CH-3-SMS.pdf

Full Transcript

Lesson 3: Inspection Device Setup Lesson 3: Inspection Device Setup Lesson Objectives: After completing this lesson, participants will be able to: Apply a license to a device using the License Manager Demonstrate the inspection device Out-of-Box-Experience Perform basic tasks using the Local Security Manager (LSM) License Manager TPS Licensing System Concepts The license manager allows you to easily control the certificates and licenses you purchase for your Trend Micro TippingPoint Threat Protection System (TPS) products. This licensing model enables you to attach and detach speed and feature licenses for your TPS devices. From the license manager, you can also create and download the Virtual Threat Protection System (vTPS) license certificate package and download the Virtual Security Management System (vSMS) license certificate package. Accessing License Manager The License Manager can be accessed through the TMC. © 2022 Trend Micro Inc. Education 33 Lesson 3: Inspection Device Setup License Management The License Manager screen provides all the license information for the devices you have. Device Licenses The inspection throughput speed, software support, DV subscription, ThreatDV and SSL inspection (if attached) for each device license is displayed under License. 34 © 2022 Trend Micro Inc. Education Lesson 3: Inspection Device Setup Default and Licensed Throughput Before a license entitlement package is installed on a device, each device has a limited, default inspection throughput. Contact your sales representative to purchase an inspection throughput license compatible with your device to increase the inspection rate. Any TPS device inspection throughput license can be assigned to a compatible TPS device. For instance, a 1 Gbps inspection throughput license can be assigned to a 440T, 2200T, or vTPS device. The following table displays both the default inspection throughput and the inspection throughput options available for purchase for each device. Note: Before a license certificate package is installed on a vTPS device, the vTPS device is deployed in Trial Mode. The Trial Mode vTPS comes with limited feature capabilities. You must install the vTPS certificate package on the vTPS to deploy the vTPS in Standard Mode and activate the capabilities purchased with the license package. Device Default Inspection Throughput Purchasablle Inspection Throughput 8400TX, 8200TX 1 Gbps 3 Gbps, 5 Gbps, 10 Gbps, 15 Gbps, 20 Gbps, 30 Gbps, 40 Gbps 5500TX 100 Mbps 1 Gbps, 2 Gbps, 3Gbps, 5 Gbps 1100TX 100 Mbps 250 Mbps, 500 Mbps, 1 Gbps 2200T 200 Mbps 1 Gbps, 2 Gbps 440T 100 Mbps 250 Mbps, 500 Mbps, 1 Gbps vTPS 100 Mbps 250 Mbps, 500 Mbps, 1Gbps, 2 Gbps Network Security Instance 250 Mbps up to 10Gbps © 2022 Trend Micro Inc. Education 35 Lesson 3: Inspection Device Setup License Inventory The License Inventory tab will show you all of your current licenses and expiration dates. 36 © 2022 Trend Micro Inc. Education Lesson 3: Inspection Device Setup Out-of-Box Experience (OBE) Initial Device Setup at a Glance Inspection Devices SMS 115200/8/N/1 *9600/8/N/1 - Virtualization Console/Keyboard & Monitor Security Level Required Required Superuser Username Required Required Superuser Password Required Required Required for TMC Access Required for TMC Access - Optional (auto) Optional (myhostname) Optional (sms-server) Optional (room/rack) Optional (room or rack) - Optional (Customer COntact) Time Settings Time Zone, Daylight Savings, SNTP or Manual Time Zone, NTP or Manual Server Options - SSH/HTTPS NMS/Email - Optional No Yes, Always reboot Serial Console Speed *SMS Only 1 P/Mask/Gateway/DNS Mgmt Port Setup Host Name Host Location System Contact Reboot Required? Out-of–Box Experience (OBE) OBE is an acronym for Out of Box Experience. This is a common way to refer to the setup wizard. Note: In this class, we will not be using direct connections to the equipment, but rather going through a console terminal Please refer to your IP Assignment Sheet for how to connect to your console port. In the field, a console cable and a terminal set to 115200/8/N/1 (no flow control) is used to perform initial setup. © 2022 Trend Micro Inc. Education 37 Lesson 3: Inspection Device Setup Security Settings Level Description None Passwords must be at least 8 characters and no more than 32 Must contain at least 2 alphabetic characters Must contain at least 1 numeric characters Must contain at least 1 non-alphanumeric character (examples include ! ? $ * #) High - 38 User names must be at least 6 characters Medium (default) Password length is 32 characters Low User names and passwords are unrestricted Must contain at least 15 characters Must contain at least 1 uppercase character Must contain at least 1 lowercase character Must contain 1 numeric character Must contain 1 non-alphanumeric character Must be different from the previous password in at least half of the corresponding character positions. © 2022 Trend Micro Inc. Education Lesson 3: Inspection Device Setup Super-User Creation Once the security level is set, you will be asked to create an initial super user account. In the example seen here, we will use the name “SuperMan”. © 2022 Trend Micro Inc. Education 39 Lesson 3: Inspection Device Setup Login With New Account Once created, you will be able to login with the newly created account. Management Port Configuration 40 The setup wizard will walk you through the configuration process. Setting the IP address of management port is most important as this will allow the administrator to manage the device via HTTPS and SSH. You will have the option to set the following. IPv4 address and the Network mask. IPv6 is supported and configured at this time as well. A host name and location are also configured at this time. If you will be using a default gateway, you can select it at this time. Why would you require a default gateway? © 2022 Trend Micro Inc. Education Lesson 3: Inspection Device Setup Gateway & DNS Setup A default gateway is required to access the TMC and to receive updates which is strongly recommended. © 2022 Trend Micro Inc. Education 41 Lesson 3: Inspection Device Setup Timekeeping You will be presented with the timekeeping settings configuration next. Best practice is to set the device to the same time zone as the SMS. The SMS will be the timeserver for the device. Keeping the device and SMS in the same time zone will keep the time stamps of the log files in sync and reduce confusion. Save the Settings and Login 42 © 2022 Trend Micro Inc. Education Lesson 3: Inspection Device Setup Introduction to Local Security Manager (LSM) Element Management Let’s look at the TippingPoint solution starting at the bottom and building up. First we have the IPS and/or TPS devices. The devices connect to the network and monitor traffic and take action based on the rules created by the administrator. The devices can be managed via the CLI, LSM, or SMS. We will discuss SMS management shortly but for now let’s focus on the CLI and LSM. The CLI is accessed via a Console connection, SSH or Telnet with Telnet being disabled by default. Accessing the device through the CLI requires a keyboard, monitor, and Console cable. The LSM is accessed via HTTP and HTTPS which is the default and is a GUI interface. To do so, open a web browser and point it to the IP address of the IPS and log in. Management for both CLI and Web allows for 1 to 1 management. © 2022 Trend Micro Inc. Education 43 Lesson 3: Inspection Device Setup Login Screen The user can login to the LSM by pointing a browser to the IP address assigned to the IPS using a secured connection. 44 © 2022 Trend Micro Inc. Education Lesson 3: Inspection Device Setup Home Screen The LSM home screen is the landing point for the IPS. It enables the user to navigate the LSM and use its features to manage the IPS. It provides a system summary for things like health, product specifications, packet stats and log summaries. The left widow pane allows the user to manage the device. © 2022 Trend Micro Inc. Education 45 Lesson 3: Inspection Device Setup Health Status and Log Summary Overview of the inspection device. System Log System Log contains Log ID, Log Entry Time, Security Level, Component, and Message Logs can be downloaded, searched and reset Includes information about the software processes that control the device 46 Includes startup, run level, maintenance routines Logs can be downloaded, searched and reset © 2022 Trend Micro Inc. Education Lesson 3: Inspection Device Setup Audit Log The Audit Log tracks user activity that may have security implications, including successful and unsuccessful user attempts. The SuperUser account seen here is the only user with privileges to view, print, reset and download the audit log. The audit log can be backed up to a remote syslog server to meet your data retention policies. Tracks user activity that might have security implications including: User information Access to controlled areas Network configuration Software updates Filter settings Alert and Block Logs The Block log documents packets that trigger filters configured with any action that includes a Block + Notify or Block + Notify + Trace action, including Quarantine and TCP Reset action sets. To maintain a complete history of entries and provide a backup, you can configure the device to send Block Log entries to a remote syslog server from the Notifications Contacts page. © 2022 Trend Micro Inc. Education 47 Lesson 3: Inspection Device Setup Manager User Accounts The Admin page enables you to manage and view the access and usage of a system. Through this page, you can create and maintain user access through accounts and review system logs. Specific levels of access restrict your functions and options within the system. Only super-user level users can access the following: Create and delete user accounts View the audit Modify the idle timeout for access Modify the password expiration time Three Access Levels 48 Superuser: All privileges, including ability to create/edit and view/reset audit log Administrator: Can make configuration changes Operator: View Only © 2022 Trend Micro Inc. Education Lesson 3: Inspection Device Setup Device License Adding license to a device. Flexible License Model All Threat Protection Systems, including the 440T, 2200T, 8200TX, 8400TX as well as our virtual offering, now take advantage of a flexible licensing model. Software, security services and inspection licenses are unbundled from hardware. In addition, licenses can be reassigned across TPS deployments without changing network infrastructure. Customers can easily scale their performance and security requirements with a pay-as-yougrow approach. © 2022 Trend Micro Inc. Education 49 Lesson 3: Inspection Device Setup Attach License Install License Package. Hands-on Labs Lab 3: Device Setup and Configuration Estimated time to complete this lab: 30 minutes 50 © 2022 Trend Micro Inc. Education