Integrating with Symantec Decoy Server
The passphrase must be 8 to 64 characters long, inclusive. See the Symantec
Network Security Installation Guide for further integration details.
EDP Port Number indicates the port through which Symantec Network Security
and Smart Agents communicate. Symantec Network Security listens for Event
Dispatch Protocol (EDP) events through this port.
The default value is set to 1333. If you edit this parameter, use a valid, unused
TCP port between 1025 and 65535. Avoid using the QSP port number, or TCP
port numbers 1080, 6665-6669, 7000, because software and appliance nodes
monitor and analyze traffic on these ports.
Note: Restart Symantec Network Security for changes to this parameter to take
effect.
Caution: Do not use the QSP port for EDP communication.
Now you can launch and log into the Symantec Decoy Server console by simply
right-clicking any external sensor object in the topology tree and selecting Start
Decoy Console. Note that the Symantec Decoy Server console remains open,
even if you close the Network Security console.
This section includes the following:
Integrating with Symantec Decoy Server
■
Launching from a new location
■
Launching from a known location
■
Integrating with Symantec Decoy Server
Symantec Network Security can be configured to receive events from
ManTrap 2.1 and later, and Symantec Decoy Server 3.1, as well as from other
third-party security sensors. Symantec Network Security can be configured to
aggregate and correlate those events with all other events that Symantec
Network Security detects. Other third-party sensors require separate Smart
Agent software.
To configure Symantec Decoy Server for integration with Symantec Network
Security, or to purchase Smart Agent software, see the following web site:
http://www.symantec.com/techsupp/enterprise/select_product_manuals.html,
and click Intrusion Detection > Symantec Decoy Server.
Advanced configuration
Integrating third-party events
285