Norman NetworkProtection Скачать руководство пользователя страница 72

Страница: 72 / 79

Norman Network Protection

Administrator Guide

Appendix B: Using theNetwork Protection console | Command line configuration

cluster bind

Binds the network interface used for cluster data replication.

:> cluster bind eth1

CMD:0 CON:0 0 20100716121721 Bound adapter [idx:3] as CLUSTER

device

cluster disable

Disables cluster support. This will set the operation mode to block and stop listening and replicating

cluster configuration and state. Operation is set to block to avoid multiple network outages due to mul-

tiple nodes being master.

:> cluster disable

CLUSTER:0 CON:0 1 20100716122011 disabling cluster support,

changing opmode to block

cluster enable

Enables cluster support. This will set the operation mode to block and start listening and replicating

cluster configuration and state. Operation is set to block to avoid multiple network outages due to mul-

tiple nodes being master.

cluster enable will fail with an error message if the cluster is not fully configured.

:> cluster enable

CLUSTER:0 CON:0 1 20100716122011 enabling cluster support,

changing opmode to block

cluster failover

Failover master node to another node in the cluster. This command needs to be executed on the cur-

rent master node.

cluster failover will fail if the new node is unavailable.

:> cluster failover 2

CLUSTER:0 CON:-1 0 20100716132104 failing over to new master

node 2

CLUSTER:0 CON:-1 0 20100716132104 demoting current node 1

CLUSTER:0 CON:-1 1 20100716132104 unset cluster master, wait-

ing for new master

CLUSTER:0 CON:-1 1 20100716132106 changed cluster master node

from 0 to 2

cluster info

Display cluster state and configuration.

:> cluster info

cluster set

Configures cluster parameters.

Содержание NetworkProtection

Страница 1: ...Antivirus Norman SandBox Reports statistics Appliance Administrator Guide version 4 2...

Страница 2: ...t be liable for loss of profits or other commercial damage including but not limited to incidental or consequential damages This warranty expires 30 days after purchase The information in this documen...

Страница 3: ...77 Nonoperative functions 78 System requirements 4 Obtaining Norman Network Protection 4 About this guide 4 Help and support 4 Introduction 5 Network virus protection 5 The Norman approach 5 Norman Ne...

Страница 4: ...t We strongly recommend that you read this guide thoroughly before installing Norman Network Protection and that you use it as reference during installation In this guide you will find instructions on...

Страница 5: ...g a proxy server to scan incoming streams is that the entire stream must be gathered before it is scanned Only when the entire data stream has been scanned and established free of malicious code it is...

Страница 6: ...ittle assistance to keep it in order once it is up and running Since Network Protection works on packet level the system has full control over the network flow What is Norman Network Protection Norman...

Страница 7: ...rver By placing the Network Protection server between the gateway and the LAN as shown in Figure 2 it protects the entire LAN from malicious code entering from the Internet Figure 2 Protecting a small...

Страница 8: ...traffic Traffic on unsupported protocols pass through unhindered Currently supported protocols are HTTP Normal web content traffic including web mail SMTP Outgoing email traffic POP3 Incoming email tr...

Страница 9: ...Decompression Network Protection can decompress packets representing files compressed in a number of dif ferent formats before scanning the content The following compressed file formats are supported...

Страница 10: ...ioned IP address For easier deployment you can plan your IP address hostname etc before you start the installation Network Planning Worksheet Host name Network Protection Primary IP address Default Ga...

Страница 11: ...inistrator Guide Installation Configuration Figure 4 Starting the installation by selecting an option 4 Checking installation archives The installer will check the integrity of the installation archiv...

Страница 12: ...rman Network Protection Administrator Guide Installation Configuration 5 Select your keyboard layout and click Next Figure 6 Select keyboard layout 6 Select your time zone by choosing continent and th...

Страница 13: ...r desired password The password is the same for both the web based admin interface and the Linux console so store it in a safe place Figure 8 Enter and confirm the root password 8 Admin interface setu...

Страница 14: ...ator Guide Installation Configuration Figure 9 Admin interface setup The optimal configuration is to use the eth0 as Admin interface and the eth2 and eth3 as Bridge interfaces 9 Installing files from...

Страница 15: ...ed in the next chapter Completing the web based Setup Wizard IMPORTANT Do not power up the appliance before connecting it to the network 1 Connect only the Admin interface to the appropriate switch in...

Страница 17: ...2 168 0 0 See also page 53 Figure 6 Setup Wizard Remote Access Note IP address 0 0 0 0 0 0 0 0 is default and will provide access to all IP addresses Please remove this entry only after other IP addre...

Страница 18: ...or malware Bypass No traffic will be scanned This option allows all traffic to be transferred through Network Protection without being scanned Using this option will result in no traffic or incident s...

Страница 19: ...e scan settings later See Scanner settings on page 38 Figure 10 Setup Wizard Protocols The MSN and BitTorrent protocols will support the Block and Bypass options in this version Additional scan modes...

Страница 20: ...elected and a computer creates a connection to a Citrix server this will not be visible in the log because the ICA protocol is not supported for scan Purge logs older than Provides an option to delete...

Страница 21: ...ge on a reachable web server Provides for example the option of redirecting users to a HTML page on an internal web serv er This enables you to create a very specific HTML page where the design layout...

Страница 22: ...lected to delete an existing address SMTP server settings SMTP server address Enter the server name or the IP address for the email server to receive the SMTP mes sage Note If you type in the SMTP ser...

Страница 23: ...date See also page 55 and onwards Figure 14 Setup Wizard Update Update manually NIU will never run All updates must be done manually with the Update now option Automatic update at set intervals Updat...

Страница 24: ...ion Administrator Guide Setup wizard 10 Reviewing the configuration Once the setup wizard is completed Norman Network Protection is ready for use The Setup Wizard s final dialog presents a summary of...

Страница 25: ...ll settings for the Network Protection application Figure 16 Home page The home page provides an immediate status of the five most recent malware incidents and displays detailed information about your...

Страница 26: ...erface is divided into two main sectors On the left hand side menus with expandable submenus are available On the right hand side the options within selected menu or submenu are presented Some screens...

Страница 27: ...ective IP addresses NICs are displayed by their known Linux device name for example eth0 the NIC manufacturer s name and model in which mode NNP has set them the MAC address and the duplex settings Fi...

Страница 28: ...ws you to restart the application but not the Linux operating system itself Figure 20 Restart Network Protection System monitor Provides real time information for system and network Figure 21 System m...

Страница 29: ...Please observe that the upper right corner values in the graph are changing based on the peak values of transmitted traffic Incident logs The Incident logs screen provides information about malware t...

Страница 30: ...and configuration Incident logs By default incidents from the current date are displayed Click the calendar icon next to the Please select a date field to view logs from other days Detailed view Click...

Страница 31: ...he browser settings this will present a dialog asking you where to save the file or ask you to open the file from the current location Figure 24 Download log file By saving the file to your computer y...

Страница 32: ...are is trying to write the file C WINDOWS SYSTEM32 ratcvexgzi exe to disk In addition the malware is trying to establish a connection to the web site http www6 seruijingandeshijinpos com on port 80 an...

Страница 33: ...a share called TIMEFILES an entry in the Blocked URLs would look like this 2007 03 27 15 32 04 cifs HERODES TIMEFILES magicstart exe W32 Tibs gen455 On a server on the Internet a typical entry would l...

Страница 34: ...er http www example com all URLs under that domain are blocked i e the referring pages Entering an Internet or ftp address without the http or ftp prefix has no blocking effect whatsoever These are th...

Страница 35: ...a month or specify a date range you want to see statistics for You can also select a specific date by only enter ing a date in the first field of the two data range fields and then click submit When s...

Страница 36: ...Displays the amount of data transferred through the Network Protection application both in numbers and percent of total traffic per supported protocol Top 20 receivers Displays the amount of data rece...

Страница 37: ...en click submit When selecting a month you can also choose a specific day by clicking the graph for the desired day Daily Hourly incident histogram The top graphs display the amount of traffic that ha...

Страница 38: ...malware through the Network Protection application Top 20 Origins Displays information about the top origins where malware has been found Configure These modules allow you to configure the various op...

Страница 39: ...only scans for malware Detected malware will NOT be stopped but logged only Please be cautious using this mode as your computers will be infected by the detected malware Bypass This option allows all...

Страница 40: ...ces per supported protocol Figure 34 Scanner protocol settings The supported protocols are HTTP Hyper Text Transfer Protocol SMTP Simple Mail Transfer Protocol IMAP4 Internet Message Access Protocol P...

Страница 41: ...ure 35 Advanced scanner settings Note This value can also be changed individually per blocked URL in the Blocked URL menu Sites blocked will be blocked for The period an URL is blocked can be changed...

Страница 42: ...face is reserved for cluster com munication between two NNPs In the figure below you can see that all interfaces are in use Figure 36 Admin network interfaces As an option you can order your Network P...

Страница 43: ...o save the changes Cluster failover settings At the lower part of the page is a separate section where you can select to enable cluster failover which is selected by default Click Advanced settings fo...

Страница 44: ...ode yet and choose Cluster This must be done at both the primary NNP and the secondary NNP 2 To enable cluster settings select Enable cluster failover first at the primary NNP Click Apply 3 In the Nam...

Страница 45: ...gured by the primary cluster failover node Figure 41 Cluster warning This NNP is configured in a cluster as a secondary NNP You should only change settings on the primary NNP If you are absolutely sur...

Страница 46: ...blocking or excluding an IP address would normally be sufficient but in a DHCP based IP network the lease time may be very short and the excluded computers may acquire a different IP address next tim...

Страница 47: ...an IP address from the block or exclude list Select one IP address or more and click Remove selected The IP address can now transfer traffic through Network Protection MAC block and exclude Figure 45...

Страница 48: ...Network Protection Message handling The Message handling menu provides several methods to configure and send alerts from Network Protection The two main methods to receive alerts from Network Protect...

Страница 49: ...essage routing Provides the option of sending messages to a central Norman Endpoint Manager This option is reserved for future use and has not yet been activated Figure 48 Message routing Messages to...

Страница 50: ...pients Enter the machine name or the IP address for the recipient s Click on Add to enter the name or address for an SNMP recipient Select an entry from the list and click Remove selected to delete an...

Страница 51: ...as entries in the log file Email settings Provides configuration options for where to send emails Figure 52 Email settings Mail recipients Enter the email addresses for the recipients Click Add to en...

Страница 52: ...ns transferred through Network Protection will be logged to file Deselect this option to disable all traffic statistics Log only supported protocols Select this option to reduce the number of log entr...

Страница 53: ...resses or IP subnets that can access the Network Protection web based management interface IPv6 addresses are also valid input Figure 55 Remote access Allowed IP addresses Enter the IP address net inc...

Страница 54: ...er pool closest to your loca tion or enter your custom NTP server name if you have a specific preference or have already set up your own local NTP server Figure 56 System time Change administrator pas...

Страница 55: ...updated automatically without any downtime to the sys tem Some application updates will require downtime These are downloaded automatically but will not be updated without user intervention Please see...

Страница 56: ...e carried out manually with the Update now option Automatically at set intervals Automatic update at set intervals 6 hours 12 hours 1 day Wait for dialup connection A legacy setting for those who stil...

Страница 57: ...a critical update is available Figure 64 Critical updates options Install now This option will start the installation immediately A dialog box will warn you that this installation requires a restart...

Страница 58: ...rt personnel will guide you to the correct value Enter the necessary values and click Generate and send Figure 67 Generate and send diagnostics data The diagnostics data will be packed and sent to Nor...

Страница 59: ...tection will start when the server and operating system starts and will shut down together with the operating system and server If you need to start or stop Network Protection for other reasons use th...

Страница 60: ...will typically see this screen screen output from ifconfig command nnp ifconfig eth0 Link encap Ethernet HWaddr 00 30 05 AB 55 23 inet addr 172 17 5 125 Bcast 172 17 5 255 Mask 255 255 255 0 inet6 ad...

Страница 61: ...n on the same speed I m still experiencing slow performance even though I ve done a restart and adjusted the Network Interface Card speed Check the CPU and memory consumption for your system You can s...

Страница 62: ...should contact your local vendor or nearest Norman office to remedy the situation You may be asked to provide logs from the Norman Network Protection application to minimize the Support department s...

Страница 63: ...xternal machine do the following SSH to the IP address of Network Protection server using any SSH enabled application For Linux use standard SSH application On the Windows platform use the putty comma...

Страница 64: ...format Example time type src module src session dest module dest session mes sage src module Refers to the Network Protection module that generated the message The following table lists the Network P...

Страница 65: ...1 18 10 04 58 YYYY MM DD HH MM SS type This column contains a code relating to the type of message displayed The following table lists the Network Protection type code used src session Many of Network...

Страница 66: ...address pairs that have been discovered by the TCP protocol handler For practical rea sons only a partial list is displayed below show connections 2011 01 18 13 43 44 0 CMD 0 CON 2 connections 2011 0...

Страница 67: ...2011 01 18 13 40 29 0 HASH 0 CON 2 Hash entries 4 1 unmapped M1 9bee0bc3 M2 7a0f10fa show opmode Displays the operation mode of Network Protection show opmode 2011 01 18 14 12 56 0 CMD 0 CON 1 opmode...

Страница 68: ...1 18 13 39 11 0 CMD 0 CON 2 smtp decomp on 2011 01 18 13 39 11 0 CMD 0 CON 2 pop3 enable on 2011 01 18 13 39 11 0 CMD 0 CON 2 pop3 scanner on 2011 01 18 13 39 11 0 CMD 0 CON 2 pop3 sandbox on 2011 01...

Страница 69: ...2011 01 18 13 23 04 0 CMD 0 CON 1 Binary def version 18 1 2011 9172357 viruses 2011 01 18 13 23 04 0 CMD 0 CON 1 Macro def version 14 12 2010 20465 viruses show vlan Displays known VLAN for the Netwo...

Страница 70: ...ion for col lecting network packets from the interface Network interfaces are indexed from 0 For example lo 0 eth0 1 and so on Show adapters will display the adapters and their assigned index numbers...

Страница 71: ...canned The default and maximum file size limit is 64 MB This is a global protocol setting vlanblock id Blocks the specific VLAN ID vlanunblock id Removes the VLAN ID from the block list vlanexclude id...

Страница 72: ...and start listening and replicating cluster configuration and state Operation is set to block to avoid multiple network outages due to mul tiple nodes being master cluster enable will fail with an er...

Страница 73: ...uto 1 for secondary 2 for primary ping_timeout Integer How long a node will wait before it times out secret Integer Password This must be the same on all nodes in a cluster sync_timeout Integer Number...

Страница 74: ...e bypass sets NNP in bypass no traffic will be scanned block sets NNP to block no traffic will pass NNP scan sets NNP to scan all supported protocols will be scanned based on settings below log only s...

Страница 75: ...enable disable Sandbox scanning for this protocol decomp on off enable disable decomp of archive files on off enable disable all scan option for this protocol except block irc enable on off enable dis...

Страница 76: ...enable disable this protocol Must be set to configure the protocol block on off block allow all traffic for this protocol scancache enable enables the scancache disable disables the scancache flush f...

Страница 77: ...ntation is able to stop malware also In port mirror mode out of band malware will only be detected but not stopped since it s only a mirror of the traffic that Network Protection sees Configuring Note...

Страница 78: ...nterfere with the data traffic The functions listed below will not be opera tive in this mode Scanner settings Block mode will not work for any protocol scanner Stop malicious code injection on execut...

Страница 79: ...its main markets Copyright 1990 2011 Norman ASA Italy Norman Data Defense Systems Centro Cassina Plaza Via Roma 108 20060 Cassina de Pecchi MI Tel 39 02 951 58 952 Fax 39 02 951 38 270 Email info nor...

Результаты поиска

Содержание NetworkProtection

Отзывы:

Похожие инструкции для NetworkProtection

Бренды по названию

Популярные бренды

Norman NetworkProtection, Руководство администратора

Результаты поиска

Содержание NetworkProtection

Отзывы:

Похожие инструкции для NetworkProtection

Бренды по названию

Популярные бренды