McAfee IIP-S03K-NA-100I - IntruShield 3000 Sensor Appliance Product Manual
  1. Manuals
  2. Brands
  3. McAfee Manuals
  4. Accessories
  5. IIP-S03K-NA-100I - IntruShield 3000 Sensor...
  6. Product manual
McAfee IIP-S03K-NA-100I - IntruShield 3000 Sensor Appliance Product Manual

McAfee IIP-S03K-NA-100I - IntruShield 3000 Sensor Appliance Product Manual

Intrushield® ips
Hide thumbs
Table of Contents

Advertisement

Quick Links

McAfee® IntruShield® IPS
IntruShield Sensor 3000
version 4.1
McAfee
®
Network Protection
Industry-leading intrusion prevention solutions
IntruShield Sensor 3000 Product Guide
revision 6.0

Advertisement

Table of Contents
loading

Related Manuals for McAfee IIP-S03K-NA-100I - IntruShield 3000 Sensor Appliance

Summary of Contents for McAfee IIP-S03K-NA-100I - IntruShield 3000 Sensor Appliance

  • Page 1 IntruShield Sensor 3000 Product Guide revision 6.0 McAfee® IntruShield® IPS IntruShield Sensor 3000 version 4.1 McAfee ® Network Protection Industry-leading intrusion prevention solutions...
  • Page 2 The GPL requires that for any software covered under the GPL, which is distributed to someone in an executable binary format, that the source code also be made available to those users. For any such software covered under the GPL, the source code is made available on this CD. If any Free Software licenses require that McAfee provide rights to use, copy or modify a software program that are broader than the rights granted in this agreement, then such rights shall take precedence over the rights and restrictions herein.

  • Page 3: Table Of Contents

    Contents Preface ..................v Introducing McAfee IntruShield IPS ....................v About this guide ..........................v Contents of this guide......................v Audience ............................vi Conventions used in this guide .....................vi Related Documentation........................vii Contacting Technical Support...................... viii Chapter 1 An introduction to IntruShield sensors ....1 What is an IntruShield sensor?......................
  • Page 4 Cabling for in-line mode....................... 25 Cabling the I-3000 to monitor in in-line mode ..............25 Cabling for Tap mode ........................26 Cabling the I-3000 SFP ports to monitor in external tap mode ..........26 Cabling for SPAN mode....................... 26 Cabling the I-3000 sensor to monitor in SPAN or hub mode ..........26 Cabling the failover interconnection ports................26 Index ..................

  • Page 5: Preface

    Preface This preface provides a brief introduction to McAfee IntruShield, discusses the information in this document, and explains how this document is organized. It also provides information such as the supporting documents for this guide and how to contact McAfee Technical Support.

  • Page 6: Audience

    McAfee® IntruShield® IPS 4.1 Preface IntruShield Sensor 3000 Product Guide Audience • Chapter 4: Attaching Cables to the I-3000 Sensor (on page 21) describes how to attach monitoring and response cables to the sensor, and how to cable the sensor to operate in various operating modes.

  • Page 7: Related Documentation

    McAfee® IntruShield® IPS 4.1 Preface IntruShield Sensor 3000 Product Guide Related Documentation Convention Example Information that you must read Caution: before beginning a procedure or that alerts you to negative consequences of certain actions, such as loss of data is denoted using this notation.

  • Page 8: Contacting Technical Support

    Information http://www.mcafee.com/us/about/contact/index.html page. Note: McAfee requires that you provide your GRANT ID and the serial number of your system when opening a ticket with Technical Support. You will be provided with a user name and password for the online case submission.

  • Page 9: Chapter 1 An Introduction To Intrushield Sensors

    TCP connections, “scrubbing” malicious packets, and even blocking attack packets entirely before they reach the intended target. Sensor platforms McAfee offers multiple sensor platforms providing different bandwidth and deployment strategies.

  • Page 10: The Intrushield 3000 Sensor

    McAfee® IntruShield® IPS 4.1 An introduction to IntruShield sensors IntruShield Sensor 3000 Product Guide What is an IntruShield sensor? This document describes the I-3000 sensor. The IntruShield 3000 sensor The high-port-density IntruShield 3000 (the I-3000), designed for high-bandwidth links, is equipped to support six full-duplex Ethernet segments, or twelve SPAN ports transmitting no more than 1 Gbps for up to 1 Gbps of aggregated traffic.
  • Page 11 (optional, purchased separately). Power supply B is a hot- swappable, redundant power supply. This power supply also uses a standard IEC320-C13 port, and you can use the McAfee-provided cable or acquire one that meets your specific needs. The I-3000 does not have internal taps; it must be used with a 3rd party external tap to run in tapped mode.
  • Page 12 McAfee® IntruShield® IPS 4.1 An introduction to IntruShield sensors IntruShield Sensor 3000 Product Guide What is an IntruShield sensor? Status Description Power A Green Power Supply A is functioning. Amber Power Supply A is not functioning. Power B Green Power Supply B is functioning.
  • Page 13 McAfee® IntruShield® IPS 4.1 An introduction to IntruShield sensors IntruShield Sensor 3000 Product Guide What is an IntruShield sensor? Status Description Response Port Green The link is connected. Link The link is disconnected.

  • Page 14: Chapter 2 Before You Install

    H A P T E R Before you install Sensor specifications, safety measures, unpacking a sensor This chapter describes best practices for deployment of IntruShield sensors on your network. Topics include system requirements, site planning, safety considerations for handling the sensor, and usage restrictions that apply to the sensor. I-3000 sensor specifications The following table lists the specifications of the I-3000 sensor.

  • Page 15: Sensor Capacity For I-3000 Sensor

    McAfee® IntruShield® IPS 4.1 Before you install IntruShield Sensor 3000 Product Guide Sensor capacity for I-3000 sensor Sensor Specifications Description Relative Humidity Operating (Non-condensing) 10%-90% non-condensing Non-operating 5% to 95% non-condensing System Heat 1194.3 BTU/hr Dissipation Airflow 200 lfm (1 m/s)

  • Page 16: Network Topology Considerations

    McAfee® IntruShield® IPS 4.1 Before you install IntruShield Sensor 3000 Product Guide Network topology considerations Supported UDP Flows 750,000 DoS Profiles 5000 SYN rate (64-byte packets per second) 500,000 ACL Rules (refer to note below) 1000 Computing Number of ACL rules utilized per sensor You can calculate the number of ACL rules being utilized per sensor by adding all the rules configured at the sensor-level, port-level, and sub-interface level.

  • Page 17: Safety Measures

    McAfee® IntruShield® IPS 4.1 Before you install IntruShield Sensor 3000 Product Guide Safety measures Safety measures The safety measures given below apply to all sensor models unless otherwise specified. Carefully read the following warnings before you install the product. Failure to observe these safety warnings could result in serious physical injury.

  • Page 18: Usage Restrictions

    • The sensor appliance is not a general purpose workstation. • McAfee prohibits the use of the sensor appliance for anything other than operating the IntruShield IPS. • McAfee prohibits the modification or installation of any hardware or software in the sensor appliance that is not part of the normal operation of the IntruShield IPS.
  • Page 19 Before you install IntruShield Sensor 3000 Product Guide Unpacking the sensor • one power cord. McAfee provides a standard, 2m NEMA 5-15P (US) power cable (3 wire). International customers must procure a country-appropriate power cable. • one set of rack mounting ears •...

  • Page 20: Setup Overview

    H A P T E R Setting up the I-3000 sensor prior to configuration This chapter describes the process of setting up a sensor prior to configuring it via the ISM. Setup overview Setting up a sensor involves the following steps: Positioning the sensor.

  • Page 21: Mounting The I-3000 Sensor In A Rack

    Figure 2: Attaching the mounting ears to the sensor chassis Mounting the I-3000 sensor in a rack McAfee recommends rack-mounting your sensors. The rack-mounting hardware included with the sensors is suitable for most 19-inch equipment racks and telco-type racks. For maintenance purposes, you should have access to the front and rear of the sensor.

  • Page 22: Installing The I-3000 Redundant Power Supply

    McAfee® IntruShield® IPS 4.1 Setting up the I-3000 sensor prior to configuration IntruShield Sensor 3000 Product Guide Installing the I-3000 redundant power supply Mount the sensor by securing the ears to two posts or mounting strips in the rack. Because the ears bear the weight of the entire sensor, be sure to fasten the ears securely to the rack.

  • Page 23: Removing A Power Supply

    Note: For true redundant operation with the optional redundant power supply, McAfee recommends that you plug each supply into a different power circuit. For optimal protection, use uninterrupted power sources. Removing a power supply To remove a power supply from the I-3000 (Optional—the power...

  • Page 24: Installing Sfp Modules

    GBIC interfaces. Note: To ensure compatibility, McAfee supports only those SFP modules purchased through McAfee or from a McAfee-approved vendor. For a list of approved vendors, see the on-line KnowledgeBase, McAfee Support Site. https://mysupport.mcafee.com These installation instructions provide information for installing an SFP module that uses a bail clasp for securing the module in place in the sensor.

  • Page 25: Installing A Sfp Module

    SFP module optical bore and save the plug for future use. Note: If you choose not to use the port, McAfee still recommends that you leave a SFP module in the slot.

  • Page 26: Removing A Sfp Module

    Insert the SFP module plug into the module optical bore for protection. Connecting copper SFP for 10/100 Fast Ethernet ports In addition to fiber GBICs, McAfee supports copper SFPs for I-3000 and I-4010 sensors. I-3000 and I-4010 sensors, when packaged are set to 1 Gbps speed. When a copper...
  • Page 27 McAfee® IntruShield® IPS 4.1 Setting up the I-3000 sensor prior to configuration IntruShield Sensor 3000 Product Guide Installing SFP modules To connect a copper SFP Remove the SFP module from its protective packaging. Ensure the SFP module is the correct model for your network.

  • Page 28: Cabling The Sensor

    The I-3000 sensor has no power switch. The sensor powers on as soon as one of its power cables is connected to a power source. Powering off the sensor McAfee recommends that you use the shutdown CLI command to halt the sensor Sensor before powering it down. For more information on CLI commands, see...

  • Page 29: Chapter 4 Attaching Cables To The I-3000 Sensor

    Follow the steps outlined in this chapter to connect cables to the various ports on your sensor. Cabling the Console port The Console port is used for setup and configuration of the sensor. For console connections, plug the DB9 Console cable supplied by McAfee into Console Console port (labeled on the sensor front panel).

  • Page 30: Cabling The Response Ports

    McAfee® IntruShield® IPS 4.1 Attaching cables to the I-3000 Sensor IntruShield Sensor 3000 Product Guide Cabling the Response ports Name Setting Baud rate 9600 Number of bits Parity None Stop bits Flow Control None Required settings for the modem are: •...

  • Page 31: Cabling The Management Port

    Connect the other end of the cable to the network device (for example, hub, switch, router) that in turn connects to the ISM server. Note: To isolate and protect your management traffic, McAfee strongly recommends using a separate, dedicated management subnet to interconnect the sensors and the ISM.

  • Page 32: Default Monitoring Port Speed Settings For I-3000

    McAfee® IntruShield® IPS 4.1 Attaching cables to the I-3000 Sensor IntruShield Sensor 3000 Product Guide Cabling the Management port Port Pairs 1A and 1B 2A and 2B 3A and 3B 4A and 4B 5A and 5B 6A and 6B Note: You cannot configure, for example, IA and 2A to work together as a pair.

  • Page 33: Cable Types For Routers, Switches, Hubs, And Pcs

    McAfee® IntruShield® IPS 4.1 Attaching cables to the I-3000 Sensor IntruShield Sensor 3000 Product Guide Cabling for in-line mode Cable types for routers, switches, hubs, and PCs The cabling instructions in this chapter: • Use a crossover Ethernet RJ45 cable to connect a router port to 10/100 Monitoring ports.

  • Page 34: Cabling For Tap Mode

    McAfee® IntruShield® IPS 4.1 Attaching cables to the I-3000 Sensor IntruShield Sensor 3000 Product Guide Cabling for Tap mode Cabling for Tap mode Cabling the I-3000 SFP ports to monitor in external tap mode TheI-3000 sensor’s SFP ports must be used with a 3rd-party external tap.
  • Page 35 McAfee® IntruShield® IPS 4.1 Attaching cables to the I-3000 Sensor IntruShield Sensor 3000 Product Guide Cabling for SPAN mode fail-over pair even if the Primary sensor has some of its monitoring port pairs in non- Inline (TAP/SPAN) mode is provided.
  • Page 36 McAfee® IntruShield® IPS 4.1 Attaching cables to the I-3000 Sensor IntruShield Sensor 3000 Product Guide Cabling for SPAN mode Using fail-open hardware The Gigabit Fail-Open kit (sold separately) minimizes the potential risks of in-line IntruShield sensor failure on critical network links. Both Copper and Optical versions of the Kit are available.

  • Page 37: Index

    fail-closed dongle ............. 2 Index failing closed ............2 failing open............... 2 fail-open functionality ..........27 failover ..............27 10/100 ports fan LED ..............3 10/100 Management port ........23 fiber optics.............. 10 10/100 Monitoring ports Link LED ....... 3 flash LED ..............
  • Page 38 tap mode ..............26 Temp LED ..............3 using Copper SFP..........18 connecting Copper SFP ........19 removing Copper SFP........20 using fail-open hardware........28...

This manual is also suitable for:

Intrushield 3000

Table of Contents