Additional appliance-specific checklist
Establish response policy: Establish additional action triggers so that
■
Symantec Network Security automatically responds to intrusions as they
pass through the network.
Configure user-defined signatures: Enhance the basic detection
■
capabilities by creating customized signatures to fine-tune the detection to
your unique security environment.
Using Symantec Network Security
After the initial configuration of your network intrusion detection system, use
the following tools to monitor your network and provide advanced
configuration:
Incidents and Events: Drill down for detailed information about suspicious
■
and intrusive activity.
Reports and Queries: Launch queries and generate comprehensive reports
■
in a variety of formats about suspicious activity.
Logs and Databases: Review collected data about suspicious activity in logs
■
and databases to use in analyzing and tracking.
Set configuration parameters: Configure single node or cluster-wide
■
settings to define advanced features such as failover, export, TrackBack, and
more.
Deploying a new Symantec Network Security 7100 Series appliance for the first
time involves some additional considerations.
Preparing the appliance
In-line or passive mode: Decide whether to deploy some or all appliance
■
monitoring interfaces using in-line mode, or to leave them in passive mode.
Your choice affects the cabling of the appliance.
Fail-open: If you place any interfaces into in-line mode, you may wish to
■
connect a bypass unit to provide fail-open capability. This also affects the
cabling process.
Initial configuration: Choose from three methods of initial configuration,
■
including:
LCD: Use the LCD screen and push buttons on the appliance to enter
■
the node IP address, password, and other information.
Getting started
43
General checklist