IBM Proventia G, Mntc Podręcznik Użytkownika

®G and GX Appliances User Guide

Preface10Getting Technical SupportIntroduction ISS provides technical support through its Web site and by email or telephone. The ISS Web site The Int

Chapter 9: Configuring Other Intrusion Prevention Settings100User-Defined Event ContextsIntroduction When you create a user-defined event signature, y

User-Defined Event Contexts101Proventia Network IPS G and GX Appliance User GuideEmail_Sender contextUse the Email_Sender context to monitor incoming

Chapter 9: Configuring Other Intrusion Prevention Settings102News_Group contextUse the News_Group context to monitor the names of news groups that peo

User-Defined Event Contexts103Proventia Network IPS G and GX Appliance User GuideSNMP_Community contextUse the SNMP_Community context to monitor the u

Chapter 9: Configuring Other Intrusion Prevention Settings104You could also use this context to generically search whether employees using computers t

Regular Expressions in User-Defined Events105Proventia Network IPS G and GX Appliance User GuideRegular Expressions in User-Defined EventsIntroduction

Chapter 9: Configuring Other Intrusion Prevention Settings106\xhhh matches the specified hexidecimal character code. matches any character except newl

Viewing User Defined Event Information107Proventia Network IPS G and GX Appliance User GuideViewing User Defined Event InformationIntroduction The Use

Chapter 9: Configuring Other Intrusion Prevention Settings108Configuring OpenSignatureIntroduction OpenSignature (formerly Trons) uses a flexible rule

Configuring OpenSignature109Proventia Network IPS G and GX Appliance User GuideEnabling the OpenSignature ParserTo enable the OpenSignature Parser:1.

Getting Technical Support11Proventia Network IPS G and GX Appliance User GuideEurope, Middle East, and [email protected](44) (1753) 845105Asia-Pac

Chapter 9: Configuring Other Intrusion Prevention Settings110Configuring Global Tuning ParametersIntroduction Global tuning parameters affect intrusio

Configuring Global Tuning Parameters111Proventia Network IPS G and GX Appliance User GuideAdding tuning parametersTo ad d tun ing p ara met e rs :1. S

Chapter 9: Configuring Other Intrusion Prevention Settings112Configuring X-Force Default BlockingIntroduction When you use X-Force Default Blocking, t

113Proventia Network IPS G and GX Appliance User GuideChapter 10Configuring Firewall SettingsOverview Introduction Using rule statements, you can conf

Chapter 10: Configuring Firewall Settings114Configuring Firewall RulesIntroduction You can add firewall rules to block unwanted traffic before they en

Configuring Firewall Rules115Proventia Network IPS G and GX Appliance User GuideFirewall rules and actionsThe firewall supports several different acti

Chapter 10: Configuring Firewall Settings1167. Click OK.8. Save your changes.Changing the order of firewall rulesTo change the order of firewall rules

Firewall Rules Language117Proventia Network IPS G and GX Appliance User GuideFirewall Rules LanguageIntroduction A firewall rule consists of several s

Chapter 10: Configuring Firewall Settings118type. The fifth statement is a combination of the first and second statements. The sixth statement is a co

Firewall Rules Language119Proventia Network IPS G and GX Appliance User GuideIPv4 address expression examplesThe <n> can be either hex or decima

Preface12

Chapter 10: Configuring Firewall Settings120Tuning Firewall LoggingIntroduction Using Local Advanced Parameters, you can tune the way firewall logging

121Proventia Network IPS G and GX Appliance User GuideChapter 11Configuring Local Tuning ParametersOverview Introduction Local tuning parameters affec

Chapter 11: Configuring Local Tuning Parameters122Configuring AlertsIntroduction You can configure alert messages that notify you about appliance-rela

Configuring Alerts123Proventia Network IPS G and GX Appliance User GuideProcedure To configure an alert:1. Select Local Tuning Parameters.2. Select th

Chapter 11: Configuring Local Tuning Parameters1248. Save your changes.Configure Email Click Add, and then specify the following:• Name. Type a meanin

Managing Network Adapter Cards125Proventia Network IPS G and GX Appliance User GuideManaging Network Adapter CardsIntroduction You can view and manage

Chapter 11: Configuring Local Tuning Parameters1266. For the Port/Duplex Speed Settings, select the method the network adapter should use to determine

Managing Network Adapter Cards127Proventia Network IPS G and GX Appliance User Guide9. In the Adapter Mode (Non HA) list, select the appliance mode.Im

Chapter 11: Configuring Local Tuning Parameters128Managing the Alert QueueIntroduction The appliance uses a queue file named SensorEventQueue.adf to s

Configuring Advanced Parameters129Proventia Network IPS G and GX Appliance User GuideConfiguring Advanced ParametersIntroduction You can use the Advan

13Proventia Network IPS G and GX Appliance User GuideChapter 1Introducing the Proventia Network Intrusion Prevention SystemOverviewIntroduction This c

Chapter 11: Configuring Local Tuning Parameters130engine.adapter.low-water.default number 1 The minimum number of packets per traffic sampling interva

Configuring Advanced Parameters131Proventia Network IPS G and GX Appliance User Guidenp.drop.rogue.tcp.packets string false Determines whether to bloc

Chapter 11: Configuring Local Tuning Parameters132Adding advanced parameters To add advanced parameters:1. Select Local Tuning Parameters.2. Select th

Configuring TCPReset133Proventia Network IPS G and GX Appliance User GuideConfiguring TCPResetIntroduction You can use the appliance to monitor (read-

Chapter 11: Configuring Local Tuning Parameters134Increasing Maximum Network Frame SizeIntroduction By default, the Proventia Network IPS GX5000 serie

135Proventia Network IPS G and GX Appliance User GuideChapter 12Managing System SettingsOverview Introduction This chapter explains how to view system

Chapter 12: Managing System Settings136Viewing System StatusIntroduction Review system status information occasionally to ensure the appliance is not

Managing Log Files137Proventia Network IPS G and GX Appliance User GuideManaging Log FilesIntroduction The Log Files page in Proventia Manager display

Chapter 12: Managing System Settings138Working with System ToolsIntroduction Use the System Tools page to perform basic system tasks, such as the foll

Configuring User Access139Proventia Network IPS G and GX Appliance User GuideConfiguring User AccessIntroduction You can change the following password

Chapter 1: Introducing the Proventia Network Intrusion Prevention System14Intrusion PreventionIntroduction The Proventia Network Intrusion Prevention

Chapter 12: Managing System Settings140Installing and Viewing Current LicensesIntroduction The appliance must have a valid license key to apply update

141Proventia Network IPS G and GX Appliance User GuideChapter 13Viewing Alerts and System InformationIntroduction This chapter describes how to view s

Chapter 13: Viewing Alerts and System Information142Viewing AlertsIntroduction Use the Alerts page in Proventia Manager to view and manage system- and

Viewing Alerts143Proventia Network IPS G and GX Appliance User Guide2. To view an alert's details, click the Alert Name.Tip: To view the previous

Chapter 13: Viewing Alerts and System Information144Saving the alerts listTo save the alerts list:1. Do one of the following: Click the Alerts button

Managing Saved Alert Files145Proventia Network IPS G and GX Appliance User GuideManaging Saved Alert FilesIntroduction Use the Log File Management pag

Chapter 13: Viewing Alerts and System Information146Viewing Notifications StatusIntroduction The Notifications Status area provides valuable informati

Viewing Statistics147Proventia Network IPS G and GX Appliance User GuideViewing StatisticsIntroduction Use the Statistics page to view the statistics

Chapter 13: Viewing Alerts and System Information148Unanalyzed Packets The number of packets forwarded or dropped without analysis since the adapter i

149Proventia Network IPS G and GX Appliance User Guide Indexaadapter clause 117adapter modesinline protection 17inline simulation 17network adapter ca

Intrusion Prevention15Proventia Network IPS G and GX Appliance User Guide● Firewall rulesYou can create firewall rules that enable the appliance to bl

Index150cconnection events 93contextsDNS_Query 100conventions, typographicalin commands 9in procedures 9in this manual 9CPU usage 136ddate/time 22DNSp

Index151Proventia Network IPS G and GX Appliance User Guide high availability (HA) (cont’d)network adapter cards 125, 127overview 36primary/secondary

Index152network time protocol (NTP) 26News_Group context 102notifications 146oOpenSignature 108parser 109risks 108syntax 108ppacket analysis statistic

Index153Proventia Network IPS G and GX Appliance User Guide responses 68Block 68email 69Ignore 68log evidence 71quarantine 72response objects 68SNM P

Index154traffic processesdrop 126forward 126transmitted packets 147trap receivers 27tuning parametersglobal 110typographical conventions 9uUDP tracero

Internet Security Systems, Inc., an IBM Company Software License AgreementBY INSTALLING, ACTIVATING, COPYING OR OTHERWISE USING THIS SOFTWARE PRODUCT,

ANY OTHER PERSON FOR DAMAGES, DIRECT OR INDIRECT, OF ANY NATURE, OR EXPENSES INCURRED BY LICENSEE. LICENSEE'S SOLE AND EXCLUSIVE REMEDY SHALL BE

injury, or severe physical or property damage. ISS disclaims any implied warranty of fitness for High Risk Use. Licensee accepts the risk associated

Chapter 1: Introducing the Proventia Network Intrusion Prevention System16Management FeaturesOverview You can create and deploy security policies, man

Appliance Adapter Modes17Proventia Network IPS G and GX Appliance User GuideAppliance Adapter ModesIntroduction The inline appliances include three ad

Chapter 1: Introducing the Proventia Network Intrusion Prevention System18High Availability ModesIntroduction The Proventia Network IPS High Availabil

19Proventia Network IPS G and GX Appliance User GuideChapter 2Configuring Appliance SettingsOverview Introduction This chapter describes how to use Pr

IBM Internet Security Systems, Inc.6303 Barfield RoadAtlanta, Georgia 30328-4233United States(404) 236-2600http://www.iss.net Copyright © 2003, 2007 I

Chapter 2: Configuring Appliance Settings20Configuration Settings ChecklistIntroduction Using Proventia Setup, you can configure basic network setting

Using Proventia Setup21Proventia Network IPS G and GX Appliance User GuideUsing Proventia Setup Introduction If you want to configure the appliance fr

Chapter 2: Configuring Appliance Settings225. Follow the on-screen instructions. The following table describes the required information.Information De

Using Proventia Setup23Proventia Network IPS G and GX Appliance User GuideWhen you have entered all the information, the appliance applies the setting

Chapter 2: Configuring Appliance Settings24Configuring Other Appliance SettingsIntroduction Through the Configuration Menu, you can view or edit the a

Configuring Other Appliance Settings25Proventia Network IPS G and GX Appliance User GuideAppliance managementFrom the Appliance Management Menu, you c

Chapter 2: Configuring Appliance Settings26Network configurationFrom the Network Configuration Menu, you can perform the following tasks:Time configur

Configuring Other Appliance Settings27Proventia Network IPS G and GX Appliance User GuidePassword managementFrom the Password Management Menu, you can

Chapter 2: Configuring Appliance Settings28Reinstalling Appliance FirmwareIntroduction The Recovery CD included in the appliance packaging contains th

Reinstalling Appliance Firmware29Proventia Network IPS G and GX Appliance User GuidePreparing to reinstall firmwareBefore you reinstall the appliance

3Proventia Network IPS G and GX Appliance User GuideContentsPreface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Chapter 2: Configuring Appliance Settings30Caution for GX6000-series appliancesDo not turn the appliance off or remove power from the appliance at any

Reinstalling Appliance Firmware31Proventia Network IPS G and GX Appliance User Guide5. Press the L key.The following message appears:Internet Security

Chapter 2: Configuring Appliance Settings32Reconfiguring the applianceTo reconfigure the appliance after you reinstall the software, follow the setup

33Proventia Network IPS G and GX Appliance User GuideChapter 3Configuring Appliances for High AvailabilityOverviewIntroduction This chapter explains h

Chapter 3: Configuring Appliances for High Availability34About High AvailabilityIntroduction The Proventia Network Intrusion Prevention System (IPS) H

About High Availability35Proventia Network IPS G and GX Appliance User GuideNote: If you run Proventia Setup when the HA feature is enabled, you canno

Chapter 3: Configuring Appliances for High Availability36High Availability Configuration OverviewIntroduction Review the information in “High Availabi

High Availability Deployment37Proventia Network IPS G and GX Appliance User GuideHigh Availability DeploymentIntroduction This topic describes typical

Chapter 3: Configuring Appliances for High Availability38Physical HA network diagramA physical network diagram of a typical HA deployment scenario is

39Proventia Network IPS G and GX Appliance User Guide Chapter 4Using Proventia ManagerOverview Introduction This chapter describes how to use the loca

4ContentsChapter 7: Configuring Responses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67Overview . . . . . . . .

Chapter 4: Using Proventia Manager40Completing the ConfigurationIntroduction After you have installed and configured the appliance, you can log in to

Completing the Configuration41Proventia Network IPS G and GX Appliance User Guide applied the settings4. Prior to using the appliance, you must inst

Chapter 4: Using Proventia Manager42Accessing Proventia ManagerIntroduction Proventia Manager is the Web-based management interface for the appliance.

Navigating Proventia Manager43Proventia Network IPS G and GX Appliance User Guide Navigating Proventia ManagerIntroduction If you are planning to use

Chapter 4: Using Proventia Manager44About icons The following table describes icons that appear in Proventia Manager as you work:System In the System

Navigating Proventia Manager45Proventia Network IPS G and GX Appliance User Guide About saving changesEach time you navigate from one location to anot

Chapter 4: Using Proventia Manager46Installing the License FileIntroduction Proventia Network IPS appliances require a properly configured license fil

Working with Proventia Manager47Proventia Network IPS G and GX Appliance User Guide Working with Proventia ManagerIntroduction When you open Proventia

Chapter 4: Using Proventia Manager48Viewing important messagesThe Home page displays important messages about licensing and updates. If you have not c

49Proventia Network IPS G and GX Appliance User Guide Chapter 5Updating the ApplianceOverview Introduction This chapter describes how to update the ap

Contents5Proventia Network IPS G and GX Appliance User GuideChapter 13: Viewing Alerts and System Information . . . . . . . . . . . . . . . . . . . .

Chapter 5: Updating the Appliance50Updating the ApplianceIntroduction Ensure the appliance is always running the latest firmware and intrusion prevent

Updating the Appliance51Proventia Network IPS G and GX Appliance User Guide Consider using the X-Press Update Server under the following conditions:●

Chapter 5: Updating the Appliance52Updating the Appliance AutomaticallyIntroduction Use the Update Settings page to configure the appliance to automat

Updating the Appliance Automatically53Proventia Network IPS G and GX Appliance User Guide Procedure To update the appliance automatically:1. On the Up

Chapter 5: Updating the Appliance54Updating the Appliance ManuallyIntroduction You can update the appliance manually in either of the following circum

Using Update Tools55Proventia Network IPS G and GX Appliance User Guide Using Update ToolsIntroduction Use the Update Tools page to find updates or to

Chapter 5: Updating the Appliance56Using Advanced Parameters to Tune Update SettingsIntroduction Use the Advanced Parameters tab on the Update Setting

Using Advanced Parameters to Tune Update Settings57Proventia Network IPS G and GX Appliance User Guide Adding advanced parametersTo add advanced param

Chapter 5: Updating the Appliance58Working with advanced parametersTo edit, copy, or remove update advanced parameters:1. Select Update Settings.2. Se

59Proventia Network IPS G and GX Appliance User GuideChapter 6Managing the Appliance through SiteProtectorOverview Introduction This chapter describes

6Contents

Chapter 6: Managing the Appliance through SiteProtector60Managing with SiteProtectorIntroduction SiteProtector is the IBM ISS management console. With

Managing with SiteProtector61Proventia Network IPS G and GX Appliance User Guide When the Agent Manager receives the heartbeat, it places the applianc

Chapter 6: Managing the Appliance through SiteProtector62Configuring SiteProtector ManagementIntroduction Enabling SiteProtector management automatica

Configuring SiteProtector Management63Proventia Network IPS G and GX Appliance User Guide 3. Click Save Changes.4. Add the Agent Manager(s) with which

Chapter 6: Managing the Appliance through SiteProtector64Verifying successful registrationTo verify that the appliance registered successfully with Si

Navigating SiteProtector65Proventia Network IPS G and GX Appliance User Guide Navigating SiteProtectorIntroduction If you are planning to use SiteProt

Chapter 6: Managing the Appliance through SiteProtector66Opening an IPS policy in SiteProtectorTo open an IPS policy in SiteProtector:1. In the SitePr

67Proventia Network IPS G and GX Appliance User Guide Chapter 7Configuring ResponsesOverview Introduction This chapter describes how to configure resp

Chapter 7: Configuring Responses68About ResponsesIntroduction Your response policy controls how the appliance responds when it detects intrusions or o

Configuring Email Responses69Proventia Network IPS G and GX Appliance User GuideConfiguring Email ResponsesIntroduction You can configure email notifi

7Proventia Network IPS G and GX Appliance User GuidePrefaceOverviewPurpose This guide is designed to help you create and maintain policies for your Pr

Chapter 7: Configuring Responses70Working with email responsesTo edit, copy, or remove email responses:1. Do one of the following: In Proventia Manag

Configuring the Log Evidence Response71Proventia Network IPS G and GX Appliance User GuideConfiguring the Log Evidence ResponseIntroduction You can co

Chapter 7: Configuring Responses72Configuring Quarantine ResponsesIntroduction You can create quarantine responses that block intruders when the appli

Configuring SNMP Responses73Proventia Network IPS G and GX Appliance User GuideConfiguring SNMP ResponsesIntroduction You can configure Simple Network

Chapter 7: Configuring Responses74Working with SNMP responsesTo edit, copy, or remove SNMP responses:1. Do one of the following: In Proventia Manager

Configuring User Specified Responses75Proventia Network IPS G and GX Appliance User GuideConfiguring User Specified ResponsesIntroduction You can conf

Chapter 7: Configuring Responses763. Do one of the following:4. Save your changes.If you want to... Then...Edit Tip: You can edit some properties dire

77Proventia Network IPS G and GX Appliance User GuideChapter 8Working with Security EventsOverview Introduction This chapter describes how to configur

Chapter 8: Working with Security Events78Configuring Protection DomainsIntroduction Protection domains let you define security policies for different

Configuring Protection Domains79Proventia Network IPS G and GX Appliance User Guide3. Click OK.4. Save your changes.Working with protection domainsTo

Preface8About Proventia Appliance DocumentationIntroduction This guide explains how to configure intrusion prevention, firewall settings, and other po

Chapter 8: Working with Security Events80Configuring Security EventsIntroduction The Security Events page lists hundreds of attacks, audits, and secur

Configuring Security Events81Proventia Network IPS G and GX Appliance User Guide4. Click OK.5. Save your changes.Display Select how you want to displa

Chapter 8: Working with Security Events82Working with security eventsTo edit, copy, or remove security events:1. Select Security Events.2. Select the

Assigning Multiple Security Events to a Protection Domain83Proventia Network IPS G and GX Appliance User GuideAssigning Multiple Security Events to a

Chapter 8: Working with Security Events84Viewing Security Event InformationIntroduction The Security Events tab lists hundreds of attacks, audits, and

Viewing Security Event Information85Proventia Network IPS G and GX Appliance User Guide5. Click OK.6. Collapse or expand the groups on the Security Ev

Chapter 8: Working with Security Events86Configuring Response FiltersIntroduction A response filter lets you refine the security policy by controlling

Configuring Response Filters87Proventia Network IPS G and GX Appliance User Guide4. Complete or change the settings as indicated in the following tabl

Chapter 8: Working with Security Events885. Complete the following IP Address and Port settings as indicated in the following table.6. Click OK.7. Sav

Configuring Response Filters89Proventia Network IPS G and GX Appliance User GuideChanging the order of response filtersTo change the order of response

Conventions Used in this Guide9Proventia Network IPS G and GX Appliance User GuideConventions Used in this GuideIntroduction This topic explains the t

Chapter 8: Working with Security Events90Viewing Response Filter InformationIntroduction The Response Filters tab lists response filters you have defi

91Proventia Network IPS G and GX Appliance User GuideChapter 9Configuring Other Intrusion Prevention SettingsOverview Introduction This chapter descri

Chapter 9: Configuring Other Intrusion Prevention Settings92Managing Quarantined IntrusionsIntroduction The Quarantined Intrusions page shows quaranti

Configuring Connection Events93Proventia Network IPS G and GX Appliance User GuideConfiguring Connection EventsIntroduction Connection events are user

Chapter 9: Configuring Other Intrusion Prevention Settings943. As needed, complete the following IP Address and Port settings as indicated in the foll

Configuring Connection Events95Proventia Network IPS G and GX Appliance User Guide4. As needed, complete the following Response settings as indicated

Chapter 9: Configuring Other Intrusion Prevention Settings96

Configuring User-Defined Events97Proventia Network IPS G and GX Appliance User GuideConfiguring User-Defined EventsIntroduction Enabled events in a po

Chapter 9: Configuring Other Intrusion Prevention Settings983. Click OK.The event appears at the bottom of the list.4. Save your changes.Context Selec

Configuring User-Defined Events99Proventia Network IPS G and GX Appliance User GuideWorking with user-defined eventsTo edit, copy, or remove user-defi