Page 1
IBM Security IBM Security SiteProtector System SP3001 Hardware Configuration Guide V ersion 3.0...
Page 2
Before using this information and the product it supports, read the information in “Notices” on page 37. This edition applies to Version 3.0 of the IBM Security SiteProtector System and to all subsequent releases and modifications until otherwise indicated in new editions.
Chapter 1. Introduction to the Setting the date and time . . 19 SiteProtector SP3001 Appliance ..1 How to Use the SP3001 appliance documentation . Chapter 5. Optional configuration tasks 21 What is the SiteProtector SP3001 appliance? .
Check IBM Technotes, accessible through the IBM Support Portal. If you are unable to find an answer or a solution in the Support portfolio or in the IBM Technotes, check to be sure your company or organization has an active IBM maintenance contract, and that you are authorized to submit a problem to IBM, before you contact IBM Support.
Page 6
Whenever possible, IBM Support provides a workaround that you can implement until the APAR is resolved and a solution is delivered to you. IBM publishes resolved APARs on the IBM Support website daily, so that other users who experience the same problem can benefit from the same resolution.
Use this guide along with other SiteProtector documentation to find the information you need. We explain how the information in the IBM Security SiteProtector System SP3001 Hardware Configuration Guide is organized and list other documents in the SiteProtector documentation suite that you may use to configure SiteProtector.
Document Content IBM Security SiteProtector System SP3001 Quick Start Guide Contains the minimal information required to configure SiteProtector SP3001 appliance hardware and to connect it to the Console. If you are an experienced hardware administrator and do not need significant background...
SiteProtector SecurityFusion module Event Archiver Included licenses The SiteProtector SP3001 appliance includes licenses for the SiteProtector Reporting component, IBM Security Server Protection for Windows, and the SecurityFusion module. SiteProtector components The SiteProtector SP3001 appliance consists of required and optional SiteProtector components that provide the base functionality necessary to accept, monitor, and analyze network events.
An embedded version of the IBM Security Server Protection for Windows is installed and configured on the SiteProtector SP3001 appliance hardware and is delivered with a security policy that is predefined for the SiteProtector SP3001 appliance's operating system and configuration.
Page 11
IBM Security Server Protection features The following table describes the IBM Security Server Protection features that are enabled on the SiteProtector SP3001 appliance: Feature Description Intrusion prevention IBM Security Server Protection includes an intrusion prevention system that alerts you to attacks and blocks threats to the SiteProtector SP3001 appliance and to your network.
You must configure some basic SiteProtector SP3001 appliance settings -- IP address, subnet mask, default gateway, DNS server, and host name -- using the appliance's LCD panel. After the SiteProtector SP3001 is initially configured, management of the appliance is performed primarily through a Remote Desktop session using standard operating system tools.
IBM Security Server Protection for Windows, formerly IBM Proventia Server Intrusion Prevention System (IPS), is designed to provide optimum protection in typical environments. IBM Security Server Protection is configured to block suspicious activity and certain types of communication. See the IBM Security Server Protection for Windows User Guide for more information.
Page 15
SiteProtector SP3001 appliance will use. Example: 192.168.1.1 Your setting: Cables required checklist You must use certain cables to connect the SiteProtector SP3001 appliance to the network and to a power source. These cables are included with the SiteProtector SP3001 appliance: Item Ethernet cable Two (2) Power cords (included with the SiteProtector SP3001 appliance hardware) Chapter 2.
Chapter 3. Connecting and configuring the SiteProtector SP3001 appliance The first step is to connect the SiteProtector SP3001 appliance hardware to the network so that you can begin managing the SiteProtector SP3001 appliance. This chapter provides procedures for configuring the SiteProtector SP3001 appliance to communicate with the network and for starting the SiteProtector Console.
Prerequisites Before you configure your SiteProtector SP3001 appliance, you must have completed the following tasks: v Ensure that you meet the requirements for configuring the SiteProtector SP3001 appliance. See “Requirements and considerations” on page 7. v Gather the initial configuration items, including cables and network information.
Follow these instructions to connect the SiteProtector SP3001 appliance. Procedure 1. Connect the power cords to the SiteProtector SP3001 appliance and to the power source. Important: You must connect both power cords to the SiteProtector SP3001 appliance to prevent warning signals from sounding.
Referred to as the ENTER button. Entering Network Information Procedure 1. Locate the LCD panel on the front of the SiteProtector SP3001 appliance, and make sure that “IBM Security SiteProtector SP3001” appears on the screen. 2. Press the ENTER button. The Appliance PIN screen appears.
What to do next You have now connected the SiteProtector SP3001 appliance to the network using the LCD panel, so you are ready to download the SiteProtector Console and point it to the appliance. From the SiteProtector Console, you can install licenses.
4. Log in using the SiteProtector SP3001 appliance's IP address. 5. Do the following: In this Field... Type the following... Administrator User Name Password ISSADMIN Note: Change this password as soon as possible. See “Securing SP3001 appliance passwords” on page 6. Click OK. SiteProtector System: SP3001 Hardware Configuration...
SiteProtector Console. This chapter provides procedures for using the Console to perform these tasks. Important: If you used the procedures in the IBM Security SiteProtector System SP3001 Quick Start Guide to connect the SiteProtector SP3001 appliance, start here to continue the configuration process.
1. Start the SiteProtector Console and log in. 2. Select the System view. 3. In the left pane, expand the site node for the SiteProtector SP3001 appliance site, and then click the Appliance icon. 4. Select the "Click here to connect to appliance" hyperlink. Clicking the hyperlink establishes a Remote Desktop session with the SiteProtector SP3001 appliance.
1. Start the SiteProtector Console and log in. 2. Select the System view. 3. In the left pane, expand the site node for the SiteProtector SP3001 appliance site, and then click the Appliance icon. 4. Select the "Click here to connect to appliance" hyperlink. Clicking the hyperlink establishes a Remote Desktop session with the SiteProtector SP3001 appliance.
1. Start the SiteProtector Console and log in. 2. Select the System view. 3. In the left pane, expand the site node for the SiteProtector SP3001 appliance site, and then click the Appliance icon. 4. Select the "Click here to connect to appliance" hyperlink. Clicking the hyperlink establishes a Remote Desktop session with the SiteProtector SP3001 appliance.
1. Start the SiteProtector Console and log in. 2. Select the System view. 3. In the left pane, expand the site node for the SiteProtector SP3001 appliance site, and then click the Appliance icon. 4. Select the "Click here to connect to appliance" hyperlink. Clicking the hyperlink establishes a Remote Desktop session with the SiteProtector SP3001 appliance.
Page 29
About this task A hyperlink available on the SiteProtector Console initiates a Remote Desktop session on the SP3001 appliance desktop. Procedure 1. Start the SiteProtector Console and log in. 2. Select the System view. 3. Select the Appliance entry from the left pane.
Page 30
7. Close the Remote Desktop session. SiteProtector System: SP3001 Hardware Configuration...
If your SiteProtector SP3001 appliance has failed and cannot be recovered, you should return the SiteProtector SP3001 appliance to its factory defaults. Important: When you restore the SiteProtector SP3001 appliance, you erase all the user data that is stored in the database, including events, policies, responses, and tickets. After you restore the SiteProtector SP3001 appliance, you must completely reconfigure the SiteProtector SP3001 appliance.
Page 34
Electrical voltage and current from power, telephone, and communication cables are hazardous. To avoid a shock hazard: v Connect power to this unit only with the IBM ISS provided power cord. Do not use the IBM ISS provided power cord for any other product.
Page 35
Exchange only with the IBM ISS-approved part. Recycle or discard the battery as instructed by local regulations. In the United States, IBM ISS has a process for the collection of this battery. For information, call 1-800-426-4333. Have the IBM ISS part number for the battery unit available when you call.
Page 36
US English source. Before using a US English publication to install, operate, or service this IBM ISS product, you must first become familiar with the related safety information in the booklet. You should also refer to the booklet any time you do not clearly understand any safety information in the US English publications.
Page 37
(IT) equipment to responsibly recycle their equipment when it is no longer needed. IBM offers a variety of product return programs and services in several countries to assist equipment owners in recycling their IT products. Information on IBM ISS product recycling offerings can be found on IBM's Internet site at http:// www.ibm.com/ibm/environment/...
Page 38
States, go to http://www.ibm.com/ibm/environment/products/ batteryrecycle.shtm or contact your local waste disposal facility. In the United States, IBM has established a return process for reuse, recycling, or proper disposal of used IBM sealed lead acid, nickel cadmium, nickel metal hydride, and other battery packs from IBM equipment.
Page 39
Note: Properly shielded and grounded cables and connectors must be used in order to meet FCC emission limits. IBM is not responsible for any radio or television interference caused by using other than recommended cables and connectors, by installation or use of this equipment other than xvi IBM Internet Security Systems as specified in the installation manual, or by any other unauthorized changes or modifications to this equipment.
Page 40
This product is in conformity with the protection requirements of EU Council Directive 2004/108/ EEC on the approximation of the laws of the Member States relating to electromagnetic compatibility. IBM ISS cannot accept responsibility for any failure to satisfy the protection requirements resulting from a non-recommended modification of the product, including the fitting of non-IBM ISS option cards.
Page 41
This product is a Class A Information Technology Equipment and conforms to the standards set by the Voluntary Control Council for Interference by Information Technology Equipment (VCCI). In a xviii IBM Internet Security Systems domestic environment, this product may cause radio interference in which case the user may be required to take adequate measures.
Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead.
Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at Copyright and trademark information at www.ibm.com/ legal/copytrade.shtml.
IBM systems, products and services are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective.
SNMP 8 appliance 14 SP Core 3 SP3001 appliance v SP3001 back panel 13 SP3001 front panel 12 starting the SiteProtector SP3001 21 Event Archiver 3 support v Event Collector 3 technical support, IBM Security v firewall 5 traffic allowed on the appliance 8...