Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - INSTALLATION REV1 Installation Manual
  1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Software
  5. SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - INSTALLATION...
  6. Installation manual
Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - INSTALLATION REV1 Installation Manual

Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - INSTALLATION REV1 Installation Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Security Threat Response Manager
STRM Installation Guide
Release 2008.2 R2
Juniper Networks, Inc.
1194 North Mathilda Avenue
Sunnyvale, CA 94089
USA
408-745-2000
www.juniper.net
Part Number: 530-027290-01, Revision 1

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - INSTALLATION REV1 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - INSTALLATION REV1

Summary of Contents for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - INSTALLATION REV1

  • Page 1 Security Threat Response Manager STRM Installation Guide Release 2008.2 R2 Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 408-745-2000 www.juniper.net Part Number: 530-027290-01, Revision 1...
  • Page 2 Juniper Networks or their respective owners. All specifications are subject to change without notice. Juniper Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

  • Page 3: Table Of Contents

    ONTENTS BOUT UIDE Conventions Technical Documentation Contacting Customer Support REPARING NSTALLATION Deploying STRM Additional Hardware Requirements Additional Software Requirements Browser Support Preparing Your Network Hierarchy Identifying Network Settings Identifying Security Monitoring Devices and Flow Data Sources Identifying Network Assets STRM NSTALLING Setting Up Appliances Installing STRM Using Red Hat Enterprise 4.6...
  • Page 4 NDEX...

  • Page 5: Bout His Uide

    Qmmunity web site, locate the product and software release for which you require documentation. Your comments are important to us. Please send your e-mail comments about this guide or any of the Juniper Networks documentation to: documentation@Juniper.net. Include the following information with your comments: Document title •...
  • Page 6 BOUT UIDE • Access Qmmunity and Self-Service support using e-mail: support@juniper.net Telephone assistance: 1.866.377.7000. • STRM Installation Guide...

  • Page 7: Preparing For Your Installation

    REPARING NSTALLATION This chapter provides information for when planning your STRM deployment including: Deploying STRM • Additional Hardware Requirements • Additional Software Requirements • Browser Support • Preparing Your Network Hierarchy • Identifying Network Settings • Identifying Security Monitoring Devices and Flow Data Sources •...
  • Page 8 REPARING NSTALLATION Deploying STRM You can deploy STRM using STRM appliances or STRM software installed on your own hardware. This section provides information on deploying STRM including: STRM Components • A STRM appliance includes STRM software and a CentOS-4 operating system. For further information on STRM appliances, see the Hardware Installation Guide.

  • Page 9: Additional Hardware Requirements

    Additional Hardware Requirements Event Processor - Processes events collected from one or more Event • Collector(s). Once received, the Event Processor correlates the information from STRM and distributes to the appropriate area, depending on the type of event. The Event Processor also includes information gathered by STRM to indicate any behavioral changes or policy violations for the event.

  • Page 10: Identifying Network Settings

    REPARING NSTALLATION You can create your network based on many different variables, including geographical or business units. For example, your network hierarchy may include corporate IP address ranges (internal or external), physical departments or areas, mails servers, and web servers. Once you define the components you wish to add to your network hierarchy and install STRM, you can then configure the network hierarchy using the STRM interface.

  • Page 11: Identifying Security Monitoring Devices And Flow Data Sources

    Identifying Security Monitoring Devices and Flow Data Sources E-mail Server • NTP Server (Console only) or Time server • Identifying Security STRM can collect and correlate events received from external sources such as Monitoring Devices security equipment (for example, firewalls, VPNs, or IDSs) and host or application and Flow Data security logs, such as, window logs.

  • Page 12: Identifying Network Assets

    REPARING NSTALLATION • Credibility indicates the integrity of an event or offense as determined by the credibility rating from source devices. Credibility increases as multiple sources report the same event. Identifying Network STRM can learn about your network and server infrastructure based on flow data. Assets The Server Discovery function uses STRM’s Asset Profile database to discover many types of servers.
  • Page 13 Identifying Network Assets STRM Installation Guide...

  • Page 15: Installing Strm

    STRM NSTALLING This chapter provides information on installing your STRM system using one of the following options: • Setting Up Appliances Installing Japanese Support • Installing STRM Using Red Hat Enterprise 4.6 • Accessing STRM • Setting Up A STRM appliance includes STRM software and a CentOS-4 operating system. Appliances This section provides information on setting up your appliance.
  • Page 16 STRM NSTALLING The End User License Agreement (EULA) appears. Read the information in the window. Press the Spacebar to advance each window Step 5 until you have reached the end of the document. Type yes to accept the agreement, then press Enter. The activation key window appears.
  • Page 17 Setting Up Appliances Using the up/down arrow keys, highlight the method you wish to use to set the date Step 8 and time, then use the spacebar to select that option: Manual - Allows you to manually input the time and date. Use the Tab key to •...
  • Page 18 STRM NSTALLING The Time Zone Region window appears. Note: The options that appear in this window are regions that are associated with the continent or area previously selected. Using the up/down arrow keys, or the page up/page down keys, select your time zone region.

  • Page 19: Installing Strm Using Red Hat Enterprise

    Installing STRM Using Red Hat Enterprise 4.6 To configure the STRM root password: Step 13 Enter your password. Use the TAB key to move to the Next option. Press Enter. The Confirm New Root Password window appears. Re-enter your new password to confirm. Use the TAB key to move to the Finish option.
  • Page 20 STRM NSTALLING Place the STRM CD in the CD drive. Step 4 Login as root. Step 5 Mount the CD drive and change the CD content location: Step 6 mount /media/cdrom cd /media/cdrom Begin the installation: Step 7 ./setup The End User License Agreement (EULA) appears. Read the information in the window.
  • Page 21 Installing STRM Using Red Hat Enterprise 4.6 Using the up/down arrow keys, highlight one of the following options and use the Step 10 spacebar to select that option: Yes - Select this option only if this system is a Console. If you select this option, •...
  • Page 22 STRM NSTALLING • Server - Allows you to specify your time server. Use the Tab key to select the Next option. Press Enter. The Enter Time Server window appears. Go to Step To manually enter the time and date: Step 13 Enter the current date and time.
  • Page 23 Installing STRM Using Red Hat Enterprise 4.6 To select the time zone continent: Step 15 Using the up/down arrow keys, or the page up/page down keys, select your time zone continent or area. Using the left/right arrow keys, select Next, then press Enter. The Time Zone Region window appears.

  • Page 24: Installing Japanese Support

    STRM NSTALLING Use the TAB key to move to the Next option. Press Enter. The New Root Password window appears. To configure your STRM root password: Step 17 Enter your password. Use the TAB key to move to the Next option. Press Enter. The Confirm New Root Password window appears.

  • Page 25: Accessing Strm

    Accessing STRM web site, your Report templates will be replaced to ensure that the appropriate font and characters appear in the Reports interface. Note: To display reports in PDF format, Adobe Acrobat may require the installation of a Japanese plug-in to view your reports. For more information, see your Adobe documentation.
  • Page 26 STRM NSTALLING Where <root password> is the password assigned to STRM during the installation process. Click Login To STRM. Step 3 For your STRM Console, a default key provides you access to STRM for five weeks. For more information on the license key, see the STRM Administration Guide.

  • Page 27: A Setting U P Red Hat Enterprise

    ETTING NTERPRISE STRM supports the 32-bit version of Red Hat Enterprise 4 Update 6. This appendix provides information on setting up Red Hat Enterprise including: Before You Begin • Configuring Network Parameters • Configuring Firewall Configuration • Configuring Disk Partitions •...

  • Page 28: Configuring Network Parameters

    ETTING NTERPRISE CAUTION: If the hardware on which you wish to install STRM includes Red Hat Enterprise 4 Update 6, you must re-install Red Hat Enterprise from the CD using the minimal package option. The default Red Hat Enterprise 4 Update 6 installation does not have the appropriate options selected.

  • Page 29: Installing Red Hat Enterprise

    Installing Red Hat Enterprise 4 Update 6 For multi-disk deployments only, configure the following partitions for the Console: /store as RAID5 - Stores STRM data. Choose EXT3 as the file system type. • FLOWLOGS and DB are located in the Store partition. In a system with five •...

  • Page 30: Customizing Red Hat Upgrades

    ETTING NTERPRISE grub The grub command line prompt appears. Enter the following command using the values recorded in Step Step 6 geometry (hd0) <x-value> heads, <y-value> sectors/track, <z-value> cylinders Enter the following command: Step 7 root (hd0,0) Enter the following command: Step 8 setup (hd0) Enter the following command:...

  • Page 31: Hanging Etwork Ettings

    HANGING ETWORK ETTINGS This appendix provides information on changing network settings for the Console and non-Console systems when using Trustix or CentOS-4 operating systems in your deployment including: Changing Network Settings in an All-in-One Console • Changing the Network Settings of a Console in a Multi-System Deployment •...
  • Page 32 HANGING ETWORK ETTINGS Secondary DNS - Optional. Specify the secondary DNS server. • Public IP - Optional. Specify the Public IP address of the server. This is a • secondary IP address that is used to access the server, usually from a different network or the Internet, and is managed by your network administrator.
  • Page 33 Changing the Network Settings of a Console in a Multi-System Deployment Use the right mouse button (right-click) to access the menu, select Remove host. Step 6 Repeat for each non-Console managed host until all hosts are deleted. From the Administrative Console menu, select Configurations > Deploy Step 7 Configuration Changes.
  • Page 34 HANGING ETWORK ETTINGS Re-Adding Managed To re-add the managed host(s) and re-assign component(s), you must: Host(s) and Re-Assigning the Components Log in to STRM and access the System View in the Deployment Editor, as defined Step 1 Step Removing Non-Console Managed Hosts.
  • Page 35 Changing the Network Settings of a Non-Console in a Multi-System Deployment Changing the To change the network settings of a non-Console in a multi-system deployment, Network Settings of you must remove all non-Console managed host from the deployment, change the a Non-Console in a network settings, re-add the managed host, and then re-assign the component(s).
  • Page 36 HANGING ETWORK ETTINGS qchange_netsetup The Network Settings window appears. Using the up/down arrow keys to navigate the fields, make the necessary changes Step 3 to the following parameters: • Hostname — Specify a fully qualified domain name as the system hostname. Note: If you change the hostname and you are using Offense Resolution, we recommend you also update the Resolver Agent name, if a Resolver Agent is assigned to the host.
  • Page 37 Changing the Network Settings of a Non-Console in a Multi-System Deployment Enter the root password of the host — Specify the root password for the • host. Confirm the root password of the host — Specify the password again, for •...
  • Page 39 NDEX about this guide 1 Japanese support 21 appliances setting-up 11 Magistrate definition 5 browser support 6 network assets Classification Engine identifying 9 definition 4 network hierarchy configuring disk partitions 24 preparing 6 configuring firewall configuration 24 network settings configuring network parameters 24 identifying 7 Console definition 4...
  • Page 40 NDEX Up2Date customizing 26 Update Daemon definition 4 STRM Installation Guide...

This manual is also suitable for:

Security threat response manager

Table of Contents