Skybox Securoty Appliance 5500 Скачать руководство пользователя страница 23 | Manualshive

Страница: 23 / 44

background image

Chapter 4 Configuring the Appliance

Skybox version 8.5.400

23

2

Save and close the file.

3

Open

/etc/pam_radius.conf

and find the following entry:

127.0.0.1 secret 1

4

Replace that line with the relevant information for your RADIUS server.
For example, if the RADIUS server’s IP address is 192.168.1.1 and the shared

secret is

radiussecret

, replace the preceding line with:

192.168.1.1 radiussecret 1

5

Save and close the file.

6

Add the new user on the OS level, using the following command:

useradd <user1>

There is no need to set the password; it comes from RADIUS.

You can now log in to Skybox with the user’s credentials: <user1> / <password>

(using the password stored on the RADIUS server for this user).

Changing the TLS version

The Apache HTTP Server module

mod_ssl

provides an interface to

the OpenSSL library, which provides Strong Encryption using the Secure Sockets

Layer and Transport Layer Security (TLS) protocols.
There are 3 possible configurations for TLS:

›

Default Security configuration for SSL: All TLS versions are enabled

›

High Security configuration for SSL: TLS versions 1.2 and higher are enabled

›

Medium Security configuration for SSL: TLS versions 1.1 and higher are

enabled

Only 1 configuration can be active at any time. We recommend that you use the

highest level possible for your browser to increase the security of communication

between the browser and the Appliance web server.
The configuration settings are stored in the following file:

/etc/httpd/conf.d/

skyboxwebadmin.conf

«
...
21
22
23
24
25
...
»

Содержание Appliance 5500

Страница 1: ...Skybox Appliance 5500 Quick Start Guide 8 5 400 Revision 11 ...

Страница 2: ...eval system or transmitted in any form or by any means electronic mechanical photocopying recording or otherwise without the prior written permission of Skybox Security Skybox Skybox Security Skybox Firewall Assurance Skybox Network Assurance Skybox Vulnerability Control Skybox Threat Manager Skybox Change Manager Skybox Appliance 5500 6000 7000 8000 and the Skybox Security logo are either registe...

Страница 3: ...kybox Appliance 12 System configuration 13 Configuring connection 13 Setting up the Appliance for configuration 15 First time configuration 15 Network naming schema in CentOS 7 16 What s next 16 Configuring the Appliance 18 Configuration and management options 18 Setting up SNMP configuration 20 Setting up network interface bonding 20 Supported bond modes 21 RADIUS authentication 22 Changing the T...

Страница 4: ...ance to factory defaults 31 Monitoring SNMP 32 Troubleshooting 34 Change log 35 Wiping the hard disk drive 37 Regulatory and safety information 38 Product regulatory compliance 38 Safety compliance 38 EMC compliance Class A compliance 39 Environmental requirements 39 Product regulatory compliance markings 39 Electromagnetic compatibility notices for the server board 42 ...

Страница 5: ...additional Skybox component the Collector which connects to data sources and imports the data to the Server The Skybox Server and Collector are preinstalled on Skybox Appliance and run at startup In this chapter Basic architecture 5 Related documentation 5 Basic architecture The Skybox platform consists of a 3 tiered architecture with a centralized server Skybox Server data collectors Skybox Colle...

Страница 6: ...re included in the shipping carton Skybox Appliance 5500 Rack mount kit Front bezel AC power cord RJ45 to DB9 serial console cable Skybox Quick Start Guide 2 DVDs Skybox Installs Skybox on the Appliance it contains the Skybox software and additional Appliance documentation Restore Appliance Restores the Appliance to factory settings Physical specifications The physical features of Skybox Appliance...

Страница 7: ...Compliant standards Ctick NRTL CE FCC EMC BSMI KC and more For detailed information see Regulatory and safety information on page 38 Environmental specifications Environmental specifications for Skybox are listed in the following table Property Limits Operating temperature 10 C to 35 C with the maximum rate of change not to exceed 10 C per hour Non operating temperature 40 C to 70 C Non operating ...

Страница 8: ...lable through EPG Product Regulations MTBF estimates for Skybox Appliance The estimated mean time between failures MTBF and Failures in Time FIT for Skybox Appliance 5500 are listed in the following table Subassembly MTBF hours FIT failures 10 9 hours Intel Server Board S1200V3RPM 371523 2692 Backplane board 935180 1069 Power supply 450W MiniERPS 967300 1034 Cooling fan 1 fixed fans 490000 2041 Co...

Страница 9: ...MI button recessed tool required for use C NIC 1 activity LED D NIC 3 activity LED E System cold reset button F System status LED G Power button with integrated LED H Hard drive activity LED I NIC 4 activity LED J NIC 2 activity LED Front panel LED functions LED Color state Description Power Sleep Green on Power on Green blinking Sleep Off Power off NIC LEDs Green on Network link but no network ac...

Страница 10: ...s failure voltage power supply critical temperature and voltage Amber blinking Non Critical Alarm Redundant fan failure redundant power module failure non critical temperature and voltage Off Power off System unplugged Power on System powered off and in standby no prior degraded non critical critical state Back panel connectors Skybox Appliance 5500 s back panel includes the following connectors P...

Страница 11: ...tem partitions Skybox Appliance s file system is partitioned as follows SWAP 4 GB tmp 5 of the entire space 20 of the entire space var 45 of the entire space opt The rest of the disk Note On machines with less than 200 GB of disk space Skybox is installed on a single partition ...

Страница 12: ...munications lines connected to I O connectors or ports on the back of the chassis 4 Provide electrostatic discharge ESD protection by wearing an antistatic wrist strap attached to a chassis ground any unpainted metal surface when handling components Required tools and supplies Phillips cross head screwdriver 1 bit and 2 bit Recommended Antistatic wrist strap and conductive foam pad Installation To...

Страница 13: ...the cable to a network socket 2 Connect a mouse keyboard and screen to the connectors on the Appliance s back panel 3 Log in to the Appliance using the default login root and the default password skyboxview 4 Run the command set_appliance_network this command configures network interfaces with an IP address netmask and default gateway a Select a network interface to configure b Select the IP mode ...

Страница 14: ...config a 7 Open the network card config file using the vi editor The content will be similar to the following DHCP example NAME ens2f0 DEVICE ens2f0 IPV6INIT no ONBOOT yes HWADDR 00 1e 67 d4 7d 50 BOOTPROTO dhcp PEERDNS no Static IP address example NAME ens2f0 DEVICE ens2f0 IPV6INIT no ONBOOT yes HWADDR 00 1e 67 d4 7d 50 BOOTPROTO none IPADDR 192 168 80 132 NETMASK 255 255 254 0 GATEWAY 192 168 80...

Страница 15: ...ybox Appliance Administration appears FIRST TIME CONFIGURATION You must configure the date and time and change the passwords before using the Skybox Server All other settings are optional and you can configure them later To configure the date and time 1 On the System tab select Date and Time Configuration 2 For manual date and time configuration a Select Manual Date and Time Configuration b Click ...

Страница 16: ...nector of the hardware for example enp2s0 are applied if applicable Method 5 is used in all other cases 4 Names incorporating the interface s MAC address for example enx78e7d1ea46da are not used by default but are available if the user chooses 5 The traditional kernel naming scheme for example eth0 is used if all other methods fail What s next The Skybox Manager is the client application that comm...

Страница 17: ...rotation are provided automatically when necessary as part of Skybox updates However when updates are provided you must restart the syslog server on the System tab disable the syslog server and then enable it again for it to start using the updates For information about customizing the syslog server see Customizing the syslog server on page 25 ...

Страница 18: ...figuration options are described in the following tables About tab Pane Description System Information Provides information about Skybox configuration Network tab Note that changes to the configuration information made in this tab are only saved after you click Save Network Configuration Pane Description Network Configuration Summary Displays a summary of the Appliance configuration information Cl...

Страница 19: ...u to change the name of the Appliance Change System Mode Toggles between Server mode where the Appliance functions as both Server and a Collector and Collector mode where the Appliance functions only as a Collector SNMP Select Enable SNMP Service to set up SNMP configuration host configuration and sending traps You can also download the Appliance MIBs For more information see Setting up SNMP confi...

Страница 20: ...ly Community SNMPv1 or SNMPv2 community string Source Name or IP address subnet represented as IP MASK 10 10 10 0 255 255 255 0 IP BITS 10 10 10 0 24 Multiple sources must be comma separated On the Notification Traps tab Destination Name or IP address of the notification receiver traps server Traps Community SNMP community of the notification receiver traps server 4 When you are finished click Sav...

Страница 21: ...ORTED BOND MODES The following bond modes are supported The recommended bond mode is active backup mode 0 balance rr Round robin policy Transmit packets in sequential order from the first available slave through the last This mode provides load balancing and fault tolerance mode 1 active backup Active backup policy Only one slave in the bond is active A different slave becomes active if and only i...

Страница 22: ...es over the MAC address of the failed receiving slave Prerequisite Ethtool support in the base drivers for retrieving the speed of each slave mode 6 balance alb Adaptive load balancing includes balance tlb plus receive load balancing rlb for IPV4 traffic and does not require any special switch support The receive load balancing is achieved by ARP negotiation The bonding driver intercepts the ARP r...

Страница 23: ... password stored on the RADIUS server for this user Changing the TLS version The Apache HTTP Server module mod_ssl provides an interface to the OpenSSL library which provides Strong Encryption using the Secure Sockets Layer and Transport Layer Security TLS protocols There are 3 possible configurations for TLS Default Security configuration for SSL All TLS versions are enabled High Security configu...

Страница 24: ...A AES128 SHA256 ECDHE RSA AES256 SHA 4 Uncomment either High or Medium not both by deleting from the appropriate SSLProtocol SSLCipherSuite lines Note Do not uncomment the title line itself High Medium Security High Security configuration for SSL SSLProtocol all TLSv1 2 SSLCipherSuite EECDH AESGCM EDH AESGCM AES256 EECDH ECDHE RSA AES128 SHA DHE RSA AES128 GC M SHA256 AES256 EDH ECDHE RSA AES256 G...

Страница 25: ...he logs stored When the syslog server is enabled new log files are stored in one of the following locations depending on the type of log var log syslog ng new var log firewall_assurance change_logs new The logs are kept for 48 hours in the new directory and are then archived for 3 more days in the parallel old directory var log syslog ng old var log firewall_assurance change_logs old What are the ...

Страница 26: ...tory path of the files var log syslog ng new and var log firewall_assurance change_logs new Modules The scope of devices whose logs are to be imported In the Advanced tab The date format used by the device For Cisco and Juniper traffic events The positions of the Device ID and date in the log ...

Страница 27: ...r 28 Manager system requirements The Skybox Manager is a Java client application that connects to the Skybox Server through port 8443 You can install multiple Managers on a single computer this is useful when connecting to Servers of different versions Operating system The following operating systems are supported for the Manager Windows 7 Windows 8 Windows 10 64bit only Windows Server 2012 Browse...

Страница 28: ...nager communicates with the server over 8443 TCP by default If there is a firewall between the Manager and the Server access on this port should be explicitly permitted Upgrading the Manager In some cases the Manager installation file on the Appliance is outdated In this case you can download the new Manager installation file or you might receive it from Skybox Security s product support team to r...

Страница 29: ..._ patch appliance_update Skybox_ patch appliance_update md5 2 Copy Skybox_ patch appliance_update to the Appliance server using Secure Copy Protocol SCP 3 Copy Skybox_ patch appliance_update md5 to the same directory using SCP 4 Connect to the Appliance server via SSH using root credentials 5 Navigate to the directory where the files were saved 6 Verify that the update file was copied without any ...

Страница 30: ...u created the CSR c SSLCertificateChainFile must be the intermediate certificate file for example DomainCertCA crt 3 Save a backup of etc httpd conf d skybox conf and then open the file 4 In the file make the following changes replacing the sample file names here with the actual file names a ServerName skyboxapp ServerName www your domain org b SSLCertificateFile etc pki tls certs localhost crt et...

Страница 31: ...ults 1 Insert the DVD in the DVD ROM drive 2 Reboot the Appliance 3 As soon as you see the Skybox Installation Menu window press any key Note If you do not press a key within several seconds the Appliance boots from the local drive 4 In the menu select Skybox Appliance Installation Note The restore process takes approximately 25 minutes 5 When the installation finishes proceed from System configur...

Страница 32: ... 11 52 0 Percentages of idle CPU time 1 3 6 1 4 1 2021 11 11 0 Raw idle CPU time 1 3 6 1 4 1 2021 11 53 0 Raw nice CPU time 1 3 6 1 4 1 2021 11 51 0 Memory statistics Total swap size 1 3 6 1 4 1 2021 4 3 0 Available swap space 1 3 6 1 4 1 2021 4 4 0 Total RAM in machine 1 3 6 1 4 1 2021 4 5 0 Total RAM used 1 3 6 1 4 1 2021 4 6 0 Total RAM free 1 3 6 1 4 1 2021 4 11 0 Total RAM shared 1 3 6 1 4 1 ...

Страница 33: ...6 52 46 49 46 49 57 55 54 56 46 49 Skybox Collector status 1 3 6 1 4 1 8072 1 3 2 3 1 4 19 49 46 51 46 54 46 49 46 52 46 49 46 49 57 55 54 56 46 50 Additional SNMP configuration For further SNMP configuration refer to The MIB files on the Appliance located at usr local snmpsa mibs The SNMP configuration file etc snmp snmpd conf ...

Страница 34: ...et_appliance_details script from the CLI The following is a sample output of this script APPLIANCE_VERSION 8 5 103 7 1 11 CORES 2 MODE SERVER MODEL RAM 32014 MB SERIAL_NUMBER SKYBOXVIEW 8 0 513 Hardware issues Whenever there is a hardware issue on the Appliance usually indicated by the system status LED turning amber or blinking do the following 1 Run getlogs as the root user The diagnostic log fi...

Страница 35: ... etc systemd system default target this is linked to the multi user target by default Traditional runlevels defined runlevel 0 runlevel 1 runlevel 2 runlevel 3 runlevel 4 runlevel 5 runlevel 6 The default runlevel is set in etc inittab Host name change In Red Hat Enterprise Linux 7 as part of the move to the new init system systemd the hostname variable is set in etc hostname In Red Hat Enterprise...

Страница 36: ... and chkconfig commands to start stop and enable disable services respectively they are not 100 compatible with the RHEL 7 systemctl command according to Red Hat Use the service and chkconfig commands Start Service service start nfs or etc init d nfs start Enable Service To start with specific runlevel chkconfig level 3 5 nfs on Default firewall firewalld dynamic firewall The built in configuratio...

Страница 37: ...t be required for example if you are sending the Appliance back to Skybox Security for replacement Caution This procedure wipes the HDD completely Afterwards it will not be bootable or function at all The following command overwrites all partitions master boot records and data dd if dev urandom of dev sda bs 1M Wiping the hard disk drive ...

Страница 38: ...m systems test equipment and so on other than an ITE application will require further evaluation and may require additional regulatory approvals Note The use and or integration of telecommunication devices such as modems and or wireless devices have not been planned for with respect to these systems If there is any change of plan to use such devices then telecommunication type certifications will ...

Страница 39: ...h worldwide regulatory requirements A Material Declaration Data Sheet is available for Intel products For more reference on material restrictions and compliance you can view Intel s Environmental Product Content Specification at http supplier intel com ehs environmental htm Europe European Directive 2002 95 EC Restriction of Hazardous Substances RoHS Threshold limits and banned substances are note...

Страница 40: ...3 CLASS A GS Mark Germany VCCI Marking Class A Japan KC Mark Korean Communications Commission Korea GOST R Marking Russia Ukraine Certification Ukraine BSMI Certification RPC Number Class A Warning Taiwan FCC Marking Class A USA This device complies with Part 15 of the FCC Rules Operation of this device is subject to the following two conditions 1 This device may not cause harmful interference and...

Страница 41: ...tion of Hazardous Substance RoHS Environmental Friendly Use Period Mark China Recycling Package Marks China Will be added on Package label Other Recycling Package Marks Internatio nal Will be added on Package label Battery Perchlorate Warning Information USA CA Perchlorate Material Special handling may apply See www dtsc ca gov hazardouswaste perchlorate This notice is required by California Code ...

Страница 42: ...his equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmf...

Страница 43: ...ation of this notice This digital apparatus does not exceed the Class B limits for radio noise emissions from digital apparatus set out in the interference causing equipment standard entitled Digital Apparatus ICES 003 of the Canadian Department of Communications Europe CE Declaration of Conformity This product has been tested in accordance to and complies with the Low Voltage Directive 73 23 EEC ...

Страница 44: ...ense and Product 2 Certification No On RRL certificate Obtain certificate from local Intel representative 3 Name of Certification Recipient Intel Corporation 4 Date of Manufacturer Refer to date code on product 5 Manufacturer Nation Intel Corporation Refer to country of origin marked on product CNCA CCC China The CCC Certification Marking and EMC warning is located on the outside rear area of the ...

Отзывы:

Нет отзывов

Похожие инструкции для Appliance 5500

SpectraGuard Sensor

Бренд: AirTight Страницы: 39

Бренд: Watchguard Страницы: 2

Бренд: PaloAlto Networks Страницы: 54

Бренд: NETGEAR Страницы: 2

TippingPoint TPS 8200TX

Бренд: Trend Micro Страницы: 9

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды