Getting started with strm log management appliances (10 pages)
Summary of Contents for Juniper SECURITY THREAT RESPONSE MANAGER - SOFTWARE INSTALLATION REV 1
Page 1
Security Threat Response Manager STRM Software Installation Guide Release 2008.2 Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 408-745-2000 www.juniper.net Part Number: 530-025619-01, Revision 1...
Page 2
Juniper Networks or their respective owners. All specifications are subject to change without notice. Juniper Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
Information that alerts you to potential personal injury. Technical You can access technical documentation, technical notes, and release notes Documentation directly from the Juniper networks Support Web site at http:// www.juniper.net/support Documentation We encourage you to provide feedback, comments, and suggestions so that we Feedback can improve the documentation.
BOUT UIDE Requesting • Open a support case using the Case Management link at Support or call 1-888-314-JTAC (from the United States, http://www.juniper.net/support/ Canada, or Mexico) or 1-408-745-9500 (from elsewhere). STRM Installation Guide...
REPARING NSTALLATION This chapter provides information for when planning your STRM deployment including: • Deploying STRM Additional Hardware Requirements • Additional Software Requirements • • Browser Support Preparing Your Network Hierarchy • Identifying Network Settings • • Identifying Security Monitoring Devices and Flow Data Sources Identifying Network Assets •...
Page 8
REPARING NSTALLATION Deploying STRM You can deploy STRM using STRM appliances or STRM software installed on your own hardware. This section provides information on deploying STRM including: • STRM Components A STRM appliance includes STRM software and a CentOS-4 operating system. For further information on STRM appliances, see the Hardware Installation Guide.
Page 9
Additional Hardware Requirements from STRM and distributes to the appropriate area, depending on the type of event. The Event Processor also includes information gathered by STRM to indicate any behavioral changes or policy violations for the event. Rules are applied to the events that allow the Event Processor to process according to the configured rules.
Page 10
REPARING NSTALLATION Once you define the components you wish to add to your network hierarchy and install STRM, you can then configure the network hierarchy using the STRM interface. For each component you wish to add to your network hierarchy, use the following table to indicate each component in your network map.
Page 11
Identifying Security Monitoring Devices and Flow Data Sources Identifying Security STRM can collect and correlate events received from external sources such as Monitoring Devices security equipment (for example, firewalls, VPNs, or IDSs) and host or application and Flow Data security logs, such as, window logs. Device Support Modules (DSMs) and Flow Sources Collectors allows you to integrate STRM with this external data.
Page 12
REPARING NSTALLATION Identifying Network STRM can learn about your network and server infrastructure based on flow data. Assets The Server Discovery function uses STRM’s Asset Profile database to discover many types of servers. Defining certain additional server and IP address types also improves tuning results.
STRM NSTALLING This chapter provides information on installing your STRM system using one of the following options: Setting Up Appliances • Installing Japanese Support • • Installing STRM Using Red Hat Enterprise 4.6 • Accessing STRM Setting Up A STRM appliance includes STRM software and a CentOS-4 operating system. Appliances This section provides information on setting up your appliance.
Page 16
STRM NSTALLING The End User License Agreement (EULA) appears. Read the information in the window. Press the Spacebar to advance each window Step 5 until you have reached the end of the document. Type yes to accept the agreement, then press Enter. The activation key window appears.
Page 17
Setting Up Appliances Using the up/down arrow keys, highlight the method you wish to use to set the date Step 8 and time, then use the spacebar to select that option: Manual - Allows you to manually input the time and date. Use the Tab key to •...
Page 18
STRM NSTALLING The Time Zone Region window appears. Note: The options that appear in this window are regions that are associated with the continent or area previously selected. Using the up/down arrow keys, or the page up/page down keys, select your time zone region.
Page 19
Setting Up Appliances your network. NAT translates an IP address in one network to a different IP address in another network. - Email Server - Specify the email server. If you do not have an email server, specify localhost in this field. Use the TAB key to move to the Next option.
Page 20
Obtain the STRM software and copy to a CD. Step 3 Note: To download the software from the Juniper Networks web site, go to http://support.juniper.net/. Click the Management Software link and log in. Go to the Security Threat Response Manager Link to download the software.
Installing STRM Using Red Hat Enterprise 4.6 Enter your activation key. Step 9 A series of messages appear as STRM continues with the installation. This process typically takes several minutes. The System Console window appears. Using the up/down arrow keys, highlight one of the following options and use the Step 10 spacebar to select that option: Yes - Select this option only if this system is a Console.
Page 22
STRM NSTALLING Using the left/right arrow keys, select Set Template. Press Enter. The Set Time and Date window appears. Using the up/down arrow keys, highlight the method you wish to use to set the time Step 12 and date, then use the spacebar to select that option: Manual - Allows you to manually input the time and date.
Page 23
Installing STRM Using Red Hat Enterprise 4.6 To select the time zone continent: Step 15 Using the up/down arrow keys, or the page up/page down keys, select your time zone continent or area. Using the left/right arrow keys, select Next, then press Enter. The Time Zone Region window appears.
Page 24
STRM NSTALLING - Primary DNS - Specify the primary DNS server. - Secondary DNS - Optional. Specify the secondary DNS server. - Public IP - Optional. Specify the Public IP address of the server. This is a secondary IP address that is used to access the server, usually from a different network or the Internet, and is managed by your network administrator.
To install the Japanese plug-in on a STRM appliance: an Appliance Set-up STRM. Step 1 Go to the Juniper Networks web site to download the plug-in: Step 2 http://support.juniper.net/ Click the Management Software link and log in. Go to the Security Threat Step 3 Response Manager Link to download the plug-in.
STRM NSTALLING ccessing STRM To access the STRM interface: Open your web browser. Step 1 Log in to STRM: Step 2 https://<IP Address> Where < > is the IP address of the STRM system. The default values IP Address are: Username: admin Password: <root password>...
ETTING NTERPRISE STRM supports the 32-bit version of Red Hat Enterprise 4 Update 6. This appendix provides information on setting up Red Hat Enterprise including: Before You Begin • Configuring Network Parameters • Configuring Firewall Configuration • Configuring Disk Partitions •...
Page 28
ETTING NTERPRISE CAUTION: If the hardware on which you wish to install STRM includes Red Hat Enterprise 4 Update 6, you must re-install Red Hat Enterprise from the CD using the minimal package option. The default Red Hat Enterprise 4 Update 6 installation does not have the appropriate options selected.
Installing Red Hat Enterprise 4 Update 6 /store as RAID5 - Stores STRM data. Choose EXT3 as the file system type. • • FLOWLOGS and DB are located in the Store partition. In a system with five drives, a suggested configuration includes: - disk 1 - boot, swap, OS, STRM temporary files, and log files - remaining disks - RAID 5, mounted as /store Note: Other STRM components do not require the storage partitions mentioned...
Page 30
ETTING NTERPRISE The grub command line prompt appears. Enter the following command using the values recorded in Step Step 6 geometry (hd0) <x-value> heads, <y-value> sectors/track, <z-value> cylinders Enter the following command: Step 7 root (hd0,0) Enter the following command: Step 8 setup (hd0) Enter the following command:...