N2OS User Manual 19 0 4 1 - Nozomi Guardian 19 User Guide. In this chapter you will receive preliminary PDF

Preview

Summary

Nozomi Guardian 19 User Guide. In this chapter you will receive preliminary information to get a
Guardian or a CMC properly and securely installed....

Description

Notice Legal notices Publication Date December 2019 Copyright Copyright © 2013-2019, Nozomi Networks. All rights reserved. Nozomi Networks believes the information it furnishes to be accurate and reliable. However, Nozomi Networks assumes no responsibility for the use of this information, nor any infringement of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent, copyright, or other intellectual property right of Nozomi Networks except as specifically described by applicable user licenses. Nozomi Networks reserves the right to change specifications at any time without notice.

| Table of Contents | v

Table of Contents Legal notices.......................................................................................... iii Chapter 1: Preliminaries.........................................................................9 Prepare a Safe and Secure Environment...................................................................................10

Chapter 2: Installation.......................................................................... 11 Installing a Physical Appliance....................................................................................................12 Installing on Virtual Hardware..................................................................................................... 12 Installing the Container............................................................................................................... 13 Setup Phase 1.............................................................................................................................15 Setup Phase 2.............................................................................................................................17 Additional settings....................................................................................................................... 19

Chapter 3: Users Management............................................................ 21 Managing Users.......................................................................................................................... 22 Managing Groups........................................................................................................................ 24 Password policies........................................................................................................................26 Active Directory Users.................................................................................................................28 SAML Integration.........................................................................................................................30

Chapter 4: Basics..................................................................................31 Environment.................................................................................................................................32 Asset............................................................................................................................................ 32 Node............................................................................................................................................ 32 Session........................................................................................................................................ 33 Link.............................................................................................................................................. 33 Variable........................................................................................................................................34 Vulnerability................................................................................................................................. 34 Query........................................................................................................................................... 34 Protocol........................................................................................................................................35 Incident & Alert............................................................................................................................35 Trace............................................................................................................................................36 Charts.......................................................................................................................................... 37 Tables.......................................................................................................................................... 38 Navigation through objects..........................................................................................................38

Chapter 5: User Interface Reference...................................................41 Supported Web Browsers........................................................................................................... 42 Navigation header....................................................................................................................... 42 Dashboard................................................................................................................................... 44 Alerts............................................................................................................................................48 Asset View...................................................................................................................................49 Network View...............................................................................................................................51 Process View...............................................................................................................................63 Queries........................................................................................................................................ 67 Reports........................................................................................................................................ 70 Time Machine.............................................................................................................................. 73 Vulnerabilities...............................................................................................................................76

| Table of Contents | vi

Settings........................................................................................................................................ 77 System......................................................................................................................................... 95 Continuous Traces.................................................................................................................... 105

Chapter 6: Security Profile.................................................................107 Security Control Panel.............................................................................................................. 108 Learned Behavior...................................................................................................................... 108 Alerts..........................................................................................................................................109 Manage Network Learning........................................................................................................ 110 Custom Checks: Assertions...................................................................................................... 115 Custom Checks: Specific Checks............................................................................................. 117 Alerts Customization..................................................................................................................118 Security Profile.......................................................................................................................... 119 Alerts Dictionary........................................................................................................................ 121 Incidents Dictionary................................................................................................................... 127 Packet rules...............................................................................................................................128 Hybrid Threat Detection............................................................................................................ 131

Chapter 7: Vulnerability Assessment................................................133 Basics........................................................................................................................................ 134 Passive detection...................................................................................................................... 135 Configuration..............................................................................................................................136

Chapter 8: Smart Polling.................................................................... 137 Strategies...................................................................................................................................138 Configurations............................................................................................................................138 Extracted information.................................................................................................................140

Chapter 9: Queries.............................................................................. 143 Overview.................................................................................................................................... 144 Reference.................................................................................................................................. 145 Examples................................................................................................................................... 153

Chapter 10: Maintenance....................................................................157 System Overview.......................................................................................................................158 Data Backup and Restore.........................................................................................................159 Reboot and shutdown............................................................................................................... 160 Software Update and Rollback................................................................................................. 161 Data Factory Reset................................................................................................................... 163 Support...................................................................................................................................... 163

Chapter 11: Central Management Console.......................................165 Overview.................................................................................................................................... 166 Deployment................................................................................................................................167 Settings...................................................................................................................................... 168 Connecting Appliances..............................................................................................................168 Troubleshooting......................................................................................................................... 169 Propagation of users and user groups..................................................................................... 170 CMC connected appliance - Date and Time............................................................................ 170 Appliances List.......................................................................................................................... 171 Appliances Map......................................................................................................................... 173 HA (High Availability)................................................................................................................ 175 Alerts..........................................................................................................................................177 Functionalities Overview............................................................................................................178

| Table of Contents | vii

Updating.....................................................................................................................................179 Single-Sign-On through the CMC............................................................................................. 179

Chapter 12: Remote Collector............................................................181 Overview.................................................................................................................................... 182 Deployment................................................................................................................................183 Using a Guardian with connected Remote Collectors.............................................................. 187 Troubleshooting......................................................................................................................... 188 Updating.....................................................................................................................................189

Chapter 13: Configuration.................................................................. 191 Editing Configuration files..........................................................................................................192 Basic configuration rules........................................................................................................... 193 Configuring nodes..................................................................................................................... 198 Configuring links........................................................................................................................ 200 Configuring variables.................................................................................................................202 Configuring protocols.................................................................................................................205 Configuring trace....................................................................................................................... 208 Configuring Time Machine........................................................................................................ 210 Configuring retention................................................................................................................. 211 Configuring Bandwidth Throttling.............................................................................................. 213

Chapter 14: Compatibility reference................................................. 215 SSH compatibility...................................................................................................................... 216

Chapter

1 Preliminaries Topics: •

Prepare a Safe and Secure Environment

In this chapter you will receive preliminary information to get a Guardian or a CMC properly and securely installed.

Prepare a Safe and Secure Environment Before starting the installation process, some preliminary information need to be checked to ensure optimal and secure operation of the system. If you are installing a physical appliance, install it in a location that has been physically secured and to which only authorized personnel can have access. Observe the following precautions to help prevent potential issues for property damage, personel injury or death. • • •

• •

• •

Do not use damaged equipment, including exposed, frayed or damaged power cables. Do not operate the appliance with any covers removed. Choose a suitable location for the appliance: it should be situated in a clean, dust-free area that is well ventilated. Avoid area where heat, electrical noise and electromagnetic fields are generated. Avoid areas where it can get wet. Protect the appliance from liquid intrusion. If the appliance gets wet disconnect power to the appliance. Use a regulating uninterruptible power supply (UPS) to protect the appliance from power surges, voltage spikes and to keep your system operating in case of a power failure. A reliable ground must be maintained at all times. To ensure this, the rack itself should be grounded and the appliance chassis should be connected for grounding to the rack via the provided appliance grounding cable. It should be mounted into a rack or otherwise placed so that the amount of airflow required for safe operation is not compromised. If mounted into a rack it should be placed so that a hazardous condition does not arise due to uneven mechanical loading.

If you are installing a virtual appliance, contact your virtual infrastructure manager to ensure that all the possible precautions are put in place to guarantee that the system's console is only accessible to authorized personnel only. The appliance's management port should get an IP address assigned in a dedicated management VLAN, so that access to it can be controlled at different levels and restricted only to a selected set of hosts and people. Before connecting any SPAN/mirror port to the appliance, ensure that the configuration on the switch/ router/firewall or other networking device has been set in order to allow only traffic in output. The appliance's ports are configured in order to read only the traffic and not inject any packet, however to prevent any human error (e.g. a span port cable put into the management port) it's useful to check that no packet can be injected from those ports.

Chapter

2 Installation Topics: • • • • • •

Installing a Physical Appliance Installing on Virtual Hardware Installing the Container Setup Phase 1 Setup Phase 2 Additional settings

In this chapter you will receive the fundamental information necessary to get both Nozomi Networks Solution physical and virtual appliances up and running. Further information on additional configuration is given in the Configuration chapter. Maintenance tasks are described in the Maintenance chapter.

| Installation | 12

Installing a Physical Appliance If you have purchased a physical appliance from Nozomi Networks, it is already configured with the latest stable release of Nozomi Networks Solution N2OS. The first phase of the configuration needs to attach to the serial console of the appliance, using a nullmodem serial cable. N1000, N750 and P500 appliances use an RJ45 Console plug, NSG-L and NSGM Series have a USB serial plug, while the R50 and R150 need a DB9 serial plug. Once the cable is connected, open a terminal emulator, that can be Hyper Terminal or Putty on Windows and cu or minicom on macOS and other *nix platforms. Connect setting the speed to 9600 bauds and no parity bit set. The appliance will show a login prompt. Now proceed to the section Setup Phase 1 on page 15.

Installing on Virtual Hardware Installation on Virtual Hardware has been tested on a variety of OVA-compatible environments. However, the current release of N2OS officially supports these hypervisors: 1. 2. 3. 4.

VMware ESXi 5.5 or newer HyperV...