• No results found

DEPLOYMENT GUIDE. This document gives a brief overview of deployment preparation, installation and configuration of a Vectra X-series platform.

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "DEPLOYMENT GUIDE. This document gives a brief overview of deployment preparation, installation and configuration of a Vectra X-series platform."

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

This document gives a brief overview of deployment preparation, installation and configuration of a Vectra X-series platform.

Traffic Requirements

The Vectra X-series platform detects threats and attacks by listening to network traffic between users and both the Internet and applications in the data center. The more traffic available to the X-series platform, the better it can provide early detections of threats or an attack.

The X-series platform must see bidirectional traffic flows for accurate detection.

The table below outlines types of network traffic to which visibility is required or desired for the Vectra platform to deliver optimal results in detecting attacks.

Traffic Type Required Desired

User to the Internet

User to data center applications, file servers, databases

DNS traffic*

User to DHCP

User to authentication services (e.g. Active Directory, LDAP)

User to user

* For optimal results, the platform needs visibility into traffic both from users to your organization’s DNS servers and from those DNS servers to external DNS servers. The next best option would be visibility into traffic from users to your DNS servers. The minimum requirement for results is visibility into traffic between your DNS server and external DNS servers.

Seeing user-to-user traffic is valuable in detecting reconnaissance and lateral movement of threats inside a campus network.

Deployment Preparation Location

The optimal location to deploy the Vectra X-series platform is at the core aggregation layer in a campus. At this location, the X-series platform will see all traffic between users and both the Internet and the data center, including authentication services such as Active Directory and LDAP. In addition, it will most likely see traffic from users to local DNS and DHCP servers as well as some traffic between users. (see diagram)

1 | ©2014 Vectra Networks, Inc.

Internet

Data Center RouterWAN

SwitchCore

Vectra Firewall

(2)

As an option, the Vectra X-series platform can also be deployed as close to the network egress point as possible so it will see traffic between users and the Internet, local applications, file servers and databases and well as traffic from local to external DNS.

Special Deployment Considerations

As network address translation (NAT) is generally used at the Internet gateway, it will obscure the originating IP address used in the local network. For this reason, the X-Series platform should be deployed on the internal side of the device performing NAT to see traffic that will enable it to both detect threats and attacks, and attribute them to internal hosts.

If a non-transparent Web proxy is used, it will similarly obscure the originating IP addresses used in the local network. The Vectra X-series platform must see the internal side of the Web proxy traffic and DNS traffic that will allow it to determine the IP addresses for domains providing external services.

Capacity Planning

The Vectra X-series platforms are available for different bandwidth capacities. To best determine the amount of traffic bandwidth the X-series platform will see, obtain the average and peak information rate from the upstream router or firewall. The Vectra X4 platform has four Gigabit Ethernet (GbE) ports for network monitoring and is rated for an aggregate processing capacity of 1 Gbps. The Vectra X20 platform has two 10 Gigabit Ethernet (10 GbE) ports for network monitoring and is rated for an aggregate processing capacity of 5 Gbps.

Connectivity

The Vectra X-series platform is deployed in passive mode, so it is never in the direct flow of traffic between a user and either the Internet or the data center.

The X-series can connect to a mirror port on a core network switch using the Switch Port Analyzer (SPAN) feature, or TAP port.

The SPAN/TAP feed should carry end-user network traffic to the Internet and the Data Center.

Space Planning

The Vectra X-series platforms must be mounted in a standard 19-inch server rack or cabinet.

The Vectra X4 platform occupies one rack unit (RU) and the Vectra X20 platform occupies two RUs. Below are the physical specifications for the Vectra X-series platforms.

Vectra X4 Vectra X20

Height x Width x Depth 1.7” x 17.2” x 31”

43 mm x 437 mm x 787 mm 3.5” x 17.2” x 31”

89 mm x 437 mm x 787 mm

Weight 48 lbs, 21.8 kg 54 lbs, 24.5 kg

2 | ©2014 Vectra Networks, Inc.

(3)

3 | ©2014 Vectra Networks, Inc.

Power

The Vectra X-series platforms have autosensing power supplies. The table below specifies the power requirements for the Vectra platforms.

Vectra X4 Vectra X20

Input Voltage Autosensing 100 – 240 VAC, 50 – 60 Hz

Power, current 7.5 – 18 A, 1800 W

Initial Configuration

The table below provides the information you will need to complete the configuration of the Vectra X-series platform.

Network Service Information Needed

Vectra Platform management interface IP address, subnet mask, default gateway Domain Name Service (DNS) Server IP address

Network Time Protocol (NTP) Server Hostname or IP address

SMTP (E-mail) Server* Hostname or IP address

Syslog Server* Hostname or IP address

* Optional

Connecting to the CLI

The Vectra X-series platforms are easily set-up through their command line interface (CLI) by providing an IP address for the management interface and the gateway.

Use one of the two methods below to connect to the Vectra X-series (CLI).

STEP 1: Choose a Connection Method Connection Method 1

1. Connect a monitor and keyboard to the VGA and USB ports on the rear of the Vectra X-series platform. (Below: rear-view of the Vectra X4 platform with USB and VGA ports circled.)

2. Login at the shell prompt with username “vectra” and password

“youshouldchangethis”.

3. Set the password using the following command syntax:

» set password [new password]

IPMI

USB1

USB2 MGT1 MGT2 VGA

GIGABIT ETHERNET 1 - 4

(4)

Connection Method 2

1. Connect a laptop to management port 2 (MGT2) via an Ethernet cable. The port is autosensing, so a straight through cable will work. The label ‘LAN2’ is stamped into the sheet metal below port MGT2. (Below: rear-view of the Vectra X20 platform with MGT1 and MGT2 ports circled.)

2. Manually set the laptop’s IP address to 169.254.0.11 with a subnet mask of 255.255.0.0

3. From a console window, connect to the Vectra X-series platform via secure shell with username “vectra”.

» ssh [email protected]

4. Login with the password “youshouldchangethis”.

5. Set the password using the following command syntax:

» set password [new password]

STEP 2: Configure the Management Interface

Once you are connected to the Vectra X-series CLI, follow the instructions below to set the IP address.

1. Set the IP address of MGT1 using the following command syntax

» set interface mgt1 ip [ip address] netmask [netmask]

gw [gateway IP address]

Where [ip address], [netmask], and [gateway IP address] are the actual ip address, mask, and gateway address you wish to assign to the machine and are described in the table above.

» set interface mgt1 ip 10.0.4.142 netmask 255.255.255.0 gw 10.0.4.1

2. Verify the IP address has been set with the following command syntax

» show interface mgt1

Below is an example of what the show command will display.

» show interface mgt1 mgt1 :

gw : 10.1.1.1 ip : 10.1.1.198

netmask : 255.255.255.0

3. Logout of the CLI using the “exit” command demonstrated below.

» exit

4 | ©2014 Vectra Networks, Inc.

(5)

You can now disconnect from the CLI and remove the static IP of the laptop if using method 2.

You can connect MGT1 port of your Vectra X-series platform to your network using a standard Ethernet cable. The label ‘LAN1’ is stamped into the sheet metal below port MGT1.

Connecting to the User Interface

From a computer attached to the network, connect to the Vectra X-series platform with a standard Web brower (e.g., Firefox, Chrome, Safari, IE version 9 or newer).

1. Enter “https://[IP address for MGT1]” into the address line of the brower.

(e.g., https://10.1.1.198)

2. Login with username “admin” and password “youshouldchangethis.”

3. Navigate to the settings icon (a gear icon in the upper right corner) and use

‘change password’ to change the password for the default account, using a mix of alphanumeric and special characters.

4. Configure the remaining settings

• Domain name service IP address; the system default is the Google domain name service.

• Network time protocol server IP address or hostname; the system default is the Ubuntu network time protocol servers.

• Custom e-mail alerts to selected recipients for high-severity threats (optional).

• Syslog integration for detected threats and their contextual information (optional).

The Vectra platform needs network access outlined in the table below that may require modification of firewall rules.

Access Source IP Destination IP Port

Web User Interface Remote Admin Machine MGT1 443

Vectra Cloud Service MGT1 update.glassprism.com 443

Vectra Cloud Update MGT1 update.glassprism.com 443

DNS Service MGT1 DNS Server 53

NTP Service MGT1 NTP Server 123

E-mail Alerts* MGT1 E-mail Server 25

Syslog Integration* MGT1 Syslog Server 514

* Optional

Support

For additional support, contact us directly at +1-408-326-2020 or

[email protected], or visit www.vectranetworks.com/support.

5 | ©2014 Vectra Networks, Inc.

References

Download now ( PDF - 5 Page - 236.66 KB )

Related documents

Risk factors associated with late preterm births in the underdeveloped region of China: A cohort study and systematic review

The purpose of this study was to investigate the risk factors associated with late preterm births in Sichuan Province, China, and to perform a systematic review of the literature

AS-TRUST: A Trust Quantification Scheme for Autonomous Systems in BGP

Our im- plementation of AS-TRUST scheme using publicly available BGP traces demonstrates: (1) the number of ASes involved in violating the BGP behavioral assumptions is significant,

Leveraging the Opportunities in the Affordable Care Act: A Community Clinic & Health Center Patient Centered Health Home Proposal

Recognizing the role that managed care plans will need to play in identifying patients, coordinating care management activities, and providing data on total health system

The Cloud as a Platform

• Moving old systems to the cloud and developing new tools through the cloud gives your business the agility to scale up to meet rising demands without having to constantly invest

Egress Switch Client Deployment Guide V4.x

Email_Verification_Checks: Enable this option to verify that the signed in Switch ID and senders email address match. Use this option with caution if sending from shared mailboxes

A quick guide to trademark use for Trademark Service licensees promoting FSC certified products. Forest Stewardship Council October 2013

The FSC logo, the initials ‘FSC’ and the name ‘Forest Stewardship Council’ are registered trademarks, and therefore a trademark symbol must accompany the.. trademarks in

temazcal

La cabaña en sí tiene forma redonda y está construida con 16 ramas verticales que se amarran formando dos cruces de 4 direcciones iguales, que representan a los 16 espíritus sagrados

About Maranaos

The spread of Islamic religion in Marawi, the capital of the province of Lanao del Sur, and the only The spread of Islamic religion in Marawi, the capital of