Security Manager):
Number of Sensors: Select the numbers of McAfee Network Security Sensors

(Sensors) to be managed by this installation of the Manager.


Actual Maximum DB connections: Enter the maximum number of simultaneous connections database connections allowed from the Manager. The default is 40. The recommended number indicated above is based on the Number of Sensors.

Figure 10: Selecting the number of Sensors

13 If the Manager server has multiple IP addresses, you can specify a dedicated IPv4 and IPv6 address that it should use to communicate with the Sensors. To specify an IP, select Use a Dedicated Interface? and then select the IPv4 and IPv6 address from the corresponding list. Some key points to note: In the Wizard, the option to specify a dedicated interface is displayed only if the Manager has more than one IP. When configuring the sensors, you need to configure the same IP that you specify here as the <mgr> server IP. Network Security Platform assumes that all the IP addresses are bound to the same host name. McAfee recommends that you use a separate system for the Manager to avoid using multiple host names. If the Manager has an IPv6 address then you can add Sensors with IPv6 addresses to it.

21

McAfee Network Security Platform 5.1

Installing and upgrading the Central Manager/Manager

If an IP address is not displayed in the drop-down list or if a deleted IP address is displayed, then cancel the installation, restart the server, and re-install the Manager. Post-installation, if you want to change the dedicated IP that you already specified, you need to re-install the Manager. Do not specify a dedicated interface if you plan to use one Manager server for Sensors deployed in different networks that are not reachable to one another. Assume that you have a Sensor deployed in the 10.0.10.x network and another Sensor in 172.16.10.x network and that you wish to manage both these Sensors using one Manager server. Assume that the Manager server is connected to both these networks with IP addresses of 10.0.10.10 and 172.16.10.10. Now if you specify 10.0.10.10 as the dedicated interface during installation, then it will use this IP address even to communicate with the Sensor in 172.16.10.x, which will fail. So, for such cases do not specify a dedicated interface. An alternative solution could be deploying the Manager in a DMZ such that it can communicate with both the Sensors using the DMZ IP address. Consider that you want to use one Manager server to manage two Sensors deployed in two different networks that are reachable to one another. Assume that the Manager server has two IP addresses - one for each network. In this case, it is recommended that you configure both the Manager IPs in both the Sensors (using the set manager secondary ip command) regardless of whether you specify a dedicated interface or not. If you plan to configure Manager Disaster Recovery (MDR), then the dedicated IP address that you choose now must be specified as the peer Manager IP address during MDR configuration. For example, if this is the secondary Manager, then the dedicated interface that you choose now must be specified as the peer manager IP address when configuring MDR on the primary.

Figure 11: Selecting the dedicated interface

14 Review the Pre-Installation Summary section for accurate folder locations and disk space requirements. This page lists the following information:
Product Name: shows product as Manager. Install Folder: the folder you specified in Step 5. Shortcut Folder: the folder you specified in Step 6. Manager type: type of Manager being installed. Database: the type of database being used by Network Security Platform, which is MySQL.

22

McAfee Network Security Platform 5.1

Installing and upgrading the Central Manager/Manager

Database Installation location: the location on your hard drive where the database is to

be located, which you specified in Step 7.


Disk Space Information: (for installation target) details the amount of space on your

hard drive and the amount required for use by this program.
Dedicated Interface: the IPv4 and IPv6 addresses that you specified for Manager-toSensor communication are displayed.

Figure 12: Pre-installation Summary

15 Click Install. The Manager software and the MySQL database are installed to your target server. If upgrading, database information is synchronized during this process.

Figure 13: Installing the Manager

Important: Post-installation, you can check the initdb.log (from the installation folder) for any installation errors. In case of errors, contact McAfee Support with initdb.log.

23

McAfee Network Security Platform 5.1

Installing and upgrading the Central Manager/Manager

A congratulatory message appears upon successful installation.

Figure 14: Completing the installation

16 Click Done. 17 Use the shortcut icon that you created to begin using the Manager. The Manager program opens by default in https mode for secure communication. 18 Type a valid Login ID (default: admin) and Password (default: admin123) for Network Security Manager and Login ID (default: nscmadmin) and Password (default: admin123) for Network Security Central Manager. Upon initial client login, you are required to install Java applications. See Java installation for client systems (on page 28).

Manager installation with Local Service account privileges


With this release of 5.1, the Manager installs the following services as 'Local Service': McAfee Network Security Manager McAfee Network Security Manager Database McAfee Network Security Manager User Interface (Apache)

Note: McAfee Network Security Manager Watchdog runs as a 'Local System' like in the earlier release of 5.1. This facilitates restart of the Manager in case of abrupt shutdown. 'Local Service' account has fewer privileges on accessing directories and resources than the 'Local System'. By default the Manager installation directory and database directory are granted full permission to the 'Local Service' account during installation or upgrade of Manager. As part of this security enhancement, permissions to the 'Local Service' may have to be set as needed in the following scenarios: Backup directory location: If the backup directory was different from the Network Security Manager installed directory before upgrade to the current release, full permission on these directories for 'Local Service' should be granted.

24

McAfee Network Security Platform 5.1

Installing and upgrading the Central Manager/Manager

Notification script execution: If a user uses a script that accesses directories or resources located in directories other than in Network Security Manager installed directories for notifications like alerts, faults etc.,full permission on these directories for 'Local Service' should be granted. Database configuration: If a user has a MySQL database configured for using a directory for temporary files other than the one provided during installation, then those directories should be given full permissions for 'Local Service'.

Installing the Central Manager


The installation of the Central Manager is similar to that of Manager. Follow the steps provided for installing the Manager. See Installing the Manager (on page 14). During installation, you need to select the Manager type as Network Security Central Manager. By default, Network Security Manager is selected.

Figure 15: Select Manager type

Note: Sensor communication Interface is not present during Central Manager installation. There can be only one active installation on a Windows machine. Every Central Manager and Manager installation has its own MySQL database. No centralized database exists in a Central Manager setup. Note: Central Manager has to be of equal or higher version than the corresponding Managers.

Sensor license types


No license file is required for enabling IPS on I-series and M-series Sensors; no license is required for enabling NAC on N-450 Sensors. In other words, when you add a Sensor to the Manager, upon discovery, the native functionality supported on the Sensor model is automatically enabled.

25

McAfee Network Security Platform 5.1

Installing and upgrading the Central Manager/Manager

You require an add-on license to enable NAC on M-series Sensors. You can import/assign the license using the Device List > Add-On Licenses page.

Adding a Sensor license


After adding a physical Sensor to the Manager, you need to associate a license with the Sensor. For this, you can import a license to the Manager, and then the Manager automatically binds the license to the Sensor. You can also manually assign a license to the Sensor. The Manager mode functionalities (IPS, NAC and NAC with IPS) are dependent on the type of Sensor license imported to the Manager.

Importing a Sensor License


1 Retrieve the file from e-mail. To enable the NAC mode, you need an Add-on license. Contact McAfee support (with your Sensor serial numbers) to obtain the Add-on license file. Note: The IPS mode is enabled by default in the Manager. 2 Go to Manager > Licenses > Sensors. The Sensor Licenses page is displayed.

Figure 16: Sensor License Import

To import a Sensor license, click Import to view the Import License File dialog.

Figure 17: Import Sensor License File Dialog

26

McAfee Network Security Platform 5.1

Installing and upgrading the Central Manager/Manager

Click Browse to browse and select the appropriate license for the Sensor file (.jar format) received from McAfee. Click Import to import the license file. After a successful import, these licenses are stored in <Manager install directory>\App\LICENSES\SensorLicense. If the license has a serial number, the Manager automatically binds the license with the matching Sensor model added to the Manager.

Error raised if incorrect license file is selected for import


The following error is raised if incorrect license file is selected for import.
Error Description/Cause

Action failed

<File Name> could not be processed by the Manager

Change in License due to purchase of additional functionality


If you upgrade from a temporary license or if you opt to upgrade your device to use additional functionality for example, from IPS to IPS and NAC, you need to change the device license by importing a new device license that can overwrite the existing one. This can be done through the Manager during a Manager session. You do not have to log out of an open Manager session to install the new license.

Manually Assigning a Sensor License


If you are yet to receive the serial number for the Sensor license (or do not have the serial number), then you can manually bind the license with the Sensor model. You can also revoke the manually binding of the license. In the Manager, following steps are required to manually assign the license to a Sensor model: 1 In Sensor Licenses, select Manual Assignment.

Figure 18: Manual assignment of Sensor license

Select a license from the drop down. The Sensors matching the selected license are displayed.

27

McAfee Network Security Platform 5.1

Installing and upgrading the Central Manager/Manager

Select the required Sensor, and click Assign. The license is assigned to the selected Sensor, and displayed in the Sensor Licenses page.

Figure 19: Sensor Licenses page- Revoking manual binding of license

Here, you can unbind the manual assignment of Sensor license. For this, select the Sensor from Current Sensor License Assignments and then click Revoke. A message pop-up confirms whether you want to delete.

Note: Only Sensors that are manually assigned can be revoked.

Java installation for client systems


The Manager software requires Java runtime engine software for some of its components. When you first log onto the Manager from a client system, you are prompted to download and install the appropriate version of the JRE software. You must download and install these programs for proper functioning of the Manager program. Note: If you are using both 32-bit and 64-bit Internet Explorer 8.0 to access the Manager from the same machine, then you are prompted to install the 32-bit as well as the 64-bit JRE.

Updating or upgrading in Network Security Platform


In Network Security Platform there are two concepts for getting a new software version, updating and upgrading.

28

McAfee Network Security Platform 5.1

Installing and upgrading the Central Manager/Manager

Updates: Updates new signature sets for your Sensors and maintenance releases for

the Manager or Sensor software.


Upgrades: Upgrades refer to movement from your current Manager and Sensor

software to a new release train (for example, from version 4.1 to version 5.1). Caution: If you perform a Manager software update/upgrade, you will need to close all local and remote Manager connections, then install the update/upgrade following the same steps as initial Manager software installation. Shutting down client sessions is required to enable acceptance of Manager user interface code changes and presentation.

Upgrading your software


Upgrading to a new version of the Network Security Platform software is a procedure that involves your entire deployment, as Network Security Platform requires that both Manager and Sensor software be of a single release train. You cannot manage for example, version 4.1 Sensor software with a version 5.1 Manager. In the case of Central Manager, it should be of a higher version than the Managers it manages. This implies that if you are upgrading even of your Manager installation, you need to upgrade the Central Manager. Please see the corresponding upgrade guide for upgrade instructions. McAfee strongly recommends reading the instructions thoroughly and testing the process in a lab environment before upgrading your live deployment.

Updating your signature set or Sensor software


After installing the Manager software, one of the first tasks you will perform is setting the schedule for receiving updates from the McAfee Network Security Update Server (Update Server). These updates include signature files for your Sensors and software for your Manager and/or Sensors. For instructions on updating your signature set and Sensor software, see Manager Server
Configuration Guide.

Adding a Sensor
After installing the Manager software, the next step is to add one or more Sensors to the Manager. For detailed instructions on configuring a Sensor, see the Sensor CLI Guide and the Sensor Configuration Guide.

29

CHAPTER 5

Working with Manager software


This section discusses how to start, access, stop McAfee Network Security Manager (Manager) and McAfee Network Security Central Manager (Central Manager). This sections contains: Starting the Network Security Manager (on page 30) Starting Network Security Central Manager (on page 35)

Starting Network Security Manager


This section assumes you have permissions granting you access to the software. In Network Security Platform, this translates to a Super User role at the root admin domain. Your actual view of the interface may differ, depending on the role you have been assigned within Network Security Platform. For example, certain tasks may be unavailable to you if your role denies you access. If you find you are unable to access a screen or perform a particular task, consult your Network Security Platform Super User. Important: For testing purposes, you can access the Manager from the server. For working with the Manager, McAfee recommends that you access the Manager from a client machine because running the Manager interface client session on the server can result in slower performance due to program dependencies, such as Java, which may consume a lot of memory. To view the Manager interface, you must start and log onto the program. To start the Manager, do the following: 1 Make sure the following services are running on the Manager server: McAfee Network Security Manager McAfee Network Security Manager Database McAfee Network Security Manager User Interface

McAfee Network Security Manager Watchdog Note: All the above services except McAfee Network Security Manager Watchdog run as 'Local Service'. 'Local Service' account has fewer privileges on accessing directories and resources than the 'Local System'. By default the Manager installation directory and database directory are granted full permission to the 'Local Service' account during installation or upgrade of Manager. Network Security Manager Watchdog runs as a 'Local System'. This facilitates restart of the Manager in case of abrupt shutdown. 2 Open the Manager using the shortcut icon that you created during installation. The interface opens in an Internet Explorer window in HTTPS mode for secure communication. To log on to Manager, see Logging onto Network Security Manager (on page 31).

30

McAfee Network Security Platform 5.1

Working with Manager software

Accessing Manager from a client machine


To access Manager from a client machine: 1 2 3 Start a browser that supports the Manager and then type the URL of the Manager server: https://<hostname or host-IP> Make sure the Pop-up Blocker is turned off in the browser. To log on to the Manager, see Logging onto Network Security Manager (on page 31).

Logging onto Network Security Manager


Once you have successfully started the Manager service and connected to the server via an Internet Explorer browser, the Login page appears.

Figure 20: Login Screen

To log onto Manager: 1 Do one of the following: For initial login after a new installation: For Login ID, type admin For Password, type admin123

Tip: McAfee strongly recommends that you change the default username and password as one of your first operations within Manager. If you are not the Network Security Platform system administrator/Super User: 2 Type the Login ID supplied to you by your administrator Type the valid Password for the specified Login ID

Click Log In or press Enter. The Manager Home page appears as shown in the Network Security Manager Home page. During initial login (per client), Network Security Platform prompts you to install the following: Security certificate granting the Manager program write access to your client. Click Always.

31

McAfee Network Security Platform 5.1

Working with Manager software

Java runtime engine: You must install this plug-in to view objects in the Manager Home page and other areas of the Manager program, such as the Threat Analyzer. You can opt to display your company's logo and accompanying text on the Manager Login page. For details, see Adding a Log-on Banner, Manager Server Configuration Guide.

Properly shutting down Network Security Manager services


Properly shutting down the Manager prevents data corruption by allowing data transfer and other processes to gracefully end prior to machine shutdown. Proper shutdown of Manager services requires the following steps be performed: 1 2 3 4 5 Close all client connections. See Closing all client connections to the Manager (on page 32). Stop the McAfee Network Security Manager service. Stop the McAfee Network Security Manager User Interface service. Stop the McAfee Network Security Manager Watchdog service. Stop the McAfee Network Security Manager MySQL service.

Note 1: You can complete steps 2 through 4 using the Network Security Platform system tray icon or the Windows Control Panel. For step 5, you must use the Windows Control Panel. Note 2: In a crash situation, the Manager will attempt to forcibly shut down all its services.

Closing all client connections to the Manager


The following procedure details the recommended steps for determining which users are currently logged on to the Network Security Manager server. All client-session configuration and data review should be gracefully closed prior to server shutdown. 1 2 3 4 5 6 Log on to the Network Security Manager server via a browser session. Click Configure to open the Configuration page. In the Resource Tree, click the Manager node. The Manager Information page opens. Check the Current Application Users section of the Manager Information table to determine which users are logged in. Ask the users to close all Manager windows such as Threat Analyzer and Manager Home page and log out of all open browser sessions. Follow the appropriate procedure from Stopping Manager services, including the database (on page 32) to properly turn off Manager services prior to server shutdown.

Stopping Manager services, including the database


The following procedures each detail a proper way to shut down your Manager server.

32

McAfee Network Security Platform 5.1

Working with Manager software

Using the Network Security Platform system tray icon to stop Manager services (on page 33) Using the Control Panel to stop Manager services (on page 34)

Using the Network Security Platform system tray icon to stop Manager services
1 Right-click the Network Security Manager icon in your System Tray. The icon displays as an "M" enclosed in a shield.

Figure 21: Network Security Manager in the System Tray

2 3 4 5 6 7 8 9

Select Stop Manager. Once this service is completely stopped, continue to the next step. From the right-click menu, select Stop User Interface. Once this service is completely stopped, continue to the next step. From the right-click menu, select Stop Watchdog. Once this service is completely stopped, continue to the next step. Go to Start > Settings > Control Panel. Open Administrative Tools. Open Services. Find and select McAfee Network Security Manager Database in the services list under the Name column. Click the Stop Service button. Once this service is completely stopped, continue to the next step.

Figure 21: Stopping the MySQL Service

33

McAfee Network Security Platform 5.1

Working with Manager software

10 You can now safely shut down/reboot your server.

Using the Control Panel to stop Network Security Manager services


1 2 3 4 5 Go to Start > Settings > Control Panel. Open Administrative Tools. Open Services. Select McAfee Network Security Manager Service in the services list under the Name column. Click the Stop Service button. Once this service is completely stopped, continue to the next step.

Figure 22: Services

6 7

Find and select McAfee Network Security Manager Database in the services list under the Name column. Click the Stop Service button. Once this service is completely stopped, continue to the next step.

34

McAfee Network Security Platform 5.1

Working with Manager software

Figure 23: Stopping the MySQL Service

8 9

Find and select McAfee Network Security Manager User Interface in the services list under the Name column. Click the Stop Service button. Once this service is completely stopped, continue to the next step.

10 Find and select McAfee Network Security Manager Watchdog in the services list under the Name column. 11 Click the Stop Service button. Once this service is completely stopped, continue to the next step. 12 You can now safely shut down/reboot your server.

Starting Network Security Central Manager


This section assumes you have permissions granting you access to the Central Manager software. In Network Security Central Manager, this translates to a Super User role at the root admin domain. Your actual view of the interface may differ, depending on the role you have been assigned within Network Security Platform. For example, certain tasks may be unavailable to you if your role denies you access. If you find you are unable to access a screen or perform a particular task, consult your Network Security Platform Super User. Important: For testing purposes, you can access the Central Manager from the server. For working with the Central Manager, McAfee recommends that you access the Central Manager from a client machine because running the Central Manager interface client session on the server can result in slower performance due to program dependencies, such as Java, which may consume a lot of memory. To start the Central Manager, do the following: 1 Make sure the following services are running on the Central Manager server: McAfee Network Security Central Manager McAfee Network Security Central Manager Database McAfee Network Security Central Manager User Interface

35

McAfee Network Security Platform 5.1

Working with Manager software

McAfee Network Security Central Manager Watchdog

Open the Central Manager using the shortcut icon that you created during installation. The interface opens in an Internet Explorer window in HTTPS mode for secure communication. To log on to Central Manager, see Logging onto Central Manager (on page 36).

To access Central Manager from a client machine: 1 2 3 Start a browser that supports the Central Manager and then type the URL of the Central Manager server: https://<hostname or host-IP>. Make sure the Pop-up Blocker is turned off in the browser. Log on to the Central Manager.

Logging onto Central Manager


To log onto the Central Manager: 1 Do one of the following: For initial logon after a new installation: For Login ID, type nscmadmin. For Password, type admin123.

Figure 24: The Central Manager Login Page

Note: For upgrades from 4.1 to 5.1, the login ID is the same as it was in 4.1. Tip: McAfee strongly recommends that you change the default username and password as one of your first operations within the system. If you are not the McAfee Network Security Platform System administrator/Super User: Type the Login ID supplied to you by your administrator Type the valid Password for the specified Login ID

36

McAfee Network Security Platform 5.1

Working with Manager software

Click Log In or press Enter. The Central Manager Home page appears as shown in Accessing Central Manager Home page During initial logon (per client), Network Security Platform prompts you to install the following: Security certificate granting the Central Manager program write access to your client. Click Always.

Java Runtime Engine: You must install this plug-in to view objects in the Central Manager Home page and other areas of the Central Manager program, such as the UDS. You can opt to display your company's logo and accompanying text on the Central Manager Login page.For details, see Adding a Log-on Banner, Manager Server Configuration Guide.

Properly shutting down Central Manager


Properly shutting down the Central Manager prevents data corruption by allowing data transfer and other processes to gracefully end prior to machine shutdown. Proper shutdown of Central Manager services requires the following steps be performed: 1 2 3 4 5 Close all client connections. Stop the McAfee Network Security Central Manager service. Stop the McAfee Network Security Central Manager User Interface service. Stop the McAfee Network Security Central Manager Watchdog service. Stop the McAfee Network Security Central Manager MySQL service.

Note: You can complete steps 2 through 4 using the Network Security Platform system tray icon or the Windows Control Panel. For step 5, you must use the Windows Control Panel. The following procedures each detail a proper way to shut down the Central Manager. Using the Network Security Central Manager system tray icon to stop Central Manager services (on page 37) Using the Control Panel to stop Central Manager services (on page 39)

Using the Central Manager system tray icon


1 Right-click the Central Manager Service icon in your System Tray. The icon displays as an "M".

Figure 25: System Tray Icon

37

McAfee Network Security Platform 5.1

Working with Manager software

Select Stop Central Manager. Once this service is completely stopped, continue to the next step.

Figure 26: Stop Central Manger - Right-Click Menu

3 4 5 6 7 8

From the right-click menu, select Stop User Interface. Once this service is completely stopped, continue to the next step. From the right-click menu, select Stop Watchdog. Once this service is completely stopped, continue to the next step. Go to Start > Settings > Control Panel. Open Administrative Tools. Open Services. Find and select McAfee Network Security Central Manager Database in the services list under the Name column.

Figure 27: NSM Database Service

Click the Stop Service button. Once this service is completely stopped, continue to the next step.

10 You can now safely shut down/reboot your server.

38

McAfee Network Security Platform 5.1

Working with Manager software

Using the Control Panel


1 2 3 4 5 6 7 8 9 Go to Start > Settings > Control Panel. Open Administrative Tools. Open Services. Select McAfee Network Security Central Manager Service in the services list under the Name column. Click the Stop Service button. Once this service is completely stopped, continue to the next step. Select McAfee Network Security Manager Database in the services list under the Name column. Click the Stop Service button. Once this service is completely stopped, continue to the next step. Find and select McAfee Network Security Manager User Interface in the services list under the Name column. Click the Stop Service button. Once this service is completely stopped, continue to the next step.

10 Find and select McAfee Network Security Manager Watchdog in the services list under the Name column. 11 Click the Stop Service button. Once this service is completely stopped, continue to the next step. 12 You can now safely shut down/reboot your server.

39

CHAPTER 6

Authenticating Access to the Manager using CAC


Common Access Card (CAC) is a smart card that is used for general identification as well as authentication of user access to secure networks. CAC holds a unique digital certificate and user information such as photograph, personal identification number (PIN) and signature to identify each user. Network Security Platform provides an option of authentication of users who tried to log onto the Manager based on their smart card verification. When a smart card reader is connected to your Manager client, and a user swipes a smart card, the card reader authenticates if the digital certificate and the user information are trusted and valid. If the user information is trusted, the client browser retrieves the certificate from CAC, with the help of the CAC software and sends it to the Manager. The Manager receives the certificate, verifies if the certificate issued is from a trusted Certificate Authority (CA). If the certificate is from a trusted CA, a secure session is established and the user is permitted to log on. At a high level, authenticating user access to the Manager through CAC can be brought about by a 4-step process: Verify the CAC certificate format Set up user accounts Enable CAC authentication Log on to the Manager using CAC

Verifying the CAC certificate format


.pem is the universal standard to read digital certificate files. If your CA certificate is using other formats such as .cer, you need to convert those to .pem format. To convert a .cer certificate to .pem format: 1 Open the command prompt, locate the OpenSSL/bin folder, and execute the following command: openssl x509 -in <XXX.cer> -inform DER -out <YYY.pem> -outform PEM All the PEM-encoded certificate can be combined into one master CA file, and the SSLCACertificateFile must contain a list of Root CAs and intermediary CAs that are trusted by the Manager.

Setting up CAC users in the Manager


1 Connect the smart card reader to your Manager client through a USB port. The smart card reader can be connected to a Manager server, if the server doubles up as a Manager client. a Refer the card reader manufacturer's recommendations for the necessary device drivers to be installed. b Install the ActivIdentify and ActivClient CAC software on the Manager client. These software are provided to you along with the card reader device and help validate the digital certificate and user information stored in the card.

40

McAfee Network Security Platform 5.1

Authenticating Access to the Manager using CAC

Note: McAfee currently supports integration with smart card reader model SCR3310 from TxSystems. 2 3 Insert a card into the card reader. Open the CAC Client software > Smart Card Info > User Name. The user name is a combination of alphanumeric characters and a few special characters like "." or spaces. For example, "BROWN.JOHN.MR .0123456789" Log onto the Manager and create a user with the exact same name that is, "BROWN.JOHN.MR .0123456789". Close the current browser session of the Manager.

4 5

Enabling CAC authentication


The CAC authentication feature is disabled by default. It is mandatory to setup the CAC user accounts, before enabling it. To enable CAC, do the following: Note: CAC Authentication can be enabled only through the MySQL command line. 1 Log onto the MySQL command line and enter: update iv_emsproperties set value='TRUE' where name='iv.access.control.authentication.requireClientCertificate BasedAuthentication' Perform the following tasks:
a.

Change the corresponding Apache files to enable Client-Authentication: Apache/conf/iv_ssl.conf Uncomment the following lines: #RewriteRule ^(.*)$ - [E=RedirectPort=444] #Listen 0.0.0.0:444

b.

c. d.

Set SSLCACertificateFile attribute to point to the file containing the trusted CA Certificates. In Apache/conf/iv_ssl_mapping.conf , uncomment the following line: #RewriteRule ^(.*)$ - [E=RedirectPort=444]

3 4 5 6

Close all client connections. Stop the McAfee Network Security Manager service. Stop the McAfee Network Security Manager User Interface service.

Restart both the McAfee Network Security Manager service and the McAfee Network Security Manager User Interface service. For details on how to close client connections, stop/ restart the Manager services etc., see Properly shutting down Network Security Manager services (on page 32).

Logging onto the Manager using CAC authentication


1 2 3 Insert a card into the card reader. Start a fresh browser session for the Manager. You are prompted to choose a CA certificate. Select the certificate. You are prompted to enter the PIN.

41

McAfee Network Security Platform 5.1

Authenticating Access to the Manager using CAC

Enter the PIN. A maximum of 3 attempts is allowed while entering PIN, following which, the user will be locked out. If the user name, certificate, and PIN match, you are directly given access to the Manager Home Page.

Troubleshooting Tips
If the card is not inserted in the card reader, the Manager will not be accessible in this setup. When authenticating users through CAC, you do not have to enter your Manager user name and password while logging on. If you are locked out after entering invalid PIN, you can use the ActivClient CAC software to get a new PIN. If you are unable to view the Manager Login page after CAC authentication has been enabled, it means that the CAC certificate was NOT signed by a trusted CA listed in the SSLCACertificateFile. To remedy the problem, import the relevant CA into the SSLCACertificateFile trusted CA list. You have imported the relevant CA into the SSLCACertificateFile trusted CA list, and yet you are unable to view the Manager Login page, then check whether a firewall is blocking your access to destination port 444 on the Manager server. If you are able to view the Manager Login page but are unable to log onto the Manager, it means that the user name on the CAC card does not match the user name in the Manager database. To remedy the problem, verify that the user name on the CAC card exactly matches the Manager user name.

42

CHAPTER 7

Uninstalling the Manager


You uninstall McAfee Network Security Manager (Manager) and McAfee Network Security Central Manager (Central Manager) using the standard Windows Add/Remove Programs feature.

Uninstalling using Add/Remove Programs


You must have Administrator privileges on your Windows server to uninstall Network Security Manager or Network Security Central Manager. Follow the steps given below for uninstalling Central Manager and Manager.

To uninstall the Manager software:

Note: McAfee recommends you stop the Manager service and applicable Java services before starting an uninstall. If not, you will have to manually delete files from the Network Security Platform program folder. 1 Go to Start > Settings > Control Panel > Add/Remove Programs and select Network Security Platform.

Figure 28: Uninstalling the Manager

43

McAfee Network Security Platform 5.1

Uninstalling the Manager

2 3

Click Uninstall to start the uninstallation process. After uninstallation, the message "All items were successfully uninstalled" message is displayed.

Figure 29: Uninstall Complete

Note: Uninstallation of the Network Security Platform database (MySQL) is not part of this uninstallation.

Figure 30: Uninstall Complete

44

McAfee Network Security Platform 5.1

Uninstalling the Manager

Uninstalling via script


You can also uninstall the Network Security Manager/Network Security Central Manager by executing a script from the Network Security Platform program folder.

To uninstall via script:


Navigate to the directory containing the uninstallation script. The default path is:
<Network Security Platform installation directory\Manager\App\UninstallerData

1 2

Run Uninstall ems.exe.

45

V
VMware platform...................................................... 4

Index
A
about the Update Server .......................................... 3

C
CA 40 CAC........................................................................ 40 CAC software ......................................................... 40 conventions ............................................................. vi

D
dedicated interface................................................. 10

H
hosting ISM on VMware ........................................... 4

I
import command .................................................... 23

M
McAfee Network Security Central Manager ............. 1 Central Manger services ....................... 35, 37, 39

N
Network Security Platform........................................ 1 system components ............................................ 1 Network Security Platform Update Server See Update Server............................................. 3

T
technical support .....................................................vii

U
Update Server Update Server ..................................................... 4