Symantec 10521146 - Network Security 7120 Administration Manual page 35

About sensor processes
■
About Smart Agents
■
About FlowChaser
■
About the alert manager
The Network Security Alerting Manager provides three types of alerts: a
Network Security console action alert, an email alert, and an SNMP trap alert.
About the sensor manager
The Sensor Manager maintains a pool of sub-processes to manage
sensor-related functionality. This includes sensor processes for event detection,
traffic recording, and FlowChaser sub-processes that handle network device
configuration, starting, and stopping.
About the administration service
All communication across the network passes through the QSP Proxy, an
administration service with 256-bit AES encryption and passphrase
authentication. This ensures that all communication between the Network
Security console and the master node, and between software and appliance
nodes within a cluster, are properly authenticated and encrypted. In addition,
this service enforces role-base administration and thus prevents any
circumvention of established access policy.
About analysis
Symantec Network Security's analysis framework aggregates event data on
possible attacks from all event sources. The analysis framework also performs
statistical correlation analysis on events to identify event patterns that vary
significantly from usual network activity and to identify individual events that
are highly related, such as a port scan followed closely by an intrusion attempt.
About the databases
Symantec Network Security provides multiple databases to store information
about attacks, the network topology, and configuration information.
Topology database: Stores information about local network devices and
■
interfaces and the network configuration. Symantec Network Security uses
this data to direct the FlowChaser toward the area of the network in which
an attack occurs.
About management and detection architecture
Architecture 35