McAfee IIP-S41K-NA-100I - IntruShield 4010 Sensor Appliance Скачать руководство пользователя

Страница: 1 / 35

IntruShield Sensor 4000 Product Guide

revision 7.0

McAfee

Network Protection

Industry-leading intrusion prevention solutions

McAfee® IntruShield® IPS

IntruShield Sensor 4000
version 4.1

Содержание IIP-S41K-NA-100I - IntruShield 4010 Sensor Appliance

Страница 1: ...IntruShield Sensor 4000 Product Guide revision 7 0 McAfee Network Protection Industry leading intrusion prevention solutions McAfee IntruShield IPS IntruShield Sensor 4000 version 4 1 ...

Страница 2: ...ware copyrighted by Expat maintainers Software copyrighted by The Regents of the University of California C 1996 1989 1998 2000 Software copyrighted by Gunnar Ritter Software copyrighted by Sun Microsystems Inc 4150 Network Circle Santa Clara California 95054 U S A C 2003 Software copyrighted by Gisle Aas C 1995 2003 Software copyrighted by Michael A Chase C 1999 2000 Software copyrighted by Neil ...

Страница 3: ... restrictions 10 Unpacking the sensor 10 Contents of sensor box 10 Chapter 3 Setting up the I 4000 sensor prior to configuration12 Setup overview 12 Positioning the I 4000 12 Installing the ears on the chassis 12 Mounting the I 4000 sensor in a rack 13 Installing the I 4000 redundant power supply 14 Installing a power supply 14 Removing a power supply 15 Installing GBICs 16 Installing a GBIC 16 Re...

Страница 4: ... for in line mode 22 Cabling for Tap mode 22 Cabling I 4000 GBIC ports in external Tap mode 22 Cabling for SPAN mode 23 Cabling the I 4000 sensor to monitor in SPAN or hub mode 23 Cabling the failover interconnection ports 23 Index 26 iv ...

Страница 5: ... Learn more about McAfee IntruShield components Learn how to get started Learn about the Home page and interaction with the Manager interface About this guide This guide provides all the information that you would require about the I 4000 sensor It uses real life pictures of sensors and easy to understand steps to help right from unpacking the sensor to deploying the sensor in your production envi...

Страница 6: ...on Example Terms that identify fields buttons tabs options selections and commands on the User Interface UI are shown in Arial Narrow bold font The Service field on the Properties tab specifies the name of the requested service Menu or action group selections are indicated using a right angle bracket Select My Company Admin Domain View Details Procedures are presented as a series of numbered steps...

Страница 7: ...ick Reference Card for more information on these guides IntruShield Manager Installation Guide IntruShield Getting Started Guide IntruShield 3 1 to 4 1 Upgrade Guide IntruShield Quick Tour IntruShield Planning Deployment Guide IntruShield Sensor 1200 Product Guide IntruShield Sensor 1400 Product Guide IntruShield Sensor 2600 Product Guide IntruShield Sensor 2700 Product Guide IntruShield Sensor 30...

Страница 8: ...ered customers can obtain up to date documentation technical bulletins and quick tips on McAfee s 24x7 comprehensive KnowledgeBase In addition customers can also resolve technical issues with the online case submit software downloads and signature updates Phone Technical Support is available 7 00 A M to 5 00 P M PST Monday Friday Extended 24x7 Technical Support is available for customers with Gold...

Страница 9: ...er ISM server The process of configuring a sensor and establishing communication with the ISM is described in later chapters of this guide The ISM server is described in detail in IntruShield Security Manager Getting Started Guide Sensor functionality The primary function of an IntruShield sensor is to analyze traffic on selected network segments and to respond when an attack is detected The senso...

Страница 10: ...upport two full duplex Ethernet segments or four SPAN ports transmitting no more than 2 Gbps for up to 2 Gbps of aggregated traffic Ports on the I 4000 The I 4000 is a 2RU unit and is equipped with the following ports Figure 1 The I 4000 sensor Name Description 1 Management port 2 Console port 3 Auxiliary port 4 GBIC monitoring ports or Failover interconnection ports 2A and 2B only 5 Response port...

Страница 11: ...is used for two purposes It is used to control optional fail open hardware as described in the Gigabit Optical Fail Open Bypass Kit Guide It is also used in troubleshooting situations where the sensor s internal flash is corrupted and you must reboot the sensor via the external compact flash For more information see the on line KnowledgeBase at Mcafee Support Site https mysupport mcafee com 7 Powe...

Страница 12: ...oting Fan OK Green Off All three fans are operating Indicates one or more fans have failed Fan 1 Off Amber Fan 1 is operating Fan 1 is not operating Fan 2 Off Amber Fan 2 is operating Fan 2 is not operating Fan 3 Off Amber Fan 3 is operating Fan 3 is not operating Temp Green Amber Inlet air temperature measured inside chassis is normal Chassis temperature OK Inlet air temperature measured inside c...

Страница 13: ...eld IPS 4 1 An introduction to IntruShield sensors IntruShield Sensor 4000 Product Guide The IntruShield 4000 sensor LED Status Description Response Port Link Green Off The link is connected The link is disconnected 5 ...

Страница 14: ...or Specifications Description Dimensions Without mounting ears cable management width 17 44 in 43 30 cm height 3 44 in 8 74 cm depth 23 00 in 58 42 cm With mounting ears cable management width 18 94 in 48 11 cm height 3 44 in 8 74 cm depth 24 00 in 60 96 cm Dimensions do not include cables or power cords Weight 38 lb 17 25 kg Voltage Range 100 240 VAC Frequency 50 60 Hz Vibration operating 5 to 20...

Страница 15: ...s required for transmission speeds up to 1 Gigabit per second Gigabit Ethernet For Ethernet networks running at 10 or 100 Mbps Category 5 Cat 5 OR Cat 5e cable can be used Note Throughout this guide cabling specifications will be mentioned as Cat 5 Cat 5e Sensor capacity for I 4000 sensor The following table lists the sensor limitations by category Maximum Type I 4000 Concurrent connections 1 000 ...

Страница 16: ...ustering interface grouping is used and port level ACL rules are configured the number of ACL rules utilized for each port cluster level ACL will be different based on the participant port types of the cluster One ACL rule will be consumed per each inline port pair member and one ACL rule will be consumed per each SPAN port member of the port cluster Examples Computing the effective ACL rule utili...

Страница 17: ...the outer shell of the sensor Doing so will invalidate your warranty Do not operate the system unless all cards faceplates front covers and rear covers are in place Blank faceplates and cover panels prevent exposure to hazardous voltages and currents inside the chassis contain electromagnetic interference EMI that might disrupt other equipment and direct the flow of cooling air through the chassis...

Страница 18: ...r appliance is not a general purpose workstation McAfee prohibits the use of the sensor appliance for anything other than operating the IntruShield IPS McAfee prohibits the modification or installation of any hardware or software in the sensor appliance that is not part of the normal operation of the IntruShield IPS Unpacking the sensor To unpack the sensor 1 Place the sensor box as close to the i...

Страница 19: ... 4000 Product Guide Unpacking the sensor one power cord McAfee provides a standard 2m NEMA 5 15P US power cable 3 wire International customers must procure a country appropriate power cable one set of rack mounting ears one printed Quick Start Guide Release Notes 11 ...

Страница 20: ... you can proceed with configuration Positioning the I 4000 Place the sensor in a physically secure location close to the switches or routers it will be monitoring Ideally the sensor should be located within a standard communications rack The I 4000 is a 2RU 2 rack unit To mount the sensor in a rack you will attach two mounting ears to the sensor then mount the ears to the rack The sensor ears atta...

Страница 21: ...the I 4000 sensor in a rack McAfee recommends rack mounting your sensors The rack mounting hardware included with the sensors is suitable for most 19 inch equipment racks and telco type racks For maintenance purposes you should have access to the front and rear of the sensor Caution Before you mount the sensor in the rack make sure that power is OFF Remove the power cable and all network interface...

Страница 22: ...wer supply A basic configuration of the I 4000 includes one hot swappable power supply You may install a second hot swappable power supply purchased separately from McAfee for redundancy Each of these modules has one handle for insertion or extraction from the unit and a fastening screw Installing a power supply To install a power supply in the I 4000 1 Unpack the power supply from its shipping ca...

Страница 23: ... For optimal protection use uninterrupted power sources Removing a power supply To remove a power supply from the I 4000 Optional the power supplies are hot swappable 1 Unplug the power cable from its power source and remove the power cable from the power supply 2 Put on an antistatic wrist or ankle strap Attach the strap to a bare metal surface of the chassis 3 Unscrew the screws connecting the m...

Страница 24: ... uses two clips for securing the GBIC in place in the sensor Your GBIC may be slightly different Check the manufacturer s installation instructions for more details Installing a GBIC To install a GBIC that has clips follow these steps 1 Remove the GBIC from its protective packaging 2 Ensure the GBIC is the correct model for your network 3 Grip the sides of the GBIC with your thumb and forefinger a...

Страница 25: ...nse console and management ports on your sensor Powering on the I 4000 Do not attempt to power on the sensor until you have installed the sensor in a rack made all necessary network connections and connected the power cable to the power supply 1 Connect the power cable to the sensor power supply 2 Connect the power cable to a power source Note If you are installing a redundant power supply you sho...

Страница 26: ...nsor for example a PC running correctly configured Windows HyperTerminal software You must connect directly to the console for initial configuration Required settings for HyperTerminal are Name Setting Baud rate 9600 Number of bits 8 Parity None Stop bits 1 Flow Control None 3 Power on the sensor Cabling the Auxiliary port The Auxiliary Aux port is used for modem access to the sensor for setup and...

Страница 27: ...o a network device 1 Plug a Cat 5 Cat 5e cable into the Response port labeled Rx on the sensor front panel 2 Connect the other end of the cable to the network device for example hub switch router through which you want to respond to attacks Cabling the Management port The Management Mgmt port is used for communication with the ISM server To connect the sensor to the ISM server 1 Plug a Cat 5 Cat 5...

Страница 28: ...ne mode on page 22 In line mode fail open Using fail open hardware on page 24 External tap mode Cabling I 4000 GBIC s ports in external Tap mode on page 22 SPAN or Hub mode Cabling the I 4000 sensor to monitor in SPAN or hub mode Failover Cabling I 4000 sensors for failover on page 23 Using peer ports for I 4000 All full duplex sensor deployment modes require the use of two peer monitoring ports o...

Страница 29: ...e to connect a router port to 10 100 Monitoring ports Use a straight through Ethernet RJ45 cable to connect a switch hub port to 10 100 Monitoring ports Use a crossover Ethernet RJ45 cable to connect a router port to PC to the sensor Management port Note You should also use a crossover Ethernet RJ45 cable to connect a PC to the sensor monitoring port Using fail open hardware The GE ports on the I ...

Страница 30: ...cable to the network devices that you want to monitor For example if you plan to monitor traffic between a switch and a router connect the cable connected to 1A to the switch and the one connected to 1B to the router Cabling for Tap mode Cabling I 4000 GBIC ports in external Tap mode The I 4000 sensor s GBIC ports must be used with a 3rd party external tap Note For a list of approved 3rd party ven...

Страница 31: ...Note See Cable types for routers switches hubs and PCs on page 21 to determine which cable type to use with which type of network device Cabling the failover interconnection ports Failover requires connecting two identical I 4000 sensors same model same software via an interconnection cable or cables Note The Sensor can be configured to run in in line or SPAN TAP mode TCP reset is not supported wh...

Страница 32: ...me Fail open operation for GE ports requires the use of the optional external Bypass Switch provided in the Kit With the Bypass Switch in place normal sensor operation supplies power to the switch via a control cable While the sensor is operating the switch is on and routes all traffic directly through the sensor When the sensor fails the switch automatically shifts to a bypass state in line traff...

Страница 33: ...he sensor and each of the peer devices are renegotiated to place the sensor back in in line mode This outage again varies depending on the device and can range from a few seconds to more than a minute Installation and troubleshooting instructions for the Kit can be found in the Quick Guide that accompanies the kit For more information on the Optical kit see Gigabit Optical Fail Open Bypass Kit Gui...

Страница 34: ...he console port 19 cabling the sensors for failover 24 chasis 13 Compact Flash port 2 connecting to sensor 20 console port 2 D describing an IntruShield sensor 1 dongles 24 F fail open functionality 24 failover 24 fan LED 4 flash LED 4 front panel LEDs 4 G GBIC Monitoring ports 2 H heat requirements 7 I in line mode deployment 23 installing GBICs 17 L LED description 4 link LED 4 M management port...

Страница 35: ...T tap mode 23 Temp LED 4 U using fail open hardware 25 ...

Результаты поиска

Содержание IIP-S41K-NA-100I - IntruShield 4010 Sensor Appliance

Отзывы:

Похожие инструкции для IIP-S41K-NA-100I - IntruShield 4010 Sensor Appliance

Бренды по названию

Популярные бренды

McAfee IIP-S41K-NA-100I - IntruShield 4010 Sensor Appliance, Руководство по эксплуатации продукта

Результаты поиска

Содержание IIP-S41K-NA-100I - IntruShield 4010 Sensor Appliance

Отзывы:

Похожие инструкции для IIP-S41K-NA-100I - IntruShield 4010 Sensor Appliance

Бренды по названию

Популярные бренды