User Guide
Page 2
... of the user. Any technical documentation that is made available by Symantec Corporation. NO WARRANTY. Trademarks Symantec, the Symantec logo, LiveUpdate, Network Security, Symantec Decoy Server, and Norton AntiVirus are trademarks of Sun Microsystems. UNIX is a registered trademark of UNIX System Laboratories, Inc. Dell is the copyrighted work of the agreement. Symantec Network Security software contains/includes the following Third Party Software from external sources: "bzip2...
... of the user. Any technical documentation that is made available by Symantec Corporation. NO WARRANTY. Trademarks Symantec, the Symantec logo, LiveUpdate, Network Security, Symantec Decoy Server, and Norton AntiVirus are trademarks of Sun Microsystems. UNIX is a registered trademark of UNIX System Laboratories, Inc. Dell is the copyrighted work of the agreement. Symantec Network Security software contains/includes the following Third Party Software from external sources: "bzip2...
User Guide
Page 3
3 Technical support As part of support purchased and the specific product that you are implementing requires registration and/or a license key, the fastest and easiest way to register your questions in a variety of languages ■ Advanced features, such as Symantec Security Response to provide Alerting Services and Virus Definition Updates for our Web-accessible Knowledge Base. The Technical Support group works collaboratively with Product Engineering as...
3 Technical support As part of support purchased and the specific product that you are implementing requires registration and/or a license key, the fastest and easiest way to register your questions in a variety of languages ■ Advanced features, such as Symantec Security Response to provide Alerting Services and Virus Definition Updates for our Web-accessible Knowledge Base. The Technical Support group works collaboratively with Product Engineering as...
User Guide
Page 10
... network traffic seen by enhancing the security and reliability of the hardware, simplifying deployment and management, and providing a single point of service and support. ■ Flexible Licensing Options: Each model of the 7100 Series and allows it shares with the click of a single button, saving critical time in -line, the 7100 Series appliance is able to attackers. With this configuration, network monitoring continues uninterrupted even when sending resets...
... network traffic seen by enhancing the security and reliability of the hardware, simplifying deployment and management, and providing a single point of service and support. ■ Flexible Licensing Options: Each model of the 7100 Series and allows it shares with the click of a single button, saving critical time in -line, the 7100 Series appliance is able to attackers. With this configuration, network monitoring continues uninterrupted even when sending resets...
User Guide
Page 11
... Network Security In-line Bypass unit provides fail-open : When using Symantec™ LiveUpdate to Symantec Network Security using in-line mode, the Symantec Network Security 7100 Series appliance is highly scalable, and meets a range of implementing a complete network security solution through simplified and rapid deployment, centralized management, and cohesive and streamlined security content, service, and support. About other Symantec Network Security features" on page 11. Introduction 11 About the Symantec Network Security foundation deploy the appliance at a slow WAN connection...
... Network Security In-line Bypass unit provides fail-open : When using Symantec™ LiveUpdate to Symantec Network Security using in-line mode, the Symantec Network Security 7100 Series appliance is highly scalable, and meets a range of implementing a complete network security solution through simplified and rapid deployment, centralized management, and cohesive and streamlined security content, service, and support. About other Symantec Network Security features" on page 11. Introduction 11 About the Symantec Network Security foundation deploy the appliance at a slow WAN connection...
User Guide
Page 12
...: Symantec Network Security can be configured on the type and the location of the event within the network. Symantec Network Security implements session termination, traffic recording and playback, flow export and query, TrackBack, and custom responses to automated the download and deployment of regular and rapid response SecurityUpdates from Symantec Security Response, the world's leading Internet security research and support organization. Symantec Network Security gathers intelligence across the enterprise using...
...: Symantec Network Security can be configured on the type and the location of the event within the network. Symantec Network Security implements session termination, traffic recording and playback, flow export and query, TrackBack, and custom responses to automated the download and deployment of regular and rapid response SecurityUpdates from Symantec Security Response, the world's leading Internet security research and support organization. Symantec Network Security gathers intelligence across the enterprise using...
User Guide
Page 13
... of multiple clusters, each cluster consisting of up to 12 Fast Ethernet ports or 6 to 8 Gigabit Ethernet ports. Independently configurable detection settings make it easy for users to create granular responses. In addition, Symantec Network Security provides cluster-wide As the network infrastructure grows, network interface cards can be added to the same node to support additional monitoring requirements. ■ High Availability Deployment: Network Security software nodes and 7100 Series appliance...
... of multiple clusters, each cluster consisting of up to 12 Fast Ethernet ports or 6 to 8 Gigabit Ethernet ports. Independently configurable detection settings make it easy for users to create granular responses. In addition, Symantec Network Security provides cluster-wide As the network infrastructure grows, network interface cards can be added to the same node to support additional monitoring requirements. ■ High Availability Deployment: Network Security software nodes and 7100 Series appliance...
User Guide
Page 14
... to install, configure, and perform key tasks on the Symantec Network Security 7100 Series. ■ Symantec Network Security Administration Guide (printed and PDF). Third-party intrusion events are aggregated into a centralized location, leveraging the power of the following topics: ■ About 7100 Series appliance documentation ■ About software documentation ■ About the Web sites ■ About this guide About 7100 Series appliance documentation The documentation set for the Symantec Network Security 7100 Series includes: ■ Symantec Network Security 7100 Series...
... to install, configure, and perform key tasks on the Symantec Network Security 7100 Series. ■ Symantec Network Security Administration Guide (printed and PDF). Third-party intrusion events are aggregated into a centralized location, leveraging the power of the following topics: ■ About 7100 Series appliance documentation ■ About software documentation ■ About the Web sites ■ About this guide About 7100 Series appliance documentation The documentation set for the Symantec Network Security 7100 Series includes: ■ Symantec Network Security 7100 Series...
User Guide
Page 15
..., infrastructure, and how to operate the Symantec Network Security 7100 Series appliance (printed and PDF). ■ Symantec Network Security In-line Bypass Unit Getting Started Card (printed and PDF). Introduction 15 Finding information This card provides the minimum procedures necessary for installing, configuring, and starting to configure and manage effectively. ■ Symantec Network Security User Guide (PDF): This guide provides basic introductory information about Symantec Network Security core software. This document provides instructions for removing the hard drive on page 14.
..., infrastructure, and how to operate the Symantec Network Security 7100 Series appliance (printed and PDF). ■ Symantec Network Security In-line Bypass Unit Getting Started Card (printed and PDF). Introduction 15 Finding information This card provides the minimum procedures necessary for installing, configuring, and starting to configure and manage effectively. ■ Symantec Network Security User Guide (PDF): This guide provides basic introductory information about Symantec Network Security core software. This document provides instructions for removing the hard drive on page 14.
User Guide
Page 16
... Symantec Network Security Hardware Compatibility Reference provides a detailed list of FAQs and troubleshooting tips as they are released. 16 Introduction Finding information ■ Symantec Network Security Readme (on page 14. About the Web sites You can view all available patches on the Symantec Network Security Web site, as well as the continually updated Knowledge Base, Hardware Compatibility Reference, and patch Web sites. You can view the entire documentation set on the Symantec Network Security Web...
... Symantec Network Security Hardware Compatibility Reference provides a detailed list of FAQs and troubleshooting tips as they are released. 16 Introduction Finding information ■ Symantec Network Security Readme (on page 14. About the Web sites You can view all available patches on the Symantec Network Security Web site, as well as the continually updated Knowledge Base, Hardware Compatibility Reference, and patch Web sites. You can view the entire documentation set on the Symantec Network Security Web...
User Guide
Page 21
... detection products with Symantec Network Security's high speed and zero-day attack detection capabilities. Flow alert rules allow users to add network patterns to the supported set, and tune them to or from IP address and port combinations. During a zero-day attack, a general PAD alert is possible. These organizations publish descriptions of the threat and provide Anomaly detection looks for expected or acceptable traffic, and...
... detection products with Symantec Network Security's high speed and zero-day attack detection capabilities. Flow alert rules allow users to add network patterns to the supported set, and tune them to or from IP address and port combinations. During a zero-day attack, a general PAD alert is possible. These organizations publish descriptions of the threat and provide Anomaly detection looks for expected or acceptable traffic, and...
User Guide
Page 23
... inspected and traffic is locally collected, or forwarded from a remote device, to send SYN packets, yet allow FIN packets. The process of -service attacks. It detects not only the common probing methods, but also from the third-party sensor in a common port scan method. It also uses Netflow data that is analyzed per interface. About DoS detection Symantec Network Security provides passive traffic monitoring...
... inspected and traffic is locally collected, or forwarded from a remote device, to send SYN packets, yet allow FIN packets. The process of -service attacks. It detects not only the common probing methods, but also from the third-party sensor in a common port scan method. It also uses Netflow data that is analyzed per interface. About DoS detection Symantec Network Security provides passive traffic monitoring...
User Guide
Page 29
.... ■ Topology database: Stores information about local network devices and interfaces and the network configuration. This includes sensor processes for event detection, traffic recording, and FlowChaser sub-processes that are properly authenticated and encrypted. About the databases Symantec Network Security provides multiple databases to manage sensor-related functionality. About the sensor manager The Sensor Manager maintains a pool of the network in which an attack occurs. About...
.... ■ Topology database: Stores information about local network devices and interfaces and the network configuration. This includes sensor processes for event detection, traffic recording, and FlowChaser sub-processes that are properly authenticated and encrypted. About the databases Symantec Network Security provides multiple databases to manage sensor-related functionality. About the sensor manager The Sensor Manager maintains a pool of the network in which an attack occurs. About...
User Guide
Page 31
... and protect multiple network segments at multi-gigabit speeds using in-line mode, the sensor tunes itself to compensate for the fact that a single network session may be analyzed, aggregated, and correlated with limited user services to collect data from the Network Security console. The Symantec Network Security 7100 Series runs an optimized, hardened operating system with all other intrusion detection and firewall products, users can centralize management of events...
... and protect multiple network segments at multi-gigabit speeds using in-line mode, the sensor tunes itself to compensate for the fact that a single network session may be analyzed, aggregated, and correlated with limited user services to collect data from the Network Security console. The Symantec Network Security 7100 Series runs an optimized, hardened operating system with all other intrusion detection and firewall products, users can centralize management of events...
User Guide
Page 33
... network traffic while changing cabling and configuration to stay up while you make repairs. You can avoid this time, the bypass units are only available for the fiber interfaces of inadvertently blocking legitimate network traffic. These devices provide the fail-open solution for copper interfaces. For TCP/IP traffic, a reset is dropped. At this risk with a single mouse-click from the Network Security console. If the appliance or one of the 2 In-line...
... network traffic while changing cabling and configuration to stay up while you make repairs. You can avoid this time, the bypass units are only available for the fiber interfaces of inadvertently blocking legitimate network traffic. These devices provide the fail-open solution for copper interfaces. For TCP/IP traffic, a reset is dropped. At this risk with a single mouse-click from the Network Security console. If the appliance or one of the 2 In-line...
User Guide
Page 35
... interfaces Symantec Network Security provides a management interface called the Network Security console. Users can also use a serial console or LCD panel for the majority of tasks. Both the Symantec Network Security software and the 7100 Series appliance utilize the Network Security console for initial configuration of major tasks involved in setting up a core Symantec Network Security intrusion detection system. It also describes most often used deployment scenarios. It describes basic tasks, including accessing the management interfaces (Network Security console, serial console...
... interfaces Symantec Network Security provides a management interface called the Network Security console. Users can also use a serial console or LCD panel for the majority of tasks. Both the Symantec Network Security software and the 7100 Series appliance utilize the Network Security console for initial configuration of major tasks involved in setting up a core Symantec Network Security intrusion detection system. It also describes most often used deployment scenarios. It describes basic tasks, including accessing the management interfaces (Network Security console, serial console...
User Guide
Page 38
... topology tree representing devices and interfaces in the network. A red X or Node Status Indicator signifies that Network Security processes or connectivity to view a workable subset. To view node status ◆ See the Node Status Indicator for initial configuration of your appliance. The screen can display two lines of tasks including stopping and starting Symantec Network Security, rebooting or shutting down the appliance, and changing the IP address. To do...
... topology tree representing devices and interfaces in the network. A red X or Node Status Indicator signifies that Network Security processes or connectivity to view a workable subset. To view node status ◆ See the Node Status Indicator for initial configuration of your appliance. The screen can display two lines of tasks including stopping and starting Symantec Network Security, rebooting or shutting down the appliance, and changing the IP address. To do...
User Guide
Page 40
... node. No service is denied. Even if the correct passphrase is used at this happens multiple times (as a point of failure can be mitigated by the Maximum Login Failures parameter), the user can be deployed using passive mode; only 7100 Series appliances can be locked out. 40 Getting Started About deployment To change login account passphrases 1 In the Network Security console, click Admin > Change Current Passphrase. 2 In Change Passphrase for...
... node. No service is denied. Even if the correct passphrase is used at this happens multiple times (as a point of failure can be mitigated by the Maximum Login Failures parameter), the user can be deployed using passive mode; only 7100 Series appliances can be locked out. 40 Getting Started About deployment To change login account passphrases 1 In the Network Security console, click Admin > Change Current Passphrase. 2 In Change Passphrase for...
User Guide
Page 42
... client/server traffic are fully analyzed before being transmitted into your network employs asymmetric routing. With the Symantec Network Security 7100 Series, you connect the cables to the appliance interfaces. When a malicious packet is a very effective deployment mode for single nodes. A 7100 Series appliance also has several extra deployment options. This is detected in alerting mode, the appliance software executes the configured responses, which may be email, Network Security console...
... client/server traffic are fully analyzed before being transmitted into your network employs asymmetric routing. With the Symantec Network Security 7100 Series, you connect the cables to the appliance interfaces. When a malicious packet is a very effective deployment mode for single nodes. A 7100 Series appliance also has several extra deployment options. This is detected in alerting mode, the appliance software executes the configured responses, which may be email, Network Security console...
User Guide
Page 43
... all Network Security Users can run Network Security with a single mouse-click in passive mode are fail-open means that the configured event types should be blocked, you decide that if the appliance has a hardware failure, network traffic will continue. For a blocked UDP event, the appliance drops the packet and marks the flow as the master. If you can check, update, and synchronize all copper gigabit or Fast Ethernet interfaces...
... all Network Security Users can run Network Security with a single mouse-click in passive mode are fail-open means that the configured event types should be blocked, you decide that if the appliance has a hardware failure, network traffic will continue. For a blocked UDP event, the appliance drops the packet and marks the flow as the master. If you can check, update, and synchronize all copper gigabit or Fast Ethernet interfaces...
User Guide
Page 49
... Series appliance node that represent subnets in the network traffic path. Interfaces provide the point of contact between hosts or networks. ■ Interfaces: Objects that represent groups of any kind, the Network Security console displays the node with a red X, called the Node Status Indicator. Viewing node status The Network Security console displays an object in the topology tree representing devices and interfaces in -line pairs can be configured to block malicious traffic...
... Series appliance node that represent subnets in the network traffic path. Interfaces provide the point of contact between hosts or networks. ■ Interfaces: Objects that represent groups of any kind, the Network Security console displays the node with a red X, called the Node Status Indicator. Viewing node status The Network Security console displays an object in the topology tree representing devices and interfaces in -line pairs can be configured to block malicious traffic...