Академический Документы
Профессиональный Документы
Культура Документы
Copyright Statement Copyright IBM Corporation 1994, 2008. IBM Global Services Route 100 Somers, NY 10589 U.S.A. Produced in the United States of America. All Rights Reserved.
iii
iv
Contents
Trademarks and Disclaimer . . . . . . iii Overview . . . . . . . . . . . . . . vii
How to Use the SP2001 Appliance Documentation vii Getting Technical Support. . . . . . . . . . ix Safety, Environmental, and Electronic Emissions Notices . . . . . . . . . . . . . . . . x
Chapter 6. Troubleshooting . . . . . . 27
Restoring Factory Defaults . . Issue Related to the LCD Panel . . . . . . . . . . . . . . 28 . 29
Index . . . . . . . . . . . . . . . 33
vi
Overview
Introduction
The SiteProtector SP2001 Hardware Configuration Guide contains the information you need to configure the IBM Proventia Management SiteProtector SP2001 appliance hardware.
Scope
This guide provides procedures for configuring the SiteProtector SP2001 appliance hardware and Windows administration options. This guide is designed to be a companion to the SiteProtector documentation suite. After you have configured the SiteProtector SP2001 appliance hardware, use the SiteProtector Configuration Guide to configure the SiteProtector security management software.
Audience
This guide is intended for network or security administrators or any other individuals who are responsible for configuring the SiteProtector SP2001 appliance and managing network security. This guide assumes that you have a working knowledge of network devices and Microsoft administration tasks.
Document organization
This document is organized into logical units, as described in the following table:
Chapter Chapter 2, Before You Begin, on page 7 Description Contains background information, prerequisites, and procedures for configuring the SiteProtector SP2001 appliance hardware. Contains procedures for configuring the SiteProtector SP2001 appliance hardware and for accessing the SiteProtector software on the SiteProtector SP2001 appliance from the SiteProtector Console. To support less experienced users, this chapter provides significantly more background information than the SiteProtector SP2001 Getting Started Card.
vii
Description Contains procedures for configuring the SiteProtector SP2001 appliance administration options using the SiteProtector Console. If you configured the SiteProtector SP2001 appliance hardware using the SiteProtector SP2001 Getting Started Card, start here to continue the configuration process. Contains procedures for optional hardware and server administration tasks.
The following table describes other documents in the SiteProtector documentation suite:
Document SiteProtector SP2001 Getting Started Card Content Contains the minimal information required to configure SiteProtector SP2001 appliance hardware and to connect it to the Console. If you are an experienced hardware administrator and do not need significant background information about the tasks that you perform, consider using this card to configure the SiteProtector SP2001 appliance hardware. Contains information about configuring, updating, and maintaining the SiteProtector security management software. Contains information about configuring policies and responses, including Central Responses. Contains all the procedures that you need to use SiteProtector, including some procedures that may not be available in a printed user document. Contains the following: v information about SiteProtector logs that you may need for troubleshooting v database schema diagrams SiteProtector Supported Agents and Appliances Contains information about agents and appliances that work with SiteProtector.
Related publications
The user documents for SiteProtector and related products are available as portable document format (PDF) files in the following places: v the IBM ISS Web site at http://www.iss.net/support/documentation v the Deployment Manager, if installed at your Site
viii
Licensing agreement
For licensing information on IBM Internet Security System products, download the IBM Licensing Agreement from:http://www-935.ibm.com/services/us/iss/html/ contracts_landing.html
Hours of support
The following table provides hours for Technical Support at the Americas and other locations:
Location Americas All other locations Hours 24 hours a day Monday through Friday, 9:00 A.M. to 6:00 P.M. during their local time, excluding IBM ISS published holidays Note: If your local support office is located outside the Americas, you may call or send an email to the Americas office for help during off-hours.
Contact information
For contact information, go to the IBM Internet Security Systems Contact Technical Support Web page at http://www-935.ibm.com/services/us/index.wss/offering/ iss/a1029178.
Overview
ix
DANGER notices
DANGER To prevent a possible shock from touching two surfaces with different protective ground (earth), use one hand, when possible, to connect or disconnect signal cables. (D001)
DANGER Overloading a branch circuit is potentially a fire hazard and a shock hazard under certain conditions. To avoid these hazards, ensure that your system electrical requirements do not exceed branch circuit protection requirements. Refer to the information that is provided with your device or the power rating label for electrical specifications. (D002)
DANGER If the receptacle has a metal shell, do not touch the shell until you have completed the voltage and grounding checks. Improper wiring or grounding could place dangerous voltage on the metal shell. If any of the conditions are not as described, STOP. Ensure the improper voltage or impedance conditions are corrected before proceeding. (D003)
DANGER An electrical outlet that is not correctly wired could place hazardous voltage on the metal parts of the system or the devices that attach to the system. It is the responsibility of the customer to ensure that the outlet is correctly wired and grounded to prevent an electrical shock. (D004)
DANGER When working on or around the system, observe the following precautions: Electrical voltage and current from power, telephone, and communication cables are hazardous. To avoid a shock hazard: v Connect power to this unit only with the IBM ISS provided power cord. Do not use the IBM ISS provided power cord for any other product. v Do not open or service any power supply assembly. v Do not connect or disconnect any cables or perform installation, maintenance, or reconfiguration of this product during an electrical storm. v The product might be equipped with multiple power cords. To remove all hazardous voltages, disconnect all power cords. v Connect all power cords to a properly wired and grounded electrical outlet. Ensure that the outlet supplies proper voltage and phase rotation according to the system rating plate. v Connect any equipment that will be attached to this product to properly wired outlets. v When possible, use one hand only to connect or disconnect signal cables. v Never turn on any equipment when there is evidence of fire, water, or structural damage. v Disconnect the attached power cords, telecommunications systems, networks, and modems before you open the device covers, unless instructed otherwise in the installation and configuration procedures. v Connect and disconnect cables as described in the following procedures when installing, moving, or opening covers on this product or attached devices. To disconnect: 1. Turn off everything (unless instructed otherwise). 2. Remove the power cords from the outlets. 3. Remove the signal cables from the connectors. 4. Remove all cables from the devices. To 1. 2. 3. 4. 5. connect: Turn off everything (unless instructed otherwise). Attach all cables to the devices. Attach the signal cables to the connectors. Attach the power cords to the outlets. Turn on the devices.
(D005)
CAUTION notices
CAUTION: Data processing environments can contain equipment transmitting on system links with laser modules that operate at great than Class 1 power levels. For this reason, never look into the end of an optical fiber cable or open receptacle. (C027)
Overview
xi
CAUTION: The battery contains lithium. To avoid possible explosion, do not burn or charge the battery. Do not: v Throw or immerse into water v Heat to more than 100C (212F) v Repair or disassemble Exchange only with the IBM ISS-approved part. Recycle or discard the battery as instructed by local regulations. In the United States, IBM ISS has a process for the collection of this battery. For information, call 1-800-426-4333. Have the IBM ISS part number for the battery unit available when you call. (C003) CAUTION: For 19 rack mount products: v Do not install a unit in a rack where the internal rack ambient temperatures will exceed the manufacturers recommended ambient temperature for all your rack-mounted devices. v Do not install a unit in a rack where the air flow is compromised. Ensure that air flow is not blocked or reduced on any side, front, or back of a unit used for air flow through the unit. v Consideration should be given to the connection of the equipment to the supply circuit so that overloading the circuits does not compromise the supply wiring or overcurrent protection. To provide the correct power connection to a rack, refer to the rating labels located on the equipment in the rack to determine the total power requirement of the supply circuit. v (For sliding drawers) Do not pull or install any drawer or feature if the rack stabilizer brackets are not attached to the rack. Do not pull out more than one drawer at a time. The rack might become unstable if you pull out more than one drawer at a time. v (For fixed drawers) This drawer is a fixed drawer and must not be moved for servicing unless specified by the manufacturer. Attempting to move the drawer partially or completely out of the rack might cause the rack to become unstable or cause the drawer to fall out of the rack. (R001 Part 2 of 2)
xii
DANGER Multiple power cords. The product might be equipped with multiple power cords. To remove all hazardous voltages, cdisconnect all power cords. (L003)
Overview
xiii
Laser compliance
All lasers are certified in the U.S. to conform to the requirements of DHHS 21 CFR Subchapter J for class 1 laser products. Outside the U.S., they are certified to be in compliance with IEC 60825 as a class 1 laser product. Consult the label on each part for laser certification numbers and approval information.
xiv
Notice: This mark applies only to countries within the European Union (EU) and Norway. Appliances are labeled in accordance with European Directive 2002/96/EC concerning waste electrical and electronic equipment (WEEE). The Directive determines the framework for the return and recycling of used appliances as applicable through the European Union. This label is applied to various products to indicate that the product is not to be thrown away, but rather reclaimed upon end of life per this Directive. In accordance with the European WEEE Directive, electrical and electronic equipment (EEE) is to be collected separately and to be reused, recycled, or recovered at end of life. Users of EEE with the WEEE marking per Annex IV of the WEEE Directive, as shown above, must not dispose of end of life EEE as unsorted municipal waste, but use the collection framework available to customers for the return, recycling, and recovery of WEEE. Customer participation is important to minimize any potential effects of EEE on the environment and human health due to the potential presence of hazardous substances in EEE. For proper collection and treatment, contact your local IBM representative.
Remarque: Cette marque sapplique uniquement aux pays de lUnion Europenne et la Norvge. Letiquette du systme respecte la Directive europenne 2002/96/EC en matire de Dchets des Equipements Electriques et Electroniques (DEEE), qui dtermine les dispositions de retour et de recyclage applicables aux systmes utiliss travers lUnion europenne. Conformment la directive, ladite tiquette prcise que le produit sur lequel elle est appose ne doit pas tre jet mais tre rcupr en fin de vie.
Overview
xv
on disposal of batteries outside the United States, go to http://www.ibm.com/ ibm/environment/products/ batteryrecycle.shtm or contact your local waste disposal facility. In the United States, IBM has established a return process for reuse, recycling, or proper disposal of used IBM sealed lead acid, nickel cadmium, nickel metal hydride, and other battery packs from IBM equipment. For information on proper disposal of these batteries, contact IBM at 1-800-426- 4333. Please have the IBM part number listed on the battery available prior to your call. For Taiwan:
Notice: This mark applies only to countries within the European Union (EU). Batteries or packing for batteries are labeled in accordance with European Directive 2006/66/EC concerning batteries and accumulators and waste batteries and accumulators. The Directive determines the framework for the return and recycling of used batteries and accumulators as applicable throughout the European Union. This label is applied to various batteries to indicate that the battery is not to be thrown away, but rather reclaimed upon end of life per this Directive. Les batteries ou emballages pour batteries sont tiquets conformment aux directives europennes 2006/66/EC, norme relative aux batteries et accumulateurs en usage et aux batteries et accumulateurs uss. Les directives dterminent la marche suivre en vigueur dans lUnion Europenne pour le retour et le recyclage des batteries et accumulateurs uss. Cette tiquette est applique sur diverses batteries pour indiquer que la batterie ne doit pas tre mise au rebut mais plutt rcupre en fin de cycle de vie selon cette norme.
xvi
In accordance with the European Directive 2006/66/EC, batteries and accumulators are labeled to indicate that they are to be collected separately and recycled at end of life. The label on the battery may also include a symbol for the metal concerned in the battery (Pb for lead, Hg for the mercury, and Cd for cadmium). Users of batteries and accumulators must not dispose of batteries and accumulators as unsorted municipal waste, but use the collection framework available to customers for the return, recycling, and treatment of batteries and accumulators. Customer participation is important to minimize any potential effects of batteries and accumulators on the environment and human health due to potential presence of hazardous substances. For proper collection and treatment, contact your local IBM representative. For California: Perchlorate Material - special handling may apply. See http://www.dtsc.ca.gov/ hazardouswaste/perchlorate. The foregoing notice is provided in accordance with California Code of Regulations Title 22, Division 4.5, Chapter 33. Best Management Practices for Perchlorate Materials. This product, part, or both may include a lithium manganese dioxide battery which contains a perchlorate substance.
Overview
xvii
Note: This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. Canadian Department of Communications Compliance Statement This Class A digital apparatus complies with Canadian ICES-003. Avis de conformit aux normes du ministre des Communications du Canada Cet appareil numrique de las classe A est conform la norme NMB-003 du Canada. European Union (EU) Electromagnetic Compatibility Directive This product is in conformity with the protection requirements of EU Council Directive 2004/108/ EEC on the approximation of the laws of the Member States relating to electromagnetic compatibility. IBM ISS cannot accept responsibility for any failure to satisfy the protection requirements resulting from a non-recommended modification of the product, including the fitting of non-IBM ISS option cards. This product has been tested and found to comply with the limits for Class A Information Technology Equipment according to European Standard EN 55022. The limits for Class equipment were derived for commercial and industrial environments to provide reasonable protection against interference with licensed communication equipment. Warning: This is a Class A product. In a domestic environment, this product may cause radio interference in which case the user may be required to take adequate measures. European Community contact: IBM Technical Regulations Pascalstr. 100, Stuttgart, Germany 70569 Telephone: 0049 (0) 711 785 1176 Fax: 0049 (0) 711 785 1283 e-mail: tjahn@de.ibm.com EC Declaration of Conformity (In German) Deutschsprachiger EU Hinweis: Hinweis fr Gerte der Klasse A EU-Richtlinie zur Elektromagnetischen Vertrglichkeit Dieses Produkt entspricht den Schutzanforderungen der EU-Richtlinie 89/336/EWG zur Angleichung der Rechtsvorschriften ber die elektromagnetische Vertrglichkeit in den EUMitgliedsstaaten und hlt die Grenzwerte der EN 55022 Klasse A ein. Um dieses sicherzustellen, sind die Gerte wie in den Handbchern beschrieben zu installieren und zu betreiben. Des Weiteren drfen auch nur von der IBM empfohlene Kabel angeschlossen werden. IBM bernimmt keine Verantwortung fr die Einhaltung der Schutzanforderungen, wenn das Produkt ohne Zustimmung der
xviii
IBM verndert bzw. wenn Erweiterungskomponenten von Fremdherstellern ohne Empfehlung der IBM gesteckt/eingebaut werden. EN 55022 Klasse A Gerte mssen mit folgendem Warnhinweis versehen werden: Warnung: Dieses ist eine Einrichtung der Klasse A. Diese Einrichtung kann im Wohnbereich Funk-Strungen verursachen; in diesem Fall kann vom Betreiber verlangt werden, angemessene Manahmen zu ergreifen und dafr aufzukommen. Deutschland: Einhaltung des Gesetzes ber die elektromagnetische Vertrglichkeit von Gerten Dieses Produkt entspricht dem Gesetz ber die elektromagnetische Vertrglichkeit von Gerten (EMVG). Dies ist die Umsetzung der EU-Richtlinie 89/336/EWG in der Bundesrepublik Deutschland. Zulassungsbescheinigung laut dem Deutschen Gesetz ber die elektromagnetische Vertrglichkeit von Gerten (EMVG) vom 18. September 1998 (bzw. der EMC EG Richtlinie 89/336) fr Gerte der Klasse A. Dieses Gert ist berechtigt, in bereinstimmung mit dem Deutschen EMVG das EGKonformittszeichen - CE - zu fhren. Verantwortlich fr die Konformittserklrung nach Paragraf 5 des EMVG ist die IBM Deutschland GmbH, 70548 Stuttgart. Informationen in Hinsicht EMVG Paragraf 4 Abs. (1) 4: Das Gert erfllt die Schutzanforderungen nach EN 55024 und EN 55022 Klasse A update: 2004/12/07 Peoples Republic of China Class A Compliance Statement: This is a Class A product. In a domestic environment, this product may cause radio interference in which case the user may need to perform practical actions.
Japan Class A Compliance Statement: This product is a Class A Information Technology Equipment and conforms to the standards set by the Voluntary Control Council for Interference by Information Technology Equipment (VCCI). In a xviii IBM Internet Security Systems domestic environment, this product may cause radio interference in which case the user may be required to take adequate measures.
Overview
xix
xx
Topics
What is the SiteProtector SP2001 Appliance? SiteProtector Components on page 2 Proventia Server IPS for Windows on page 4
Included components
SiteProtector SP2001 appliance components and agents include the following: v Components that provide the basic functionality necessary to accept, monitor, and analyze network events, such as the Agent Manager or Event Collector. See SiteProtector Components on page 2 for a description of each component. v Components that provide additional security and management functions, such as the SiteProtector Reporting component. Note: SecurityFusion module is not preinstalled on the SiteProtector SP2001 appliance. You must install this component on a separate computer. v IBM Proventia Server Intrusion Prevention System (IPS) for Windows, which provides host security protection for the SiteProtector SP2001 appliance.
Installed SiteProtector Components Agent Manager Console (user must install separately) SiteProtector Database Event Collector SP Core (See SiteProtector Components for details) Proventia Server IPS SiteProtector SecurityFusion module Event Archiver
Optional SiteProtector Components Deployment Manager Event Viewer X-Press Update Servers
Included licenses
The SiteProtector SP2001 appliance includes licenses for the SiteProtector Reporting component, Proventia Server IPS, and the SecurityFusion module.
SiteProtector Components
The SiteProtector SP2001 appliance consists of required and optional SiteProtector components that provide the base functionality necessary to accept, monitor, and analyze network events. Depending on your Site requirements, you may need to install more than one of some components.
Component descriptions
The following table describes the SiteProtector components:
SiteProtector Component Console Description Use the SiteProtector Console to perform most SiteProtector functions, such as monitoring events, scheduling scans, generating reports, and configuring agents. You can also use the SiteProtector Console to configure the SiteProtector SP2001 appliances administration options. The Event Collector manages real-time events from agents and vulnerability data from scanners. The SiteProtector database stores raw agent data, occurrence metrics (statistics for security events triggered by agents), group information, command and control data, and the status of X-Press Updates (XPUs).
Event Collector
Site Database
Description The SP core includes the following components: v The Application Server, which includes the Sensor Controller component, enables communication between the SiteProtector Console and the SiteProtector database. v The X-Press Update Server stores X-Press Updates (XPUs) downloaded from the IBM ISS Download center and makes them available to the agents and components on the network. The Update Server eliminates the need to download updates for similar products more than once and allows users to manage the update process more efficiently. v SiteProtector Web Access is a interface that provides easy access to SiteProtector for running reports and monitoring assets and security events.
SiteProtector Firmware
SiteProtector firmware consists of the operating system and the database that runs on the SiteProtector SP2001 appliance hardware. The Agent Manager manages the command and control activities of the Desktop Protection agents, Proventia Server IPS and Proventia Network MFS, and X-Press Update Server; and it also facilitates data transfer from agents to the Event Collector. The SiteProtector system SecurityFusion Module greatly increases your ability to quickly identify and respond to critical threats at your Site. Using advanced correlation and analysis techniques, the Module identifies both high impact events and patterns of events that may indicate attacks. Impact analysis The Module correlates intrusion detection events with vulnerability assessment and operating system data and immediately estimates the impact of events. Note:
Agent Manager
Standalone XPress Update Servers (optional) In addition to the X-Press Update Server that is installed with the SP Core, you can install standalone X-Press Update Servers on separate computers. Event Archiver (optional) Store event data and improve performance by reducing the number of events the database must store. Note: See the SiteProtector Configuration Guide for information about configuring the Event Archiver.
Description The Deployment Manager is a Web server that lets you install any of the SiteProtector components and agents on computers on your network. The SiteProtector Event Viewer receives unprocessed events from the Event Collector to provide near real time access to security data for troubleshooting.
System requirements
To obtain a copy of the System Requirements for SiteProtector Version 2.0 Service Pack 7.0, go to the following link: http://www.iss.net/support/documentation. Note: The System Requirements document only applies to add-on components because the SiteProtector SP2001 appliance hardware meets all SiteProtector requirements.
Firewall
Topics
Requirements and Considerations Pre-configuration Checklists on page 9
Unsupported configurations
IBM ISS does not support customized configurations. To avoid putting the SiteProtector SP2001 appliance in an unsupported state, do not do the following: v install, reinstall, or remove applications from the SiteProtector SP2001 appliance v add the SiteProtector SP2001 appliance to a network domain in which domain group policies require Windows Automatic updates v apply hardened Windows security policies that could make the SiteProtector SP2001 appliance unusable To return the SiteProtector SP2001 appliance to a supported state, you must restore the SiteProtector SP2001 appliance to its factory image or default settings, which erases all data, including events from the database. Reference: See Restoring Factory Defaults on page 28.
Add-on components
The following add-on components come preinstalled on the SiteProtector SP2001 appliance. To enable these components, you must add the license files: v Proventia Server IPS v SiteProtector Reporting Note: See Installing License Files on page 20.
Automatic restarts
To ensure that important configuration changes are saved, the SiteProtector SP2001 appliance automatically restarts. This only occurs if you change the following settings: v IP address v Host name v Server language
Pre-configuration Checklists
Review the checklists in this topic to ensure that you have the items you need before you proceed with the configuration process. This topic includes the following checklists: v Information required v Cables required
U h
Description The IP address of the domain name server that the SiteProtector SP2001 appliance will use. Example: 192.168.1.1
Your setting:
10
Topics
SiteProtector SP2001 Appliance Configuration Checklist on page 12 The SiteProtector SP2001 Appliance Front Panel on page 13 The SiteProtector SP2001 Appliance Back Panel on page 14 Connecting the SiteProtector SP2001 Appliance on page 14 Configuring the SiteProtector SP2001 Appliance to Communicate with the Network on page 15 Installing and Starting the SiteProtector Console on page 17
11
Prerequisites
Before you configure your SiteProtector SP2001 appliance, you must have completed the following tasks: v Ensure that you meet the requirements for configuring the SiteProtector SP2001 appliance. See Requirements and Considerations on page 7. v Gather the initial configuration items, including cables and network information. See Pre-configuration Checklists on page 9.
Checklist
Use the checklist in the following table as a guide to help you perform the tasks in this chapter. The check boxes are provided as a convenience to help you check off the tasks as you complete them:
U h Task 1 Description Connect the cables and start the SiteProtector SP2001 appliance. SeeConnecting the SiteProtector SP2001 Appliance on page 14. h 2 Specify network information, such as IP addresses, gateways, and subnet masks. See Configuring the SiteProtector SP2001 Appliance to Communicate with the Network on page 15. h 3 Download, install, and point the SiteProtector Console to the SiteProtector SP2001 appliance. See Installing and Starting the SiteProtector Console on page 17.
12
13
1. 2. 3. 4. 5.
Keyboard port Mouse port Serial port Management Interface (NIC) Unused port
6. VGA port 7. USB ports 8. Power supplies Note: Use the VGA ports when you perform a procedure that requires a monitor to be attached, such as restoring the SiteProtector SP2001 appliance to a supported state on Restoring Factory Defaults on page 28.
14
CAUTION: Do not change the SiteProtector SP2001 appliances host name or the IP address after the appliance has established communication with an external device. To do so will prevent the SiteProtector SP2001 appliance from communicating with the SiteProtector Console and any other external device. To re-establish this communication, you may be required to manually reconfigure the public and private keys that are exchanged between these devices, which can be a time-consuming and error prone process.
15
What to do next
You have now connected the SiteProtector SP2001 appliance to the network using the LCD panel, so you are ready to download the SiteProtector Console and point it to the appliance. From the SiteProtector Console, you can install licenses and change administrator and database passwords.
16
Note: The IBM ISS License Agreement appears only when you access this Web site for the first time. 5. Click the Install SiteProtector Console link. 6. Select Run to download the SiteProtector Console to your computer. 7. Select Run when asked to run this software to your computer. 8. Follow the steps on the SiteProtector Console - InstallShield Wizard to install the Console on your computer.
Note: Change this password as soon as possible. See Securing SP2001 Appliance Passwords on page 21. 6. Click OK.
17
18
Topics
SiteProtector Console Configuration Checklist Installing License Files on page 20 Choosing the SP2001 Appliance Language on page 20 Securing SP2001 Appliance Passwords on page 21 Setting the Date and Time on page 22
Checklist
Use the checklist in the following table as a guide to help you perform the tasks in this chapter. As you perform tasks, use the check boxes to check off the tasks that you have completed:
U h Task 1 Description Install the license files for the reporting, correlation, and security features. See Installing License Files on page 20. h 2 Select the SiteProtector SP2001 appliance language. See Choosing the SP2001 Appliance Language on page 20. h 3 Change the database and administrator passwords. See Securing SP2001 Appliance Passwords on page 21. h 4 Configure the date and time on the SiteProtector SP2001 appliance. See Setting the Date and Time on page 22. h 5 See the SiteProtector Configuration Guide to configure the SiteProtector security management software.
19
Procedure
1. In the SiteProtector Console, select Tools Licenses Agent/Module. 2. Click the Licenses tab. 3. Click Add. 4. Locate and select the Graphical Management Reporting license file that you downloaded. 5. Click OK. 6. Repeat Steps 3 through Step 5 to add the following licenses: v SecurityFusion module v Proventia Server IPS
Procedure
1. Select the System view. 2. In the left pane, expand the Site Node for the SiteProtector SP2001 appliance Site, and then click the Appliance icon. The Appliance Configuration interface appears in the right pane. 3. Select the Maintenance tab, and then click Language. 4. Select one of the language options from the list, and then click OK. The SiteProtector SP2001 appliance restarts.
20
Administrator passwords
The SiteProtector SP2001 appliance requires two administrator accounts that are configured with default user names and passwords. To avoid introducing a significant security vulnerability, you must change these passwords as soon as possible. The following table lists the default user names and passwords:
Account type Database administrator Windows administrator Default user name sa Administrator Default password ISSADMIN ISSADMIN
Important: For the best security practices, IBM ISS recommends that you use strong passwords and change these passwords frequently. See the Microsoft Windows Server 2003 documentation regarding the criteria required for creating strong passwords.
21
Procedure
1. Select the System view. 2. In the left pane, expand the Site Node for the SiteProtector SP2001 appliance Site, and then click the Appliance icon. The Appliance Configuration interface appears in the right pane. 3. Select the Maintenance tab, and then click Date/Time. 4. Type in the correct Date and Time, and then select the correct Time Zone. 5. If you want the server to keep track of daylight savings time, select the Automatically adjust clock for daylight savings time check box. 6. Click OK.
22
Topics
Starting and Shutting Down the SiteProtector SP2001 on page 24 Configuring SNMP Services on page 25 Securing the SiteProtector SP2001 Appliance Hardware on page 25
23
Procedure
1. Select the System view. 2. In the left pane, expand the Site Node for the SiteProtector SP2001 appliance Site, and then click the Appliance icon. The Appliance Configuration interface appears in the right pane. 3. Select the Maintenance tab, and then click Shutdown. 4. Click Restart to do one of the following:
Click this option... Restart Shutdown To do the following... Shut down, and then restart the SiteProtector SP2001 appliance Shut down, and then turn off the SiteProtector SP2001 appliance
5. Select either the elapsed time option or the day and time option, and then enter the desired values. 6. If you want to warn users before the shut down occurs, select the Send warning message to computers currently connected to this server check box. 7. Click OK.
24
Procedure
1. Select the System view. 2. In the left pane, expand the Site Node for the SiteProtector SP2001 appliance Site, and then click the Appliance icon. 3. The Appliance Configuration interface appears in the right pane. 4. Select the Network tab, and then click SNMP Service. 5. Do one of the following: v To enable SNMP services, select the SNMP Service Enabled check box. v To disable SNMP services, clear the SNMP Service Enabled check box. 6. Click OK.
Procedure
1. On the LCD panel, press the ENTER button. The Appliance PIN screen appears. 2. On the Appliance PIN screen, press ENTER, and then specify a 4-digit number in the field. 3. Press ENTER.
25
26
Chapter 6. Troubleshooting
This chapter contains information that can help you troubleshoot the SiteProtector SP2001 appliance hardware and Windows administration options.
Topics
Restoring Factory Defaults on page 28 Issue Related to the LCD Panel on page 29
27
Procedure
1. Restart the SiteProtector SP2001 appliance. Note: See Starting and Shutting Down the SiteProtector SP2001 on page 24 for details. The SiteProtector SP2001 appliance restarts and two boot options appear. 2. Select the Restore to Factory Image option, and then press ENTER. Note: This operation will overwrite all existing data on the application. 3. When you are prompted to confirm your choice, click Yes. 4. Read the IBM ISS license agreement, and then click Accept. 5. When the Windows Setup window appears, type the Product Key in the boxes provided. 6. Click Next, and then verify that the IBM ISS Proventia SP2001 is displayed on the LCD. Note: It may take several minutes for this to appear. 7. Refer to the following procedures in the chapters to reconfigure the SiteProtector SP2001 appliance: v Chapter 3, Connecting and Configuring the SiteProtector SP2001 Appliance, on page 11 v Chapter 4, Configuring the SiteProtector Console, on page 19
28
Chapter 6. Troubleshooting
29
30
Topic
Configuration Options
Configuration Options
This topic provides descriptions of the SiteProtector SP2001 appliance configuration options. These options are displayed in the Consoles System Administration tab.
Remote Desktop
Status
31
To do this... Set the server name, DNS suffix, and domain membership. Configure the IP address, DNS Server address, and WINS server address. Enable or disable the SNMP service. Configure global settings that apply to all network adapters. Change an administrator password.
Disks
Manage and configure disks, volumes, disk quotas, and storage-related features on the server. Create, edit, or delete local users on the server, and edit properties. Create, edit, or delete local groups on the server, and edit properties.
Users
Shares
Create folders, manage attributes, and set permissions. Create, delete, and edit the properties of each share. Enable, configure, and disable file-sharing protocols.
Maintenance
Set the date and time on the server. View, clear, download, and configure the Application, System, or Security logs. Change the language that is used by the server. Restart, shut down, or schedule a shut down of the server. Enable or disable access to the SiteProtector SP2001 appliance through the remote desktop client.
32
Index A
add-on components 8 Agent Manager 2 automatic restarts 8 SP Core 2 supported languages 20
T
technical support, IBM Internet Security Systems ix traffic allowed on the appliance 9
B
buffer overflow 5
D
default network settings provided by appliance 16
U
unsupported configurations 8
W E
Event Archiver 2 Event Collector 2 Web site, IBM Internet Security Systems ix
F
firewall 5
I
IBM Internet Security Systems technical support ix Web site ix ICMP 9 intrusion prevention 5
M
Microsoft Certificate of Authenticity 28
P
password administrator 21 Product Key important consideration for rack mounted appliances 7
R
remote desktop 9
S
safety notices x shut down send warning message before Simple Network Management Protocol 25 Site Database 2 SNMP 9 Copyright IBM Corp. 1994, 2008 24
33
34
Printed in USA