Home

Sentriant Operation Console 2.4 User Guide

image

Contents

1. The appliance Availability icon will turn black The appliance now being monitored by SOC Sentriant Operation Console File View Setup Help Monitor Setup Appliance Appliance P nomen Domain f i Policy Distribution i 192 168 21 59 2 20 4402 Dallas 1 92 168 21 85 2 20 429 a sih ee gg ee e i a Sentriant Operation Console 2 4 User Guide Launching Sentriant Manager To launch Sentriant Manager from SOC 1 From the Setup Tab select Appliance 2 Right click an appliance and select Launch Sentriant Manager Sentriant Operation Console File View Setup Help Monitor Setup Setup Appliance ete m ce ea i Domain Policy Distribution a AUS001 Appii Dals fapa P Poplance 220 4291 _To Be Filled By 0 E M _ CS Appliance Launch Sentriant Manager Enable W Disable Software Update Details Backup Rollback Version J Detals Description ss SSS The Sentriant Manager Login dialog opens and begins the login process Note that the appliance parameters have already been populated Sentriant Manager Login Version 220 4288 Appliance IP Address port Username Password Remember Settings Conect DemamMode Demo Data Sentriant Operation Console 2 4 User Guide Once the Sentriant Manager is up and running focus is placed on the panel where you launched Sen
2. All Threats w All Responses Too Many Unused 192 168 105 335 see 2005 10 09 46 AM Sentriant Manager Threat Response Sentriant Operation Console 2 4 User Guide The Sentriant Manager opens to Sources in the Monitor Panel E Sentriant Manager AUSOO1 197 168 71 59 User Role Admin d IBIR Monitor Events Reports Wiw Config Edt Config Appliance Heip lt n 4pbonOxX T Target 1P gt 192 168 102 200 S p 15216810533 Tue 06 21 2005 02384 1 Unprotected Deceme 192 168 102 193 Adder Space 1321681021 W 132168102137 P Actas Adiy 13216810211 ORETDOESI 1515 Start Tus 06 21 2005 236 48 Pel Last Traffic Tue 06 21 2005 02 45 20 Pe E a a ped A 2005 20 49 Cocednated Ureversal Time Rieu group Segmert Set Delaull segment Segments O b4 246509 paotp Al Threats 2 100 Finding Appliances To find appliance or appliances 1 From the Menu select File gt Find Appliance Sentriant Operation Console wi View Setup Help Change Password Path Preferences main Campus Communication Preferences T able ol User Preferences Tale M i Close i Threat Response a city campus 2 pm city campus 1 uh None w None i city campus 3 i S i city campus 2 Mh None o None a city campus 3 uh None w None E mainooi 192 168 21 59 Threat High D Deceix e ee n P n iek ee h mih i o mk 2 ae Sentria
3. main campus city campus 2 city campus 3 Sentriant Operation Console 2 4 User Guide The radial view will look like this Sentriant Operation Console p Montce Setup Monitor All main camps lt a bO ns lx a ae Domar 4 Label F icon Appliance C Label e Icon Theat F Labal F icon marn campi lll oy campus 7 GD city compu 2 city campus 1 oly campus J city campus 2 main campus city campus 3 Theeals Al Threats TE Rule nE 0 Oo 4 0 0 O Ei Threat FRerponse Rett Doman Appdancee Detechon 0 Response The Radial view gives the operator a high level view of all Sentriant appliances deployed and then can drill down or filter to the appliance detecting threats by double clicking on a domain and then the appliance Domains display an icon that represents the health and status of the domain Domain health and status icons are as follows Error A general error has been detected on an appliance that may be a high threat has been detected on an appliance or the health of an appliance encountered an error High priority threats will result in an error condition L Warning A warning has been detected on an appliance that may be an appliance threshold for disk space usage or a network connection went down Suspect low and medium priority threats will result in a warning condition Normal The appliance or appliances within a domain are functioning normally Wat
4. iv Cloak A patent pending technique by which the Sentriant appliance unilaterally controls and terminates a communications flow between two or more computers m Deceive Snare and Slow Scan Sentriant appliances use a special deceiving technique to engage and hold TCP based attacks thus preventing them from spreading Snaring stops an attacking threat from moving to another computer Slow Scan send the attacking threat traffic designed to significantly increase the time it takes for an external host to scan the monitored network causing the attacker to consume time and resources Track A Sentriant appliance monitors the communication between two or more computers but does not take a response action None No response is invoked Availability The availability of the appliance or appliances under a domain Appliances have the following availability states Error Normal and Disabled E EET An error has been found with a Sentriant appliance E waming A warning with the Sentriant appliance E narria The Sentriant appliance is operating normally IJ oi The Sentriant appliance is off line Details Panel The Details Panel displays counts of threats and responses in the counter on the right of the panel The counter can show threat and response counts for a single appliance or a roll up of threats and responses if a domain is selected You may also multi select domains and appliances to show a total count for the selected objects F
5. Monitor Setup Setup Appliance a Domain Policy Distribution 192 168 21 59 2 20 4402 i 2 20 4291 _To Be Filled By O vi2z2 qpoxw ox Appliance Co Appliance Launch Sentriant Manager Enable Disable Backup Version Rollback aa Software Update Detai v Details The appliance Availability icon will turn gray The Sentriant continues to detect and mitigate threats but is no longer being monitored by SOC Sentriant Operation Console File View Setup Help Monitor Setup Appliance Appliance i ECET E omar an 192 168 21 59 2 20 4402 Dallas E DALOOT 1 q2 168 21 85 220 4291 A Policy Distribution ahii N eee deoo m ie O e a o aa mek d k r iiie Sentriant Operation Console 2 4 User Guide To enable an appliance 1 From the Setup Tab select Appliance 2 Select an appliance 3 Right click and select Enable Sentriant Operation Console File view Setup Help Monitor Setup Appliance ace aes Domain ee tas Domain A Name IP Address Software Update Appliance Type Policy Distribution pauso 192 168 21 59 2 20 4402 Dallas DALOO1 Setup vi 22 dbo sox _To Be Filled By O Appliance C2 Appliance Launch Sentriant Manager Software Update Details Backup Version Description Rollback v Details
6. Policy Distribution MAIN to CITY vi 13 Goo ezOx Appliance i Domain Policy Distribution Please select the action to create a new Policy Distribution Sending Policy Distributions To send Policy Distributions 1 From the Setup Tab select Policy Distribution 2 Select a Policy Distribution from the left navigation 3 Click the Distribute button at the lower right of the panel E Sentriant Operation Console File view Setup Help Monitor Setup Setup Policy Distribution MAIN to CITY CAMPUSES 13 dopo sox l Appliance Domain Name MAIN to CITY CAMPUSES Policy Distribution ess Source A vano Status Last Started Last Completed Destination dp Appliance 4 E Ciak pa c2 E Ciemi Sentriant Operation Console 2 4 User Guide The Policy Distribution Progress dialog opens with the list and status of appliances which will receive the policy Click Start to begin the distribution Sentriant Operation Canenie File View Setup Help Policy Distribution Progress Monitor Setup Source E MAIN 001 Setup Status PENDING i Appliance Destinations Domain i Appliance Status Start Date End Date Policy Distribution a ctio PENDING if OPO to CITY C E CITY2 001 PENDING E CITY3 001 PENDING Distribute Done Cancel As the distribution prog
7. SPAN port spoof count spoof origin spoof packet spoof packets spoofed as sub domain suspect SysLog target Acronym for Sentriant Operation Console A Sentriant uses a special technique to engage and hold TCP based attacks thus preventing them from spreading Snaring ties up an attack thread so it cannot move to another computer slowing or even stopping the attack This feature is enabled when deception is turned on and if snaring is part of a configured personality Simple Network Management Protocol Industry standard network management protocol that is used to send alerts An IP Address that has originated traffic in a monitored network segment and attempts to communicate with a target Switched Port Analyzer Mirrors network traffic from a switched segment onto a specified port for traffic monitoring purposes The number of spoof IP addresses sent from a computer or device For example a source IP Address of 1 1 1 2 has spoofed IP Addresses of 2 2 2 1 2 2 2 2 2 2 2 3 and 2 2 2 4 totalling four 4 The computer or location where a spoofed as IP Address or spoof packet originated In IP spoofing an attacker gains unauthorized access to a computer or a network by making it appear that a malicious message has come from a known computer by spoofing the IP address of that machine A packet whose source IP has been changed but its MAC address remains constant Packets that are sent out from the
8. Cancel Sentriant Operation Console 2 4 User Guide E Setup The Sentriant Operation Console must be configured to manage appliances Appliances are added as members of SOC by setting appliance parameters Once an appliance is a SOC member the appliance is added to the default domain and is now being monitored The SOC gives you the flexibility to group appliances into domains In an environment where appliances are deployed over a vast geographical area or in a large deployment where the network is managed by business departments or functions domains give you the ability to group appliances based on your environment A domain can be thought of as a folder where appliances are grouped Domains may also be configured with sub domains The SOC also gives you the ability to share or distribute policy configuration between appliances by loading configuration policy which was previously saved from a Sentriant Policy Distribution will load the configuration policy to multiple Sentriants at a time simplifying the process of sharing policy configuration Appliances Panel The Appliance Panel is where you will configure and maintain appliances that are members of the SOC The Appliance Panel consists of an Information Panel and a Software Updates Details Panel The Information Panel contains appliances that are members of the SOC Data displayed is the domain where the appliance resides appliance state IP Address software version software up
9. Dallas T exas Sentriant Operation Console 2 4 User Guide Removing Appliances from the Domain Panel To remove appliances from the Domain Panel 1 From the Setup Tab select Domain 2 Click the Delete Domain Appliance button or right click and select Remove Appliance EEx Sentriant Operation Console Fie View Setup Help Monitor Setup yi 23 o 8 OX Setup Domain Appliance ch All Policy Distribution Arizona New Mexico Texas Austin T exas Dallas T exas San 4ntonio T exas ef Domain dh Appliance Edit Delete N Launch Sentriant Manager Move To 3 The Delete action dialog opens Click OK Sentriant Operation Console File View Setup Help Monitor Setup Setup Domain J 2 3 ap D0 O x ree Appliance da All Policy Distribution Arizona SE Delete action Sentriant Operation Console 2 4 User Guide The appliance is removed from SOC Sentriant Operation Console File View Setup Help Monitor Setup Setup Domain v 23 gt aa C X Appliance a Arizona New Mexico Texas see Austin T exas Dallas Texas San 4ntonio T exas O d note The appliance is still monitoring and mitigating traffic on the network Sentriant Operation Console 2 4 User Guide Editing Appliances from the Domain Panel To edit an appliance from
10. a j E pana ag ust 82102 A M101 Tipai 1 10 apelaco Amperse ogo Too Mary Linseed 152 168 108 309 ee isga fee O Deere TE ah Urnrond Contact ree 168 10 Wied C7 SOS 2AM E GOE Deine ahr Unwed Contec 2 161025 weona masoia I hiwe T Deceive TE hosa Respinge AE E e Dase AppkanceeB_ Dienie i Hee Details Panel Drop down Lists Threat Trend The first drop down list toggles the Details Panel between displaying the threats response counter and list to the trend chart Threat Filter The second drop down list filters the threat priorities that are displayed in the counter and information list Selecting a threat priority will display data only for the selected priority Response Filter The third drop down list filters response types that are displayed in the counter and information list Selecting a response type will display data only for the selected response Counters Counters can be toggled between threats and responses by clicking the tabs located below the counter The counter can show threat and response counts for a single appliance or a roll up of threats and responses if a domain is selected Information List The information list displays a breakdown of all threats detected from a domain or appliance This view differs from the Information Panel in that the information panel show a roll up of the highest threat Sentriant Operation Console 2 4 User Guide priority only The detail information li
11. Help provides three ways of locating information The Contents and Index links let you find general information and the Search link lets you look up specific words or phrases Sentriant Operation Console 2 4 User Guide To start online Help From the File Menu choose Help gt Sentriant Operation Console Help Sentriant Operation Console 2 4 User Guide Introduction overview Welcome to the online Help System for Sentriant Operation Console a tool for managing multiple Sentriant appliances from one location This section provides an overview of the Sentriant Operation Console interface and its tools for locating organizing and displaying information Consult the topics in this section to find out more about the Sentriant Operation Console s Menu Bar General Status Bar the Folder List Information Panel and the Panel Navigation Bar This section also includes topics on customizing elements of the interface To get answers to your questions use the following tabbed pages in the navigation pane of Sentriant Operation Console Help Contents displays major topics and subtopics For Windows clients clicking the plus sign next to the folder icon expands the topic and shows its related subtopics Index displays an alphabetical list of keywords Search displays a box where you can type a term that Sentriant Operation Console Help system will look for in the Help topics Glossary contains definitions for unique t
12. Monitor Setup Setup Policy Distribution MAIN to CITY 3 apo 0x see Appliance Domain Policy Distribution are aieka Pe Source E van Status SUCCESS Last Started Tue 07 05 2005 10 55 10 AM Last Completed Tue 07 05 2005 10 55 31 AM Destination ar Appliance 4 E city1 001 E city2 001 E city3 001 Sentriant Operation Console 2 4 User Guide Viewing Policy Distribution Information To view Policy Distributions 1 From the Setup tab click Policy Distribution 2 Click a Policy Distribution from the left navigation Sentriant Operation Console File view Setup Help Monitor Setup Setup Policy Distribution MAIN to CITY CAMPUSES j vi 1 3 4 p O aa O x i Appliance i Domain Name MAIN to CITY CAMPUSES Policy Distribution BEMAIN to CITY CAMPUSES ale A anon k Status Last Started Last Completed Destination dp Appliance E CITY1 001 pa c2 E Ciemi The selected Policy Distribution is displayed in the Information Panel with the following e Name policy distribution name e Source the appliance selected as the policy source The source is where the policy will be extracted and sent to appliances in the distribution list Status the status of a policy distribution Last Started a timestamp when the policy distribution was started Last Completed a timestamp w
13. Sentriant appliance E nomial The Sentriant appliance is operating normally E off The Sentriant appliance is off line When an appliance is not available an error message is generated Clicking on the appliance icon in the General Status Bar opens the Appliance Availability dialog The message contains a timestamp of when the SOC last tried to contact the appliance and a message that describes the problem Selecting the appliance and clicking OK will navigate to the appliance in Setup gt Appliance panel Select an appliance E CITY2 001 Fri Jul 01 10 06 48 COT 2005 Network communication eror unable to connect to 1 Sentriant Operation Console 2 4 User Guide The General Status Message displays a textual representation of the filtering done by the Folder List or Panel Navigation Bar in the Information Panel Sentriant Operation Console SE File view Setup Help Monitor Setup Monitor Main Campus i 1 4 gt oo O gt Main Campus Table v City Campus 1 reat esponse vailability LJ City Campus 2 City Campus 1 None L City Campus 2 a None L City Campus 3 wd None A manon 192 168 21 59 ah None a City Campus 3 Threats v All Threats v All Responses 0 A 0 Rule Source IP Time Appliance Response 0 0 oo 0g 0 Ao General Status Message Threat Response FResuts Domain 3 Appliance 1 J For example a query o
14. Setup Appliance N 2i2 4 p O a E x Backup Appliance Action Eg i Domain Policy Distribution Hane sasha Appliance Type IP Address 192 168 21 59 c245 Backup Path C Program Files S entriantO pConsole policybackup 4US001 To Be Filled By 0 E M _ Launched Sentriant Manager Sentriant Operation Console 2 4 User Guide A message stating the backup was successful is displayed Click Done to close the dialog and return to SOC Sentriant Operation Console spe eeeeeeeennmenens H Policy Distribution Rollback Policy Distribution Rollback Policy Distribution is used to reload a saved configuration for the selected appliance which includes appliance name IP Address user accounts alerts deception settings named items segment configuration settings and policy settings You should rollback the appliance if an error is encountered with a software update or policy distribution To rollback an appliance to the last saved policy distribution 1 From the Setup Tab select Appliance 2 Right click an appliance and select Rollback Policy Sentriant Operation Console File View Setup Help Monitor Setup Setup Appliance v 143 4 gt Bg O x m Jere Domain w eS ee Policy Distribution SAS 68 21 59 2 20 4408 P Appliance 1 2204295 MNAPO4OGT c Appliance 00 2 20 4295 c244 Launch Sentriant Manager Enable Disable l Backup Software Update Details Ver
15. The domain name has changed and is displayed in the Information Panel Sentriant Operation Console Setup 23 dbo 0X Domain Policy Distribution A C 51 Moving a Domain To move a domain 1 From the Setup Tab select Domain 2 Right click a domain and select Move To Sentriant Operation Console EEx Fie View Setup Help Monitor Setup Setup Appliance TED omain Policy Distribution Domain 273 qposeoOx m A All Arizona Domain Dallas Te dh Appliance CS Delete 3 The Move To dialog opens From the list select a domain This domain is where the selected domain will be moved under 4 Click OK Sentriant Operation Console File View Setup Help Monitor Setup Setup ve Appliance Policy Distribution Domain E Move Austin lexas to sen Arizona Austin Texas Dallas T exas New Mexico San Antonio T exas a Sentriant Operation Console 2 4 User Guide The domain now resides under the selected domain Sentriant Operation Console File View Setup Help Monitor Setup Setup Domain vias coo se ox ven Appliance if omain Policy Distribution a Arizona Dallas T exas New Mexico San Antonio T exas Texas Sentriant Operation Console 2 4 User Guide Adding Appliances to SOC from the Domain Panel Appliances
16. amp Sentriant Operation Console 2 4 User Guide Extreme Networks Inc 3585 Monroe Street Santa Clara California 95051 888 257 3000 408 579 2800 http www extremenetworks com Published July 2007 Part Number 100212 00 Rev 02 AccessAdapt Alpine BlackDiamond EPICenter ESRP Ethernet Everywhere Extreme Enabled Extreme Ethernet Everywhere Extreme Networks Extreme Standby Router Protocol Extreme Turbodrive Extreme Velocity ExtremeWare ExtremeWorks ExtremeXOS the Go Purple Extreme Solution ScreenPlay Sentriant ServiceWatch Summit SummitStack Unified Access Architecture Unified Access RF Manager UniStack UniStack Stacking the Extreme Networks logo the Alpine logo the BlackDiamond logo the Extreme Turbodrive logo the Summit logos the Powered by ExtremeXOS logo and the Color Purple among others are trademarks or registered trademarks of Extreme Networks Inc or its subsidiaries in the United States and or other countries Adobe Flash and Macromedia are registered trademarks of Adobe Systems Incorporated in the U S and or other countries AutoCell is a trademark of AutoCell Avaya is a trademark of Avaya Inc Merit is a registered trademark of Merit Network Inc Internet Explorer is a registered trademark of Microsoft Corporation Mozilla Firefox is a registered trademark of the Mozilla Foundation sFlow is a registered trademark of sFlow org Solaris and Java are trademarks of Sun Microsystems Inc in
17. at the end Sentriant Operation Console File view Setup Help Monitor Setup E Monitor Main Campus i 1 4 gt CO aa O XxX a Table v i City Campus 1 City Campus 2 A manon 192 168 21 59 Threat High I Deceive A Noma City Campus 1 None I None E Normal City Campus 2 None I None E Disabled W gt City Campus 3 EN None y None E Disabled La L City Campus 3 Threats v All Threats v All Responses v 1 A 100 Rule Source IP Time Appliance Response 0 0 Too Many Unused 192 168 105 33 Thu 06 30 2005 02 E MAINOO1 w Deceive 1 amp 1 ogo 0A a Threat Response Results Domain 3 Appliance 1 Sorting Response Type Clicking the Response row header in the Monitor Panel will sort responses to threats based on type When you see the arrow in the row header pointing up the sort will start with the lowest priority and Sentriant Operation Console 2 4 User Guide increase in the following order None Track Deceive Snare and Cloak at the end of the list Clicking the row again will sort the list with Cloak at the beginning of the list and None at the end Sentriant Operation Console File view Setup Help Monitor Setup Monitor Main Campus 4 gt CO aa O x City Campus 1 i i il City Campus 2 i vaila City Campus 1 wd None j J Normal L City Campus 3 aJ City Campus 2 wA N
18. displaying messages tips and by clicking on the Help button to display context sensitive help Additional information under the Help menu includes an icon legend and software version installed Messages and Tool Tips Sentriant Operation Console provides brief descriptive messages that indicate what a command will do before you select the command One kind of message is the General Status Message which appears in the General Status Bar at the bottom of the screen When you perform a command the General Status Sentriant Operation Console 2 4 User Guide Message is constructed based on the command For example selecting a domain will display the number of domains and appliances residing within the selected domain Sentriant Operation Console SE File view Setup Help Monitor Setup Monitor Main Campus i 1 4 gt oo O x ai Table v i City Campus 1 LJ City Campus 2 City Campus 1 None _ City Campus 2 a None a City Campus 3 L City Campus 3 wd None A manon 192 168 21 59 ah None Threats v All Threats v All Responses 0 A 0 Rule Source IP Time Appliance Response 0 0 oo og 0 Ao General Status Message Threat Response Results Domain 3 Appliance 1 J Another type of message is a Tool Tip a text label describing the function of a toolbar button Tool Tips appears when you place the pointer over a button table fiel
19. i 100 Editing Folicy DIStiDUT OW snoer centages cat EE cevemereeer a E 102 OSS a EE EA E E E E E E A E EER 105 MOOK i caus cocuepeceenssyyedanesaeeveusiceeeess 115 O Sentriant Operation Console 2 4 User Guide Introduction Welcome to the Sentriant Operation Console User Guide This user guide gives complete instructions for using the Sentriant Operation Console Included are user instructions for everyday tasks and administrator instructions for configuring and customizing the Sentriant Operation Console SOC This documentation uses the following conventions Menu tabs and subtabs used to access screens are shown in bold separated by a greater than symbol For example instructions for how to get to the Monitoring Sources Panel which is accessed by first clicking the Monitoring tab then the Network Topology subtab and then selecting Sources will be shown as Setup gt Appliance in the documentation Installing Sentriant Operation Console You must install the Sentriant Operation Console either from the CD that was shipped with your Sentriant Appliance or by logging in to the Extreme Networks support site and downloading the Sentriant Operation Console software To install the Sentriant Operation Console Insert the CD and follow the on screen instructions for installing the Sentriant Operation Console or Open a web browser and enter the URL for the Extreme Networks Support site Follow the instructions for downloading and installin
20. is the basis for the worldwide system of civil time Referred to as Coordinated Universal Time abbreviated UTC this time scale is maintained by highly precise atomic clocks located around the world UTC is accurate to a nanosecond per day A host or workstation using an IP Address within the protected range of a Sentriant It responds to Address Resolution Protocol ARP requests and sends traffic on the network Virtual Local Area Network A logical or administratively configured LAN or broadcast domain that is defined by software rather than by fixed physical port connections A watch is a source that has communicated within or itself resides within the protected range s of the Sentriant Sentriant Operation Console 2 4 User Guide Sentriant Operation Console 2 4 User Guide Index A Adding Appliances 60 Adding Appliances to SOC from the Domain Panel 86 Appliance Health icon 12 Appliance Software Updates 67 Appliances Panel 59 application 109 ARP horizon 105 Availability 32 Backup Appliance Configuration 74 bad packet 105 broadcast domain 105 C Change Background 50 Changing Password 54 cloak 105 cloak all 105 cloak on demand 106 communication stream 106 Contacting Extreme Networks 27 Contents 9 Counter 34 Creating a Policy Distribution 95 Creating Domains 78 Customizing the Screen 18 data mask 109 deception 106 decoy 106 Delete Policy Distribution 99 Deleti
21. local network but have a false source address This could signal the presence of a virus worm or a rogue gateway The address that was given as the false source of a spoof packet A domain with a domain A suspect is a configurable priority level within the Sentriant Any configured rule can escalate a threat to a suspect level A method of collecting message logs from many systems Each system sends short text messages to a syslog recorder The recording system may record these in any desired manner including writing them to a file sending them on to other systems and printing them out The Sentriant Manager uses SysLog for alerting users of activities on Sentriants The host or workstation that a source host attempts to communicate with Sentriant Operation Console 2 4 User Guide T Continued too many externals too many unprotected too many used too many unused Universal Time used V VLAN W watch A local system on the network is contacting a large number of external hosts This could signal the presence of a virus or worm A local system on the network is contacting a large number of remote hosts This could signal the presence of a virus or worm Too many used i e real IP addresses have been contacted by a single host A used address is an address that has a real machine associated with it The Sentriant has detected a source attempting to contact too many unused IP Addresses A time scale that
22. of the deployment with each spoke representing a branch of the network Appliances are located at the end of each branch Threat and Response information is displayed in the details panel located at the bottom of the screen The Threat and Response counters represent a roll up of the threats detected for the appliance For example if an appliance is configured to monitor four 4 segments the Threat counter will display the total number of threats detected by the appliance Selecting the appliance will display the type of threats and priority status The Response counter acts similarly by rolling up the responses sent to a source threat Filters can be set on the threat or response views to display only certain threat priorities or response types The details panel also contains a trend view The trend view is an historical representation of threats detected by Sentriant appliances The trend chart shows total threats and responses for an appliance You may multi select appliances within a domain and display an aggregate count of threats and responses Table View The Table View displays domains and appliance in a hierarchal list Choosing a domain gives you sub domains and appliances that are part of the domain Information for domains include the name of the domain or appliance the highest priority threat and response type for an appliance under the domain or if an appliance is selected the highest threat detected by the appliance and availabi
23. up of multiple switches gateways and Sentriants of a WAN include Include allows the configuration of specific IP Addresses and ports to be monitored by the Sentriant IP Addresses and ports are added to a rule using a session profile that sets a single or range of source and or IP Addresses and ports When session profiles are added to a rule only values that are in the session profile are monitored on the source segment For example if you wish to create a Too Many Protected Web Server rule where protected web server IP addresses are 10 10 10 1 thru 10 10 10 5 with one more at 10 10 10 19 then a session profile would have the following values Source IP empty Source Port empty Target IP 10 10 10 1 5 19 Target Port empty If you only wanted to count the threats on port 80 then you would change the Target port to 80 If no session profiles are entered then by default all traffic will be included IP Address Also referred to as Internet protocol address It consists of four 8 bit numbers represented as integers called octets Most often each part of the IP address is a number between 0 and 225 however the first number must be less than 224 and the last number cannot be 0 Networks using the TCP IP protocol to route messages based on the IP address of the destination Connecting a private network to the Internet requires using registered IP addresses called Internet addresses to avoid duplicates Sentriant Operation
24. which displays sub domains Domain health and status icons are as follows Sentriant Operation Console 2 4 User Guide ed Error A general error has been detected on an appliance that may be a high threat or the health of an appliance encountered an error High priority threats will result in an error condition L Warning A warning has been detected on an appliance that may be an appliance threshold for disk space usage or a network connection went down Suspect low and medium priority threats will result in a warning condition Normal The appliance or appliances within a domain are functioning normally Watches may be present Off An appliance has stopped communicating to SOC Information Panel The Information panel to the right displays sub domains and appliances The information panel displays the following data Domains Appliances The name of the domain or appliance with an icon representing the health and status Appliance status icons are as follows E RA An error has been found with a Sentriant appliance E waming A warning with a Sentriant appliance pF oma The Sentriant appliance is operating normally E att The Sentriant appliance is off line Threats A roll up of threats that have been detected At the domain level the roll up represents the total threats with the icon representing the highest threat priority received Therefore if an appliance detects 3 high and 5 medium priority threats the counter will di
25. 0 600 seconds Maximum Threats 0 100 threats To Reset to Defaults Sentriant Operation Console 2 4 User Guide Setting User Preferences To set user preferences 1 From the Menu select File gt User Preferences Sentriant Operation Console View Setup Help Find 4ppliance Change Password Path Preferences main Campus city campus 1 wt Communication Preferences a lal city campus 2 pA cT 192 168 21 88 wh None A crry1 002 192 168 21 71 None T None ies lll city campus 4 iih P re Ta ni Par 2 M ee ba i e mae m _ The User Preferences dialog opens From this dialog you can change the panel that opens when you start SOC and how the help system is displayed 2 From the Startup drop down list select either Last panel before exit or Use current panel If you select Last panel before exit the last panel you had open will reopen the next time you start SOC If you select Use current panel the panel you have open when setting this option will open the next time you start SOC 3 From the Help drop down list select either Console Popup Window or Help System Selecting Console will display the console with SOC in the information panel selecting Popup Window will open a browser like window selecting Help System will display help in Java Help application User Preferences Startup On startup automatically load the following panel Last panel before exit we Help
26. 02 E MAINOO1 wy Deceive 1 amp 1 0 0 0 a Threat Response Results Domain 3 Appliance 1 Showing and Hiding General Status Bar The General Status Bar displays the status of activities for the appliance health segments and events You can hide and show the General Status Bar as needed while you work Sentriant Operation Console SEE File view Setup Help Monitor Setup Monitor Main Campus i 11 4 gt CO oo O gt al Table i City Campus 1 L City Campus 2 City Campus 1 None L City Campus 2 a None _ City Campus 3 a None E MAINOO1 192 168 21 59 N None a City Campus 3 Threats v All Threats v All Responses v 0 A 0 Rule Source IP Time Appliance Response 0 0 oo ogo i ae Threat Response Results Domain 3 Appliance 1 Sentriant Operation Console 2 4 User Guide To show or hide the General Status Bar From the View menu select General Status to hide A check mark indicates the display is visible Sentriant Operation Console Hee Setup Help x Monitor Main Campus i Main Campus City Campus 1 Names Threat be d City Campus 2 City Campus 1 A None ow General Status Mom Say City Campus 3 pe a ee o PGi tk Nong aaant Getting Help Sentriant Operation Console provides on screen assistance as you move about and perform tasks by
27. 2 p city 1 001 192 168 21 88 vi None pA cry 1 002 192 168 21 71 vi None lll city Campus 3 The Path Preferences dialup opens 2 Click the Browse button on the desired path to edit 3 Click OK to save the path changes and close the dialog View Browse Path Preferences Software Update Cache C Program Fies SentriantOpConsole patches Browse Sentiant Manager C Program Files SentriantWanager Browse Sentriant Operation Console 2 4 User Guide Setting Communication Preferences To set communication preferences 1 From the Menu select File gt Communication Preferences Sentriant Operation Console AET View Setup Help Find 4ppliance Change Password Path Preferences man campus city campus 1 Communication Preferences User Preferences city campus 2 pA cirv 0n 192 168 21 88 ah None ag cry 1 002 192 168 21 71 h None T None lal city campus 3 oa P PE ee ee T q ee al oe a m in par The Communication Preferences dialog is displayed It contains values for Update interval and Maximum Threats displayed in the Details Information list The update interval refreshes threats and is defaulted to update every sixty 60 seconds The maximum threats displayed is set to ten 10 2 Enter new values for counter threat and maximum threats 3 Click OK to accept the changes and close the dialog Communication Preferences Update interval 1
28. 4 Arizona E AUSOO1 192 168 21 59 4 Threat High W Deceive A vavoot 192 168 21 88 None Threats v All Threats v All Responses v 1 A 101 Rule Source IP Time Appliance Response 0 A 0 TooMany Unused 192 168 102 11 Tue 06 21 2005 02 38 AUSOO1 Track A UnusedContact 192 168 105 33 Tue 06 21 2005 023 3 AUSOO Track 040 0 m0 Threat Response Results Domain 0 Appliance 2 Sentriant Operation Console 2 4 User Guide Details Panel Drop down Lists Threat Trend The first drop down list toggles between the Details Panel displaying the threats response counter and the trend chart Threat Filter The second drop down list filters the threat priorities that are displayed in the counter and information list Selecting a threat priority will display data only for the selected priority Response Filter The third drop down list filters response types that are displayed in the counter and information list Selecting a response type will display data only for the selected response Counter The counter can be toggled between threats and responses by clicking the tabs located below the counter The counter can show threat and response counts for a single appliance or a roll up of threats and responses if a domain is selected You may also multi select domains and appliances to show a total count for the selected objects Information List T
29. 4 The Edit Policy Distribution Name dialog opens Enter a new name 5 Click OK Sentriant Operation Console File View Setup Help Monitor Setup Setup Policy Distribution MAIN to CITY CAMPUSES vy 13 dopo 0x Appliance Domain Name MAIN to CITY CAMPUSES Policy Distribution Edit Policy Distribution Name BAIN to CITY CAMPUSES Source Status MAIN 001 to ALL Cancel Sentriant Operation Console 2 4 User Guide To edit the source of a policy distribution 6 Click the Edit Source Appliance button Sentriant Operation Console File View Setup Help Monitor Setup Setup Policy Distribution MAIN 001 to ALL 3 ODO 0x Appliance Domain Name MAIN 001 to ALL Policy Distribution Source E MAIN 001 g Status SUCCESS Last Started Tue 07 05 2005 10 55 10 AM Last Completed Tue 07 05 2005 10 55 31 AM Destination Appliance 7 The Edit Source Appliance dialog opens Select an appliance from the drop down list 8 Click OK Sentriant Operation Console File View Setup Help Monitor Setup Setup Policy Distribution MAIN O01 to ALL 13 Oo a OX Appliance E SPE Edit Source Appliance Domain Policy Distribution j MAIN O01 to ALL E BEMAIN 001 to ALL MAIN 00 ra m ciTY1 001 oe ciTY2 001 Sm CITY3 001 E MAIN 001 Sg MAIN 002 N CITY 3 001 Sentrian
30. Console 2 4 User Guide MAC Address MAC Validation management segment manual escalation masked source monitor native segment network segment NMAP NTP The low level address consisting of a 48 bit hexadecimal number 12 characters assigned to a device on an ethernet network MAC addresses are translated to IP addresses via ARP Each NIC is assigned a unique address at the factory A process performed by the Sentriant that validates the low level address sent by a host consisting of a 48 bit hexadecimal number 12 characters assigned to a device on an ethernet MAC Addresses are translated to IP addresses via ARP Each NIC is assigned a unique address at the factory In cases where MAC Addresses are found to be spoofed as the Sentriant will trigger a rule that may either cloak snare or send decoy information based on the rule that is triggered The segment identified during Sentriant configuration that will be used to manage and monitor The Sentriant admin has chosen to manually respond to a specific source IP Address as a potential threat and change the threat priority to high medium or low which will trigger a rule and configured mitigation actions When a threat is detected by the Sentriant but the source of the attack cannot be immediately determined the source is referred to as masked This usually occurs during initial network segment startup when the Sentriant has not yet learned all of the address ma
31. Login Version 2 20 4288 Copyright c 2004 2005 Extreme Networks Inc and its Licensors See Help About Logging in to the piane Appliance IP Address port 192 168 217 595 Username admin Faszsword Remember Settings Connect DemaMode Demo Data Once the Sentriant Manager is up and running focus is placed on the panel where you launched Sentriant Manager In this case Sentriant Manager was launched from Setup gt Domain Therefore Sentriant Manager will open and navigate to the Monitor Panel Sentriant Manager AUS001 192 168 21 59 User Role Admin File View Monitor Events Reports View Config Edit Config Appliance Help amp Segment Set D QTaog 01 192379 QT ag 102 349459 A 1 A 65 1 A A A W Monitor Events Reports View Config Edit Config Appliance Monitor Sources M 17 qpoaox Network Activity D Default v O OT ag 102 3494599 v A Threat High v ood Targets f Too Many E 192 168 10 Mon 06 13 2005 05 65 QTag 10 Deceive 192 168 102 198 Trends _ 192 168 102 197 _ 192 168 102 195 _ 192 168 102 194 lao 4en 404405 Address Space Access Activity General iF E 192 168 101 100 Gateway IP Address Gateway MAC 192 168 102 1 00 60 D0 97 15 15 Start Mon 06 13 2005 05 54 17 PM Last Traffic Mon 06 13 2005 05 54 20 PM E e pl 06 13 2005 22 59 Coordinated Universal Time Results group S
32. ain is the area of a network in which all network devices can communicate with each other without going through a router A patent pending technique by which the Sentriant unilaterally controls and terminates a communications flow between two or more computers Cloaking can be manually or dynamically invoked by the Sentriant when threats are identified or policy conditions violated Cloak All inserts itself into all communication paths that exist between all known used IP addresses of the monitored network and removes threats from the communication stream while other traffic is allowed The source will remain cloaked until the configured threat time out has been exceeded At this time the Sentriant removes itself from the data path between all monitored addresses and threat sources barring the existence of another threat that would not allow uncloaking Sentriant Operation Console 2 4 User Guide C Continued cloak on demand communication stream deception decoy detection dismiss DNS domain escalate When Cloak is selected as the response to a threat the Sentriant initially inserts itself into communication paths for only the devices that have communicated with the threat and removes the communication stream Traffic to from other non threat hosts will be permitted Once determined that the threat source is no longer a threat it can be Uncloaked so that communication is permitted within the Sentriant s protec
33. artup On startup automatically load the following panel Last panel before exit Help Cancel Sorting Data Sorting arranges data in a list sequentially according to values Data can either be sorted in an ascending or descending order alphabetically by threat or response type availability and numerically Clicking a row header in the Information Panel will sort data See the examples below Sorting Alphabetically Clicking the Domain row in the Monitor Panel will sort domains alphabetically in an ascending order A Z Clicking again will sort domains in a descending order Z A Sentriant Operation Console File View Setup Help Monitor Setup Monitor Main Campus 4 gt O aa O x City Campus 1 i City Campus 2 City Campus 1 Y IE Normal D City Campus 2 F FF Disabled City Campus 3 W E Disabled City Campus 3 Threats 0A 0 0 0 0 0 0g 0 0m 0 Threat Response N L Results Domain 3 Appliance 1 Sentriant Operation Console 2 4 User Guide Sorting Threats Clicking the Threat row header in the Monitor Panel will sort threat detection based on threat priority When you see the arrow in the row header pointing up the sort will start with the lowest priority and increase in priority with high at the end of the list Clicking the row again will sort the list with the highest priority at the beginning of the list and the lowest
34. asso p a5 sm Sentriant Operation Console 2 4 User Guide Change Background You may change the color of the Radial view s background from white to black 1 Right click a domain from the Radial view 2 Select Background from the menu 3 Select either White or Black g wtan d 0 to Domain New Mexico Show Appliances Reset View Background ga I i Details EEN ae w l id Ariona Texas The Radial view s background changes tah E Colorado New Mexico Arona Sentriant Operation Console 2 4 User Guide Launch Sentriant Manager from Radial View There are two locations from where you can launch Sentriant Manager To Launch Sentriant Manager from the Radial View 1 From the Monitor Panel select an appliance from the Information Panel 2 Right click to bring up the menu and select Launch Sentriant Manager ee ee i i i r l T i allas mA i f Go to Domain r Launch Sentriant Manager b Show Appliances j Hide Appliancets F A Reset View F Background b vosas OOOO O t w All Threats w All Responses t A Tooban Unused eem 1S20RRAO5 3a hie 7E2005 1009 46 9 MB etin 5 F To Launch Sentriant Manager from the Details Panel 1 From the Monitor Panel select an appliance from the Information Panel 2 Select a threat from the information list 3 Right click to bring up the menu and select Sentriant Manager Threats w
35. campus 1 me Ope e Communication Preferences User Preferences Close city campus 2 pA ciry1 001 192 168 21 88 None D None nsss city campus 3 p cry o02 192 168 21 71 None J None ee h o ie mm To ee m e ee el a aE m r z me birka o a Sentriant Operation Console 2 4 User Guide 2 Enter a new password 3 Re enter the password to confirm 4 Click OK The password has been changed and the dialog closes Change Password New Password Confirm Password Setting Paths Upon installation of SOC default paths are saved for the following components Policy Backup When performing a policy distribution a backup is automatically performed in the event of an error SOC uses this backup to perform a Rollback Policy to the appliance Software Update Cache The location where downloaded patches are placed Software Update URL A URL that when updating software opens an Internet browser displaying available patches for download Sentriant Manager The location of Sentriant Manager If Sentriant Manager is uninstalled and reinstalled in a different location the path should be updated manually Sentriant Operation Console 2 4 User Guide To set paths 1 From the Menu select File gt Path Preferences Sentriant Operation Console SEs File Find Appliance Path Preferences vo o 0x Communication Preke User Preferences ese Namea Test Response avab city campus
36. ches may be present J Off An appliance has stopped communicating with SOC Sentriant Operation Console 2 4 User Guide Across the top of the information panel is a set of check boxes that turn on and off radial view labels and icons Turning on and off labels and icons will make reading the radial view easier if you have an environment with many domains and appliances E Sentriant Operation Console File View Setup Help ar Monitor Setup city campus 1 I i B city campus 2 The Information panel displays domains and appliances The information panel displays the following data The name of the domain or appliance with an icon representing the health and status A roll up of threats that have been detected At the domain level the roll up represents the total threats with the icon representing the highest threat priority received Therefore if an appliance detects 3 high and 5 medium priority threats the counter will display the total number of the highest threat detected in this case the icon would indicate a high threat with a count of 3 The type of response sent to the threat source The response displayed will be determined by the type Types of responses are Cloak Deceive Snare Slow Scan Track and none with Cloak being the most severe response against a source threat e The availability of the appliance or appliances under a domain Appliances have the following availability sta
37. ctions 44 receive 110 Removing Appliances 64 Removing Appliances from the Domain Panel 88 Reset View 49 Response 11 response 111 Responses 31 Rollback Policy Distribution 77 rule 111 rule set 111 Running Sentriant Operation Console 6 S Search 9 segment set 111 Sending Policy Distributions 100 Setting Communication Preferences 57 Setting Paths 55 Setting Preferences 54 Setting User Preferences 18 58 Setup 59 Shortcut menus 10 Show All Appliances 46 Show Appliances 45 Showing and Hiding General Status Bar 22 Showing Appliances 40 SMTP 111 snaring 112 SNMP 112 Sorting Data 19 source 112 suspect 112 T Tab and Folder List 14 Table View 29 target 112 Threats 31 To show appliances 43 To view Threat Details 33 too many externals 113 transmit 110 transport 110 U used 113 Using the On line Help System 6 V VLAN 113 W watch 113 Sentriant Operation Console 2 4 User Guide
38. d or other type of command or control En Hone La Hone E i ormal Eo Threat High T Deceive E oral i Hone La Hone E Disabled a MH one La Hone E Disabled ee m o l m m b a E a E ee ne ee on a ps Sentriant Operation Console 2 4 User Guide Context Sensitive Help Context sensitive help is also available for most of Sentriant Operation Console s information panels The corresponding Help topic displays when you press the Help button located at the bottom right of the General Status Bar Sentriant Operation Console File view Setup Help Monitor Setup Monitor Main Campus y 17 7 gt on gx s Table v City Campus 1 City Campus 2 City Campus 1 None p None E Normal LJ City Campus 2 a None J None E Disabled _ City Campus 3 wd None I None E Disabled A manon 192 168 21 59 a None I None A Noma a City Campus 3 Threats All Threats v All Responses v 0 A 0 Pue Source IP Time Appliance Response 0m 0 oo ogo Om 0 Threat Response Results Domain 3 Appliance 1 About Sentriant Operation Console The About command on the Help menu displays the About Sentriant Operation Console dialog which shows the version of Sentriant Operation Console that you are using in the title bar of the dialog About Sentriant Operation Console Sentriant Operation Console version 2 30 4551 Copyright fc 2004 2005 Mirage Net
39. dates and type The Software Updates Details Panel displays data for the selected appliance consisting of available software updates the type of update and a description of the update Sentriant Operation Console 2 4 User Guide Adding Appliances To add an appliance 1 From the Setup Tab select Appliance 2 Click the Add Appliance button Sentriant Operation Console File view Setup Help Monitor Setup Setup zz Domain E Policy Distribution Appliance 22 40D mx All v Demin atom Pat Sa Ue Nevada E Las Vegas Utah E Moab Colorado E Montrose New Mexico E Sandia Texas E Dallas E San Antonio E Senora 192 168 60 8 192 168 21 111 192 168 21 85 192 168 21 77 192 168 21 88 192 168 21 71 192 168 21 100 2 20 4571 2 20 4571 2 20 4572 2 20 4571 _To Be Filled B c244 MNAPO40GT c244 Software Update Details Version Update Type Description 3 Enter the name and IP Address of the appliance If you have created domains you may select a domain from the drop down list If no domains have been created the appliance will be placed in the default domain O d note The Port field is default to 22 If your workstation is configured in a Network Access Translation environment NAT you will need to enter the NAT access port number in Port field when adding an appliance and point to port 22 in the NAT access point 4 Enter th
40. ddition to the pull down menus on the Menu Bar shortcut menus are available on certain screens which give you quick access to common commands for a particular context Shortcut menus are activated by clicking the right mouse button when the mouse pointer is positioned over an item in a list or in a particular area of the screen Clicking a command on a shortcut menu will apply to the currently selected list item or the part of the screen where the pointer is resting Sentriant Operation Console 2 4 User Guide General Status Bar The General Status Bar displays aggregate sets of threat response and health data for all Sentriant appliances managed by the Sentriant Operation Console a General Status Message containing domain and appliance information and a button for context sensitive help Sentriant Operation Console DER Fie View Setup Help Monitor Setup Monitor Main Campus K 11 4 gt C aa O x T J i City Campus 1 City Campus 2 City Campus 1 wd None E Normal City Campus 2 wd None E Disabled City Campus 3 3 None E Disabled a manon 192 168 21 59 a None p Noma City Campus 3 Threats v All Threats v All Responses v 0 A 0 Rule Source IP Time Appliance Response Om 0 oa ogo i a Threat Response Results Domain 3 Appliance 1 The Threat icons represent an aggregate threat count for all Sentriant appliances managed under SOC Threat source
41. do domain O Note The root in this case All will display an error icon The more severe domain status will be displayed at the root Sentriant Operation Console 2 4 User Guide With All selected the Details Panel at the bottom of the panel shows all threats detected for all appliances fentriant Operation Conzole E T Honto T Setup EE lt dO ZOR ag Rasa Donan E Labsi lio Appliance m Laba E kon Thea fe Label pien Fepam fo Label e lean Argona S LOL iake E LECH i Heia ECS gus 1 Colorado New Mexico Ariona texas 15168 106 30 Wied FADS 10 ab Ald VEE TES 101 2 ted DS OT F AH TiS 168 1025 Wed FTES On 2 50 al Sentriant Operation Console 2 4 User Guide Clicking a domain in this case Colorado will display threats detected from appliance only within the Colorado domain Sentriant Operation Console r ia E CEEE CEA lt dO SOR w Donan 7 Label jkn Aeplanee F Lais Eken Thea iLe Elken Aerpame fo Label 2 lean otan a ee E New Mexico a wai Artana texas Nevada Fide fouce Time Appia Hapana da Uruted Contact EENE Wed OPAGAZIS 01 244 AM E iine E Dece ak Urwsned Cordes VS2 168 1025 Wed OTEN 01 23 50 4M ERSE T Dei A T E eni onse Apokarcee Desch Peipon Help All information to this point has been at the domain level which represents a roll up of all appliances To view indiv
42. domain selected 1 Right click a domain from the Radial view 2 Select Go to Domain from the menu utan C rago New Mexico d pn B nev Go to Domain Launch Sentriant Alas ager lal Nevada Show Appliances Hide 4ppliancets Reset view A TooMany Unused 192 168 105 323 Mon 07 11 2005 1 2 Austin 7 1 aa wR re Se n E n ii MD oe The Radial view is now focused on the selected domain Texas Sentriant Operation Console 2 4 User Guide Show Appliances Sentriant appliances are not displayed to preserve Radial view s space In a large deployment with many domains it may be necessary to only show the domains To show the appliances within a domain 1 Right click a domain from the Radial view 2 Select Show Appliance s from the menu Taras 60 to Domain Launch Sentriant Manager Show Appliances Hide 4p pllancels Reset View Background w Details Sentriant Operation Console 2 4 User Guide Monitor Show All Appliances In a small deployment it may be beneficial to view all Sentriants in all the domains To show all the appliances within all domains 1 Right click in the Radial view panel 2 Select Show All Appliance s from the menu sl a Lape fal boon Lamien All appliances in all domains are displayed Ser ha Opar alien Consol Hide Appliances If it is no longer n
43. e a cea a c Domain Policy Distribution E AUSODI 192 168 21 59 2 20 4265 E ausoo2 192 168 21 88 2 20 0000 Software Update Details Update Type Description Version Sentriant Operation Console 2 4 User Guide Removing Appliances To remove appliances from SOC 1 From the Setup Tab select Appliance 2 Click the Remove Appliance button or right click and select Remove Appliance Sentriant Operation Console File View Setup Help Monitor Setup Setup Appliance baste All v oo eS xw qpo sox Policy Distribution All Huso 192 168 21 59 220 4402 c245 E auso02 192 168 21 71 pajas 192 168 21 85 2 20 4291 _To Be Filled By 0 E M _ Software Update Details Version Update Type Description E Reason failure to register appliance AUS002 192 168 21 71 All java lang RuntimeE xception 3 Click OK Sentriant Operation Console Fie View Setup Help Monitor Setup 4 oD z0x Setup Appliance o Jag i Domain Policy Distribution All Aaus 192 168 21 59 2 20 4402 c245 Ea Remove action x _To Be Filled By 0 E M _ Do you really want to remove selected appliance Software Update a Reason failure to register appliance AUS002 192 168 21 71 All java lang RuntimeE xception Sentriant Operation Console 2 4 User Guide The appliance is removed from SOC E Sentrian
44. e username and password Sentriant Operation Console 2 4 User Guide 5 Click OK Sentriant Operation Console File View Setup Help Monitor Setup Monitor Setup Appliance 2 2 4 b O aa O x allt Add Appliance x Domain Policy Distribution ig peen Software Update g IP Address 192 168 21 59 Port 4 Domain 5 _ToBe Filled B Username c244 Password MNAPO40GT c244 owen o The appliance is added as a member of SOC E Sentriant Operation Console File view Setup Help Monitor Setup Setup Appliance 22 O 0x Appliance all Domain BAON Donn Jare prae pen oomai Pein Tie Utah E Moab 192 168 21 111 New Mexico E Sandia 192 168 21 77 Texas E Dallas 192 168 21 88 2 20 4571 c244 Colorado E Montrose 192 168 21 85 2 20 4572 _To Be Filled Texas E San Antonio 192 168 21 71 2 20 4572 MNAPO40GT E Senora 192 168 21 100 2 20 4571 c244 192 168 21 59 Software Update Details Version Update Type Description E Fri Jul 08 11 16 32 CDT 2005 Connected Sentriant Operation Console 2 4 User Guide View Appliance Information The Setup Panel provides a list of appliances that are SOC members Selecting an individual appliance provides additional details To display information about an appliance 1 From the Setup tab click Appliance Sentriant Operation Console File view S
45. eate a support incident through the portal and reference the incident number If you report an incident with Sentriant Operation Console please include the following information e Your name E mail phone and fax number e A description of the incident and what you were trying to do Sentriant Manager Software version number Sentriant Operation Console 2 4 User Guide Sentriant Operation Console 2 4 User Guide Monitor The SOC Monitor Panel provides a navigation view for ascertaining threat and appliance status across multiple domains containing multiple appliances When SOC is launched the Monitor Panel displays a navigation tree on the left of the screen that represents nodes of the enterprise or domains Domains may contain sub domains based on network deployment Domains is where appliances are added as members of SOC that have been deployed throughout an enterprise Selecting a domain will display the appliances within the domain in the information panel to the right of the navigation tree Appliance information is relayed to the operator to include the appliance name threats detected responses sent to threat sources and appliance availability Appliance information can be viewed in two modes a table mode that displays appliances under a single domain in a tabular view and a radial view that displays the entire enterprise deployment graphically like the spokes of a wheel The center of the wheel is the highest level or root
46. ecessary to show appliances or you need more space to display another domain s appliances you can hide appliances 1 Right click a domain from the Radial view 2 Select Hide Appliance s from the menu G0 to Domain Launch Sentriant Manager Show Appliances Hide AEAEE 5 The appliance s within the domain are hidden eee e A O AlTheas o w Threats ka AlResponses AlResponses ka ole eomer e faee A L dhe Toncakt any eiad 192 1ER UDR 32 4 a beet iaa M et am O Sentriant Operation Console 2 4 User Guide Reset View Resetting the view allows you to reset the Radial view showing the highest domain level and second level sub domains For example if you are showing third level sub domains and or appliance click the Reset View action will reset the view to display only the highest level domain and second level sub domains Third and lower domains and appliances will be hidden 1 Right click a domain from the Radial view 2 Select Reset View from the menu Yi Y A F 60 to Domain ri Launch Sentriant Manager IE oo yas Show 4ppliancels r Pi ri ne Hide Appliances Pa E s STT gt ale Reset View h M M lull Calo ta a t r E E ee ee ee pre p r E p ah o G at a ee B pa F _ F ee The Radial view returns to the default view of showing highest domain level and second level sub domains Colorado New Mexico ee eee lee l
47. egment Set Default segment Segments 17740341 32 priority Threat High 1 100 Sentriant Operation Console 2 4 User Guide Policy Distribution Panel The Policy Panel is where you will create distribute and maintain policy distributions The Policy Panel consists of an Information Panel where you create policy distributions and apply them to appliances A policy distribution is a set of threat rules configured on a Sentriant appliance that have detection and mitigation settings based on the type of deployment SOC has the ability to capture the policy from one Sentriant appliance and send it to other appliances that are members of SOC Creating a Policy Distribution Adding a policy distribution 1 From the Setup Tab select Policy Distribution 2 Click the New Policy Distribution button Sentriant Operation Console File view Setup Help Monitor Setup Setup Policy Distribution vi 1 3 4 gt Bo O x i ppliance o5 i Domain New Policy Distribution ESP olicy Distribution Please select the action to create a new Policy Distribution 3 Enter a name and select a source appliance from the drop down list The policy configuration on the source appliance will be sent to appliances in the distribution list Ed note The appliances in the distribution list must be the same version as the source appliance Sentriant Operation Console 2 4 User Guide 4 Click OK to save the policy distributi
48. elect Sentriant Manager All Threats ka All Responses wt sawm oe Sous tne tes Roo q A q aA Too Many Unused 192 168 102 1 Tue 0621 2005 02 38 Sy ALSO Track TE f Unused Contact 197 16810 ve 06 21 2005 0 E ausoo W Track Sentriant Manager ogo Om Threat Response eS Sl eee Fie View Monitor Events Reports view Config Edit Config Appliance Help Monite Everts Reports View Config Edt Config Appliance Monitor Sources et 4 0 2 0X at helwa Acii _Disengags Gy Derma vO OTag T02 3158702 w w Refesh g Emot 7 T Souce IP Taigets Segment Response T Target IP aget i Tiii Tue 06 21 2005 02 101 OTagii0 Deceive 192 168 102 200 r E 13216810533 Tue 05 21 2005 02384 1 Unprotected Deceme 1521681015 Adcecs Space 2 192161021 P Aco Acii 152168102137 19216810211 OOB0 00 97 15 15 Start Tue 06 21 2005 0235 49 Po Last Trais Tue 067 2172005 0349 20 Fii j EJ a a 2e 067212005 20 49 Cocedinated Universal Time Results group Segmeri Set Defaut segment Segments 576434659 picats All Theat 2 100 Help Sentriant Operation Console 2 4 User Guide Radial View The radial view displays the entire enterprise deployment graphically like the spokes of a wheel The center of the wheel is the highest level or root of the deployment with each spoke representing a branch of the network Appliances are located at the end of each branc
49. erminology used by Sentriant Networks Favorites gives you quick access to topics that you designate for future reference Navigating the Sentriant Operation Console The Sentriant Operation Console provides a variety of standard navigation tools for finding your way around and locating information you need quickly You can customize views to suit your need or hide them to save space Sentriant Operation Console 2 4 User Guide Menu Bar Clicking an item on the Menu Bar opens a drop down menu of commands Clicking a menu command either carries out the command or opens a sub menu or dialog box with additional choices An arrow symbol next to a command signifies a sub menu an ellipsis signifies a dialog box Sentriant Operation Console wi View Setup Help Change Password x EEE Communication Preferences User Preferences i City Campus 2 E City Campus 1 wh None wow City Campus 3 E City Campus 2 wh Hone mm E ee e s ad City Campus a Je o o ah None Se Bi Some menu commands turn a view off and on A check mark next to the menu command indicates that the setting is currently on Sentriant Operation Console Hee Setup Help ow General Status Moe a EAP in Monitor Main Campus Main Campus seen City Campus 1 City Campus 1 A None n T i Hong ss net d City Campus 2 d City Campus 3 ee n ee m In a
50. etup Help Monitor Setup Setup Appliance v 2 2 4 gt C os gO x lt m JE i Domain X _ Policy Distribution E AUSOO 192 168 21 59 220 4265 E AUS002 192 168 21 88 2 20 0000 The Appliance Panel opens and displays appliance that are members of the SOC Appliance parameters are displayed in the information panel for the following Domain the domain where the appliance resides Availability the status of the appliance Name the appliance name IP Address the IP Address of the appliance Version the version number of the Sentriant software Software Update the version number of available Sentriant software updates Appliance Type the model number of the Sentriant appliance Sentriant Operation Console 2 4 User Guide To view appliance details 1 Double click on an appliance or right click and select Details E Sentriant Operation Console File view Setup Help Monitor Setup qxz qpoxwox Setup Appliance cael Domain Policy Distribution E AUSODI 192 168 21 59 2 20 4265 E ausoo2 192 168 21 88 2 20 0000 gp Appliance Appliance Cc Appliance Launch Sentriant Manager Enable Disable Backup Rollback E The Software Update Details panel opens that displays software updates available for appliances E Sentriant Operation Console File view Setup Help Monitor Setup viz2 pow ox Setup Applianc
51. evel one and then the four campuses at level two SOC has no limit on the number of domain levels that may be created Creating Domains To create domains 1 From the Setup Tab select Domain 2 Click the New Domain Appliance button or right click on a domain and select Add Domain Sentriant Operation Console File View Setup Help Monitor Setup Setup Domain v 2 3 4 gt O 85 O x i ppliance 5 Al Policy Distribution pa uso pg eusooz pa ausos Sentriant Operation Console 2 4 User Guide 3 The New Domain or Appliance dialog opens Select Domain from the drop down list Sentriant Operation Console DX a Moritor Setup y2 O oO 0x 4 Enter a name for the domain and click OK Sentriant Operation Console i i oman H Policy Distribution The new domain is added to the information panel Sentriant Operation Console File View Setup Help Monitor Setup Setup Domain i 23 O 0O 2 0X gss Viewing Domain Information To display information about a domain 1 From the Setup tab click Domain Sentriant Operation Console File view Setup Help Monitor Setup Seip Domain i 2 3 4 gt oo O x vn Appliance The Domain Panel opens and displays domains and appliances that are members of the SOC The default domain All is shown in the Information Panel along with any appl
52. g the Sentriant Operation Console O dd NOTE You can download the installer save it locally and perform the install to reduce network traffic After downloading double click SOC x x x xxxx windows Installer exe O dd NOTE You do not need to install any other software A Java virtual machine is included with this download Follow the on screen instructions Sentriant Operation Console 2 4 User Guide Getting Started Extreme Networks provides an online help system where you can find information for using Sentriant Operation Console Running Sentriant Operation Console To start Sentriant Operation Console in Windows Choose Start gt Programs gt Sentriant Operation Console gt SentriantOpConsole Log In to Sentriant Operation Console To login to Sentriant Operation Console you will need to be a user of the system and have the IP Address of a Sentriant appliance which you will be connecting to To login to Sentriant Operation Console From the Sentriant Operation Console Login screen type in enter your user password Example e Click Login Sentriant Operation Console Login Version 2 22 4736 Copyright c 2004 2005 Extreme Networks Inc and its Licensors toon Using the On line Help System Sentriant Operation Console also includes complete documentation in a Java based help system The Sentriant Operation Console Help system includes all of the information in this User Guide Online
53. h The Radial View displays domains and appliance in a graphical view Clicking a domain displays the sub domains and appliances that are part of the domain Clicking a sub domain displays the appliances of the sub domain Clicking an appliance will display icons for threats responses and availability of the appliance The purpose of this panel is to provide a means of ascertaining threats responses and appliance status within a large deployment that reside in many domains The main difference from the table and radial views is that you can display sub domains and appliances in one view and determine which domain or appliance has detected threats Once the appliance has been determined you can move to it quickly without having to navigate through a tree View Domains and Appliances from the Radial View The radial view displays the entire enterprise deployment graphically like the spokes of a wheel The center of the wheel is the highest level or root of the deployment with each spoke representing a branch of the network Appliances are located at the end of each branch The benefits of the Radial view is where there is a large deployment of appliances that reside in many domains For example the following diagram shows an enterprise deployment to a university with a main campus and three remote city campuses The main campus has three Sentriant appliances deployed and each remote campus has a two Sentriant appliances deployed city campus 1
54. he information list displays a breakdown of all threats detected from a domain or appliance This view differs from the Information Panel in that the information panel show a roll up of the highest threat priority only The detail information list displays a breakdown of all threats detected The following data is displayed in the information list threat priority rule that has been triggered e source IP Address date and time the threat triggered appliance name and status response type taken against the threat Launch Sentriant Manager from Table View There are two locations from where you can launch Sentriant Manager To Launch Sentriant Manager from the Information Panel 1 From the Monitor Panel select an appliance from the Information Panel 2 Right click to bring up the menu and select Launch Sentriant Manager Name Threat Response Availability F E ausoo 192 168 21 59 Threat High B Danais E Normal E DALOUT 132 168 21 85 wh None Launch Sentriant Manager Select All Deselect All s Details p p g per mr 1 a o i we sm r EA k 7 pmr 7 a n EE Sentriant Operation Console 2 4 User Guide To Launch Sentriant Manager from the Details Panel 1 From the Monitor Panel select an appliance from the Information Panel 2 Right click to bring up the menu and select Details 3 Select a threat from the information list 4 Right click to bring up the menu and s
55. hen the policy distribution completed At the bottom of the screen is where appliances are added to the destination list by clicking the New Destination button and adding appliances from the dialog Clicking the Distribute button located on the lower right of the screen opens a dialog where you start the distribution Sentriant Operation Console 2 4 User Guide Delete Policy Distribution To delete a policy distribution 1 From the Setup Tab select Policy Distribution 2 Select a policy distribution from the left navigation panel 3 Click the Delete Policy Distribution button Sentriant Operation Console File View Setup Help Monitor Setup Setup Policy Distribution MAIN to CITY ya apo aoOx Appliance i Domain IN to CITY Policy Distribution Source Status Last Started Last Completed Destination Appliance 4 4 The Delete action dialog opens Click OK Sentriant Operation Console File View Setup Help Monitor Setup Setup Policy Distribution MAIN to CITY vi13 Q08 ox Appliance Domain Name MAIN to CITY Policy Distribution fl BAIN to CITY SOUS A Manco Status Delete action Last Started Do you really want to delete selected policy distribution Sentriant Operation Console 2 4 User Guide The policy distribution is deleted from SOC E Sentriant Operation Console File view Setup Help Setup
56. iances that have been added as members Sentriant Operation Console 2 4 User Guide Deleting Domains To delete a domain 1 From the Setup Tab select Domain 2 Click the Delete Domain Appliance button or right click the domain and select Delete Domain EEk Sentriant Operation Console Fie View Setup Help Monitor Setup Setup Domain v 2 3 4 gt Bg x Appliance P gt Domain X All Policy Distribution 3 The Delete action dialog opens Click OK Sentriant Operation Console File View Setup Help Monitor Setup Setup Domain i 2 3 4 gt O aa O x vee Appliance Policy Distribution ERICA Sentriant Operation Console 2 4 User Guide The domain is deleted from SOC Sentriant Operation Console DER Setup Domain i 23 DO amp OX Appliance cme Policy Distribution Editing Domains To edit a domain from SOC 1 From the Setup Tab select Domain 2 Click the Edit Domain Appliance button or right click and select Edit Sentriant Operation Console File View Setup Help Monitor Setup Setup Domain v 23 O DO 2 0X pian Z Edit N c Delete Move To Launch Sentriant Manager Sentriant Operation Console 2 4 User Guide 3 The Edit Domain Name dialog opens Enter a new name for domain 4 Click OK Sentriant Operation Console H H Bp omain Policy Distribution
57. idual appliance information you may show appliances within a domain Sentriant Operation Console 2 4 User Guide To show appliances Right click a domain and select Show Appliance s a eae a Pa Se 0 bo Domain Launch Sentriant Manager Show Appliances Hide 4ppliancets Reset view w Details a mEn p 4 r 7 mir a e zii 7 J The appliances for the selected domain are displayed with threat and response counters In the example below the appliance named Austin shows that it has detected one threat that is targeting 101 workstation within the protected segments The details panel displays the threat rule that has been triggered the sources IP Address a timestamp when the threat triggered the rule the status and name of the appliance and response type sent to the source j i F i i i H 4 p l 1 i OO 1 g1 og 0 0 0 Pr Calmette Uiii M ioia bo e a BP ties texto i aar i E OEN j Wees fanani F Pal Austin oS T A i0 F 2 102 k All Threats 1 All Aapon s JA Too Mary Unused 192 168 105 33 Wed 07 06 2005 1046 AM E Qei T Deceive Results Domaine Appliances Detections3 Flesponses Sentriant Operation Console 2 4 User Guide Radial View Actions You may perform actions on the radial view domain and appliances by right clicking in the radial view Below are the available actions Go To Domain The Go to Domain action will navigate to the
58. iew Setup Help Yin Monitor Setup Ba Setup Appliance vi 2 2 4 gt C oo O x Ts ppliance All i Domain Policy Distribution All EN 5001 192 168 21 59 2 20 4402 c245 Dallas 2 20 4291 _To Be Filled By 0 E M _ Software Update Details Version Update Type Description Appliance Software Updates note The appliance software update feature is not implemented at this time The below procedures are for reference only The appliance software update feature will be implemented in a later version of the software Sentriant appliance software updates can be performed from SOC Available software updates are listed in the Software Update Details panel and in the Software Updates column The list contains the version number of the update the type of update and a description Selecting an update will start the download and patching process to the appliance Only valid patches will be displayed in the list based on the type of appliance Sentriant Operation Console 2 4 User Guide To view available software updates 1 From the Setup Tab click Appliance from the list on the left of the screen 2 Locate and select an appliance to update Sentriant Operation Console mak File view Setup Help Monitor Setup Setup Appliance 2 2 4 p CO 65 O x Appliance main campus x Donn Jav pee Pate enn Sat Users 192 168 217 111 c
59. iguration and Sentriant maintenance A piece of a message transmitted over a network One of the key features of a packet is that it contains the destination address in addition to the data An Sentriant can be configured with packet match rules The administrator can define a specific portion of the packet which must match a supplied data value In defining the packet location the admin must specify the packet base The base is a well known defined location in the packet by protocol specification A packet match rule specifying an application based location indicates that the offset and data parameters should be applied starting at the end of the the Transport Header This is typically considered the data portion of the TCP or UDP packet In ICMP it marks the end of the ICMP control header and the beginning of the ICMP data The application header extends to the end of the data packet A packet match rule that compares the contents or data of a packet at the specified base offset with the user supplied data value If a mask is specified then the contents of the packet at the specified base offset will first be logically AND ed with the Mask value and the result will be compared to the data value A packet match rule specifying a frame based location indicates that the offset and data parameters should be applied starting from the Frame header of the packet Most commonly the Ethernet header is stored within the Network portion of
60. ilters can be set to select only the threat priority and responses to be displayed in the counter The list to the right of the counter displays threat information Selecting Trends from the Threat Trend drop down list will bring up a chart The Trend chart shows threats and responses over time and begins collecting data once the Sentriant appliances are started Threat and response information is historical and updates periodically therefore may not match what is displayed in the counters Sentriant Operation Console 2 4 User Guide Viewing Domain and Appliance Details from Table View To view Threat Details 1 From the Monitor Panel select a domain from the list 2 Double click an appliance from the information panel or select and right click to bring up the menu and select Details Sentriant Operation Console File View Setup Help Monitor S etup Monitor All Texas i 1 4 gt J oo O xX gt g a Table L Arizona E ausoo Ge2iG noina W Deceive E Normal Go to Domain Launch Sentriant Manager Select All Deselect All Details Results Domain 0 Appliance 2 The Details Panel opens with a set of drop down lists across the top a threat response counter to the right and an information list displaying active threats for the domain or appliance selected Sentriant Operation Console File View Setup Help Monitor Setup Monitor All Texas 4 gt CO os gO XxX jr All Table
61. in can specify the direction in which packet match traffic should be inspected When Transmit is selected the packets which are transmitted by the source are inspected to determine if the packet contents match the supplied parameters A packet match rule specifying a transport based location indicates that the offset and data parameters should be applied starting from the Transport header of the packet Most commonly the TCP UDP or ICMP protocol header is stored within the Transport portion of the packet A personality is configured artificial OS personality that is used to mislead source hosts when a query or probe is conducted A personality can be configured as a Linux Windows 98 Windows XP based system or a user customized personality Responses to hosts can be set to snare slow scan or both Ports may be added to the personality that are watched for source host activity A personality set is made up of multiple personalities The percentage of personalities sent to a host may be configured within a set For example a personality set may consist of Linux Windows 98 and Windows XP Each is set to 30 percent as a response with the remaining 10 percent set to vacant A ping flood is an attempt to use Internet Control Message Protocol ICMP based packets for example to attempt a denial of service ping attack to determine the layout of a network A collection of configuration settings that are applied to a segment set that defi
62. ity campus 3 city campus 1 city campus 1 city campus 2 city campus 2 city campus 3 main campus E Cie E civ1 o0 E civ1 002 E cirv2 o01 E cirv2 002 E civ2 002 E WMAINOOT 192 168 21 88 192 168 21 71 192 168 21 100 192 168 21 85 192 168 21 106 192 168 21 59 2 20 4482 2 20 4472 2 20 4480 2 20 4480 2 20 4480 2 20 4480 2 20 4482 c244 MNAPO4OGT c244 To Be Filled c244 Software Update Details Version Update Type 2 20 4482 Upgrade SP2 Data export and named sets A list of available software updates is displayed in the Software Update Details panel 3 Right click the patch and select Software Update Sentriant Operation Console SEE File View Setup Help Monitor Setup Setup Appliance Domain main campus x Donn Jao pee erae fyen oota Users Policy Distribution city campus 3 city campus 1 city campus 1 city campus 2 city campus 2 city campus 3 main campus E Ce E civ1 00 E civ1 002 E Cia E Gan E Ce E MAINOO1 192 168 21 111 192 168 21 88 192 168 21 71 192 168 21 100 192 168 21 85 192 168 21 106 192 168 21 59 2 20 4482 2 20 4472 2 20 4480 2 20 4480 2 20 4480 2 20 4480 2 20 4482 c244 MNAPOSOGT c244 To Be Filled c244 Software Update Details Version Update Type Upgrade SP2 Data export and named sets Software Update Sentriant Operation Console 2 4 U
63. lay the assigned appliance for Sentriant Operation Console 2 4 User Guide that domain For Windows a plus sign next to a folder icon indicates a closed folder a minus sign indicates an open folder Sentriant Operation Console File View Setup Help Ban Monitor Zampus City Campus 1 viin coo se OxX W a Main Campus able J a City Campus 3 City Campus 1 i d City Campus 2 J CiTY1 001 192 168 21 88 a None W None E Normal Threats v All Threats v All Responses 0 a0 0 0 oo 0g 0 i a Sentriant Operation Console 2 4 User Guide Rule Source IP Time Appliance Response Results Domain 0 Appliance 1 Information Panel The large area that occupies most of the program window is the Information Panel which displays the contents of a selected object Each object has a corresponding panel that provides menus and tools specific to the tasks that you may need to perform while working in that object Sentriant Operation Console SEE File view Setup Help Monitor Setup Monitor Main Campus v 11 4 gt C oo O XxX g Table v City Campus 1 a a E e P E City Campus 1 wd None E Normal City Campus 2 wm None Ww E Disabled City Campus 3 3 None E Disabled J MAINOO1 192 168 21 59 yh None j g Normal gt City Campus 3 Threats v All Threats v All Res
64. lity of the appliances within the domain or if an appliance is selected The purpose of this panel is to provide a means of ascertaining threat and appliance status across multiple domains containing multiple appliances View Domains and Appliances from the Table View The Table View displays domains which may have sub domains Each domain may have a single or multiple appliances assigned to it For example the following diagram shows an enterprise deployment to a university with a main campus and three remote city campuses The main campus has three Sentriant appliances deployed and each remote campus has a two Sentriant appliances deployed Sentriant Operation Console 2 4 User Guide city campus 1 main campus city campus 2 city campus 3 The table view will look like this Sentriant Operation Console Ju o oOx Bee i cay compass E city capu lll chy campus J city campus 1 W city campus 2 B city campus 3 pA rain campus 001 192 168 21 59 pA tren campu 002 192 168 21 7 p nan campus 003 192 168 21 100 The Table view is made up of three components on the left of the screen is the Domains List on the right of the screen is the Information Panel and at the bottom of the screen is the Details Panel Domains List Domains display an icon that represents the health and status of the domain The tree displays top level domains Clicking on the plus icon will open the folder
65. low Sentriant Operation Console 2 4 User Guide m Cloak A patent pending technique by which the Sentriant appliance unilaterally controls and terminates a communications flow between two or more computers m Deceive Snare and Slow Scan Sentriant appliances use a special deceiving technique to engage and hold TCP based attacks thus preventing them from spreading Snaring stops an attacking threat from moving to another computer Slow Scan send the attacking threat traffic designed to significantly increase the time it takes for an external host to scan the monitored network causing the attacker to consume time and resources Track A Sentriant appliance monitors the communication between two or more computers but does not take a response action I None No response is invoked The Appliance Health icon represent an aggregate operating status for all Sentriant appliance s managed under SOC If an error or warning is encountered with an appliance the icon will change accordingly displaying the highest severity For example a domain made up of four 4 appliances encounters an error with one appliance and another has a warning The Appliance Health icon will show that there is an appliance with an error since it is a higher severity Clicking on the icon will navigate to the appliance with the error The appliance states are described below E etl An error has been found with a Sentriant appliance E warming A Warning with the
66. may be added as a member of SOC from the Domain Panel This is beneficial when creating a new environment with multiple domains You can create a domain and then begin to add appliances directly to the domain To Add an appliance to SOC from the Domain Panel 1 From the Setup Tab select Domain 2 Click the New Domain Appliance button or right click on a domain and select Add Appliance Sentriant Operation Console File View Setup Help Monitor Setup Setup Appliance SD omain i Policy Distribution Domain vi23 qpoxzox Co Delete Move To FED Launch Sentriant Manager usoni Sentriant Operation Console 2 4 User Guide 3 Enter the name and IP Address of the appliance Note the domain has already been selected 4 Enter the username and password 5 Click OK Sentriant Operation Console File View Setup Help Monitor Setup Setup Domain Appliance E aaa Appliance i Domain omain Policy Distribution Sedona001 IP Address 192 168 21 77 Domain Arizona Username Password Cancel The appliance is added as a member of SOC and placed under the selected domain Sentriant Operation Console File View Setup Help Monitor Setup Setup Domain v 23 O D ax Appliance dh B ESD oman i eames Ae All Policy Distribution Arizona SedonaQ0 New Mexico N S Texas Austin Texas
67. med items segment configuration settings and policy settings You should backup the appliance anytime you are performing a software update or policy distribution To backup an appliance s configuration 1 From the Setup Tab select Appliance 2 Right click an appliance and select Backup Configuration Sentriant Operation Console File view Setup Help Monitor Setup Setup Appliance i 2 2 4 gt O oo O x Bp plance HAE i Domain Policy Distribution AUSOO1 z 20 4402 c245 E Appliance Dall DALOO1 20 4291 To Be Filled By 0 E M Ha l Appliance ee i Launch Sentriant Manager Enable Disable Software Update Details Rollback Version Details Description Launched Sentriant Manager Sentriant Operation Console 2 4 User Guide The Backup Appliance Action dialog opens with the default backup path You may change the path by clicking the Edit Backup Path button and entering a new path Sentriant Operation Console File View Setup Help Monitor Setup Bime a 4bOR OX Appliance Backup Appliance Action Domain Policy Distribution ere Ast Appliance Type IP Address 192 168 21 59 c245 Backup Path C Program Files Sentriant0 pConsole policybackup 4US001 Launched Sentriant Manager 3 Click the Backup button Sentriant Operation Console File View Setup Help Monitor
68. nes Sentriant detection and response actions In a port scan a host on the network scans a specified number of ports on a single target has been detected This could indicate an attempt to determine what services are running on the scanned host Refers to the primary Sentriant that is managing a fabric The primary Sentriant is configured with the management segment database and has support logs for the fabric Sentriant Operation Console 2 4 User Guide P Continued protected range Qtag radial view response rollback rule rule set segment set slow scanning SMTP The range of IP Addresses under the protection of an Sentriant The Institute of Electrical and Electronics Engineers IEEE standard 802 10 enables VLAN traffic to span many broadcast domains or switches It does this by inserting a special Qtag that carries a VLAN identifier VID into each Ethernet frame This tagged traffic carries VLAN membership information between switches thus enabling a VLAN to span multiple switches Displays the entire enterprise deployment graphically like the spokes of a wheel The center of the wheel is the highest domain level Each spoke represents a branch of the network Appliances are located at the end of each branch The action taken by the Sentriant using configurable rules to counter potential worms or viruses that may attack or infect hosts Rules are configured that look inside individual packets for
69. ng Domains 81 Details Panel 32 Details Panel Drop down Lists 34 detection 106 DNS 106 Domain Panel 78 Domains List 30 Domains Appliances 31 Sentriant Operation Console 2 4 User Guide E Editing Appliances 65 Editing Appliances from the Domain Panel 90 Editing Domains 82 Editing Policy Distribution 102 event viewer 106 exclude 107 Extreme Networks Support 5 F fabric 107 Favorites 9 Finding Appliances 52 frame 109 G General Status Bar 11 General Status Message 13 Getting Started 6 Glossary 9 Go To Domain 44 H Hide Appliances 48 Icon Legend 26 include 107 Index 9 Information List 34 Information Panel 16 Installing Sentriant Operation Console 5 Introduction 5 IP address 107 L Launch Sentriant Manager from Radial View 51 Launch Sentriant Manager from Table View 34 Launch Sentriant Manager from the Domain Panel 93 Launching Sentriant Manager 72 Log In to Sentriant Operation Console 6 M match 109 Menu Bar 10 Monitor 29 monitor 108 Moving a Domain 84 Moving an Appliance 92 Navigating the Sentriant Operation Console 9 network 109 NMAP 108 NTP 108 0 observer 109 offset 110 operator 109 Overview 9 P packet 109 Panel Navigation Bar 16 personality 110 personality set 110 policy 110 Policy Distribution Panel 95 primary 110 priority levels 11 Q Qtag 111 R Radial View 36 Radial View A
70. nged in columns that you can sort hide and resize Setting User Preferences To set user preferences 1 From the Menu select File gt User Preferences Sentriant Operation Console wi View Setup Help Find Appliance Change Password Path Preferences Main Campus Communication Preferences l a User Preterences Table Nowa the 7 d City Campus 2 E City Campus 1 w Mone o Nor i d City Campus 3 i l City Campus 2 None Lal No d fe l City Campus 3 None Lal N d J pA Hanon 192 168 2159 ah None TE pe Mpa r A a e ae g m HM e ee amai _ ee ee ee m o e The User Preferences dialog opens From this dialog you can change the panel that opens when you start SOC and how the help system is displayed 2 From the Startup drop down list select either Last panel before exit or Use current panel If you select Last panel before exit the last panel you had open will reopen the next time you start SOC If you select Use current panel the panel you have open when setting this option will open the next time you start SOC Sentriant Operation Console 2 4 User Guide 3 From the Help drop down list select either Console Popup Window or Help System Selecting Console will display the console with SOC in the information panel selecting Popup Window will open a browser like window selecting Help System will display help in Java Help application User Preferences St
71. nslates domain names into IP addresses A group of appliances that are administered as a unit with common rules and procedures A domain may also have sub domains further grouping appliances by geographical location rules or business processes To manually escalate the priority status of a threat to a higher priority level The priority level can be escalated from any priority to a higher priority by applying a configured rule to the threat For example a low priority can be escalated to a high priority The threat will remain at the higher priority until the rule times out The threat if still present will return as the lower priority if it triggers a rule Sentriant Operation Console 2 4 User Guide E Continued event viewer The event viewer panel used to view and manage network activity events The Events Viewer maintains logs about Sentriant configuration network activity events exclude Exclude is used to fine tune IP Addresses and ports to be monitored when Include is used to monitor range s of IP Addresses For example if an IP Address falls within the Include IP Addresses that are used for network management purposes only it may become necessary to exclude that IP Address to prevent erroneous threats By adding the IP Address to the Exclude tables it will not be monitored by the Sentriant fabric Term used that covers the IP Addresses and traffic between the IP Addresses monitored by Sentriant s A fabric may be made
72. nt Operation Console 2 4 User Guide 2 Enter the IP Address or name of the appliance 3 Click Find Find a Appliance Ed Radde Mane 192 168 21 88 Go to Monitor Go to Setup A message is displayed with the Name IP Address and the Domain where the appliance is located 4 Click either the Go to Monitor or Go to Setup to navigate to the appliance Find a Appliance Ed Fadde Nane 192 168 21 88 Found Appliance Name CIT 1 001 IF Address 192 168 21 88D omain city campus 1 atakonta Go to Setup Sentriant Operation Console 2 4 User Guide Depending on which button is clicked will take you the either the Monitor or Setup panel with the appliance highlighted Sentriant Operation Console SEs Monitor Setup Monitor im dbo s OX city campus 1 es tes eee pe city campus 2 a l 1 a 2 one one oma CITY1 001 192 168 21 88 N N Normal p ETr 002 192 168 21 71 T None d city campus 3 All Threats k All Responses ka ojee Jeomee ime oere Results Domain 0 Applance 2 Setting Preferences The Sentriant Operation Console is installed with pre defined settings for password paths communications and user preferences Settings may be customized as necessary Changing Password To change S0C password 1 From the Menu select File gt Change Password Sentriant Operation Console nia View Setup Help Find 4ppliance Change Password Path Preferences main Campus city
73. on and close the dialog Sentriant Operation Console File view Setup Help Monitor Setup Setup Policy Distribution i 143 4 gt aa O x Appliance Er i Domain ew Policy Distribution Policy Distribution Name MAIN to CITY Source Distribution Adding Destinations Once the source appliance has been identified select the appliance which will receive the policy 5 Click the New Destination button E Sentriant Operation Console File view Setup Help Policy Distribution MAIN to CITY vw OD 20x Appliance Domain Name MAIN to CITY Policy Distribution BAIN to CITY Source A man Status Last Started Last Completed Destination Distribute Sentriant Operation Console 2 4 User Guide 6 Select the appliances that will receive the distribution You may multi select appliances from the list 7 Click OK Sentriant Operation Console Seles File view Setup Help Select an appliance Monitor Setup Appliance Setup CITY1 001 13 4 gt O 2 0X Appliance CITY2 001 z Domain CITY3 001 Policy Distribution i BB AAIN to CITY Cancel Distribute The appliances are added to the distribution list See Starting a Policy Distribution to learn about sending policy distributions to destination appliances E Sentriant Operation Console File view Setup Help
74. one j Disabled City Campus 3 wA None Disabled A manon 192 168 21 59 j Threat High Normal Threats v All Threats v All Responses 1 A 100 Rule Source IP Time Appliance Response 0 A 0 Too Many Unused 192 168 105 33 Thu 06 30 2005 02 E MAINOO1 wy Deceive 1 amp 1 0 A 0 0 a Threat Response Results Domain 3 Appliance 1 Sorting Availability Clicking the Availability row header in the Monitor Panel will sort responses to threats based on appliance health When you see the arrow in the row header pointing up the sort will start with the appliances in a normal working state and increase in the following order Normal Warning Error and Sentriant Operation Console 2 4 User Guide Off at the end of the list Clicking the row again will sort the list with Off at the beginning of the list and Normal at the end Sentriant Operation Console File view Setup Help Monitor Setup Monitor Main Campus i 1 4 gt oo O x Table i City Campus 1 L City Campus 2 City Campus 1 None W None Normal A manon 192 168 21 59 j Threat High E Deceive Normal a City Campus 2 None y None Disabled a City Campus 3 a City Campus 3 N None W None Disabled Threats v All Threats v All Responses 1 A 101 Rule Source IP Time Appliance Response 0 A 0 Too Many Unused 192 168 105 33 Thu 06 30 2005
75. ponses v 0 A 0 Pule Souce IP Time Appliance Response 0 0 A0 0g 0 0 m0 Threat Response Results Domain 3 Appliance 1 Selecting a tab and then clicking a folder in the Folder List displays one of the following panels Monitor From this panel you can view and manage appliances and threats The Monitor Panel displays threat and response information rolled up for the selected domain Selecting an appliance displays only threat and response information for the selected appliance You may multi select domains that reside under the main domain and or appliances to view threat and response information Setup From this panel you can create domains and add appliances as members of SOC The Setup Panel displays domains and appliances in a navigable tree format Domains can have multiple layers of domains Appliance and domains can be moved from one location to another Panel Navigation Bar The Panel Navigation Bar provides a means of changing the way panels are displayed within the Information Panel A drop down list keeps track of opened category panels Controls for changing Sentriant Operation Console 2 4 User Guide information panels are provided and determine how the panels are displayed Panels can be turned off tiled or displayed singularly Sentriant Operation Console File View Setup Help Monitor Setup Monitor F ain Campus Rain Camps O Ma ox 1 1 4 gt C aa O x i Cit
76. ppings or when a spoofed packet is sent through a gateway utilizing a protected IP Address The ability to detect and track suspicious and potentially threatening network behavior across one or more network segments that are under the protection of the Sentriant Threat behavior can be monitored whether it originates from a source inside or outside of the Sentriant s protected range The portion of an ARP Horizon or Broadcast Domain that is native to a switch and does not need Qtag identifiers since the IP Addresses are not broadcast as a VLAN The portion of an ARP Horizon or Broadcast Domain that is protected by the Sentriant The segment has multiple attributes that are necessary for proper operation that are configured using the Edit Configuration for segments A network scanning mapping tool used to determine the network topology and type of network Network Time Protocol A standard for synchronizing your system clock with the true time defined as the average of many high accuracy clocks around the world Sentriant Operation Console 2 4 User Guide observer operator packet packet match application data mask frame match network Extreme Networks Sentriant system user with read only access to the system and application controls Extreme Networks Sentriant system user with read write access to all of the application monitoring and display commands but does not have access to network segment conf
77. puneseuebaaabeasadserenseesuuslesabuctabstesuncesvsnenstensales 29 T VIO W tec Scenes etree E E E EET 29 Viewing Domain and Appliance Details from Table VieW ccccececeeeseeeeeeeeeeeeeeeeeteeeaeetatestaes 33 Ra VOW a E E uaa aininand catasenucsuavaesuauencuenes 36 FF CIS APHANE S osani EE ANETE AAE E A A EEREN 52 SSP P NEE ea a E E EE 54 Chapter 3 Setup annnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnn nnnnnn nnmnnn nenne 59 POA CSS Panel oerien E A E E A 59 Againne P10 ANC SS setnsten ape teceannee pect actarsis TE EENE E NEEE EAN E AEEA 60 View Appliance MTOM Ul Ol aatncdecs rcs onsdensancicastuiwnaeceaaracenenetanensaivenniamorasianupremeanectauneuestarninacned 62 REMOVING Appliances ssccuisaccwnidereunaievnonescnotinawasaenhestuenwteswesnseeastwedemesineadngocebuenedeemneudbessworwaind 64 WMS FAD WAN SS sa cre cues ences E EE O a eran 65 Appliance Software UPC ATES wiaiiavisscccsien coneaniwsuwetsicnadivsls Sucaulonsedienidaeswmeuidl vavilawacndiaaadeeadvnuweestddedaee nan 67 Disable Enable AppliantES seni sesetacncncdaccssncsmetaceacacsareumeustueei N a a AAEE ia 70 Launching Sentriant Manager ccccececececceeseeeeceeteeeeeeeeeeeeeeeeeeeeeeaeaeeeeeaeeeaeaesteeeaeatatsteeeneatanes 72 Backup Appliance Configuration ied cichintaaciccadesmessrandansineedea a a a 74 Rollback Policy Distribution snsesnesnnsnnnsnrsnrrerrssrrsrrrsrrerrnsrrnrrrerrnerreerrerrnerrerrnnrrnsrrerrneres
78. r filter on a domain named Main Campus containing 3 domains and 1 appliance The General Status Message returns Results Domain 3 Appliances 1 Sentriant Operation Console 2 4 User Guide Clicking the Help button brings up context sensitive help for the currently displayed panel Sentriant Operation Console File view Setup Help Monitor Setup Monitor City Campus 1 i City Campus 2 City Campus 3 Main Campus on oO Ox Tab and Folder List Table City Campus 1 City Campus 2 City Campus 3 None w None wA None A manon 192 168 21 59 a None Threats v All Threats v All Responses 0 a0 0 0 oo ogo i a Threat Response N Rule Source IP Time Appliance Response Results Domain 3 Appliance 1 The main SOC screen is divided into two panels The left side of the screen is dedicated to navigation and organizing similar information The Tab List has two tabs Monitor and Setup The Monitor Tab contains information and controls to monitor domains and appliances The Setup Tab contains information and controls to manage SOC configurations of domains appliances and policy distributions The Folder List is a tree list with a hierarchical structure graphically representing domains appliances and policies managed by SOC For example selecting a domain will disp
79. resses the status for each appliance will be updated Once the distribution has completed the status is updated to Success and the start end timestamps are updated 4 Click Done to close the dialog Sentriant Operation Fanenla File View Setup Help Policy Distribution Progress Monitor B etup Source E MAIN 001 Setup Status SUCCESS Appli a i PRAES Destinations Domain i Appliance Status Start Date End Date Policy Distribution E CITY1 001 SUCCESS Tue 07 05 2005 10 55 10 Tue 07 05 2005 10 55 17 BEVAN to CITY C E CITY2 001 SUCCESS Tue 07 05 2005 10 55 17 Tue 07 05 2005 10 55 25 E CITY3 001 SUCCESS Tue 07 05 2005 10 55 25 Tue 07 05 2005 10 55 31 Distribute Sentriant Operation Console 2 4 User Guide Editing Policy Distribution To edit the name of a policy distribution 1 From the Setup Tab select Policy Distribution 2 Select a policy distribution from the left navigation panel 3 Click the Edit Name button Sentriant Operation Console File View Setup Help Monitor Setup Setup Policy Distribution MAIN to CITY CAMPUSES v13 lt 4 a 0O X Appliance i Domain Name MAIN to CITY CAMPUSES Policy Distribution X Source E MAIN 001 DIY Status SUCCESS BS MAIN to CITY CAMPUSES Last Started Tue 07 05 2005 10 55 10 4M Last Completed Tue 07 05 2005 10 55 31 4M Destination Appliance
80. rrnene 77 DONO P ee E A A T pen E AE AE 78 Pea eE EE S A A A E AE E AN E A NNN E N E E EN A AT 78 Viewing Domain IMIonnatiOi soiien inea n aT NA A TEE aN 80 Deleting DOMAINS oe saree oa wr scdaers we cste ee v s sects et stete ves os enemesa sean ceceuednereaecmar nese sbaceienaueatentuannteabeeencoen 81 EGTE DO AIS naaa E E AA O A A 82 Moyne a DONAN siensa EEE ENRERE E E A E EEEE AEAEE A a 84 Adding Appliances to SOC from the Domain Panel ccccceeeeeeeececeeeeteeeteeeaestataeeneaeaeaeataes 86 Removing Appliances from the Domain Panel cccccceceseeeeeeeeceeteeeeeeeeeeeaeeeseeseaeaeetateteneatanes 88 Editing Appliances from the Domain Panel cccccseeesceteceeeeeeeeeeeaeaeetateseeeaeaeaeeneatatatatataes 90 Movine AON LAIN CC aeaaea AEEA AEE statue ds EEEE 92 Launch Sentriant Manager from the Domain Panel cccccceeeeeeeeceeeeeeeeeeeeeeaeeeateteeeaeatanaeas 93 Policy Distribution Fell Clk pcrcatenmnacinmetania nnoecandenes peeaeamacsaarenecsanbaanuessdeaeataseapenneaneecanietenyrecteunesenerer ot 95 Creatine a PONCY DIS HIDUTI ON sciccsnintcactcacn nevastnsaca cantante R E O 95 Viewing Policy Distribution Information ccccecececececeeeeeeteceeeeeeesteneeeaeaeaeeteneanstatateneaeatatataes 98 Sentriant Operation Console 2 4 User Guide Delte Foley DITADO O seen ire ee EE eee eae eee ee ee eee eee 99 oendine Policy DISH MDUTONS vaiccinsdain ces anuaadennne dncine mamecndenres domaine eiiedes a Ea A
81. s that have triggered rules or that communicate with a target monitored by Sentriant are assigned a priority level Priority levels are governed by Sentriant appliance policies rules and response modes that can be modified or configured as needed to meet network requirements The Sentriant appliance supports five priority levels A High the most severe priority level High priorities take precedence over all other priorities within SOC panels For example if a source has triggered a medium and high priority only the high threat will be shown A high can be dismissed to a watch Medium threat rules configured with medium priority take precedence over low suspect and watches A medium can be escalated to a high threat or dismissed to a watch Low threat rules configured with low priority take precedence over suspect and watches A low can be escalated to a medium or high threat priority or dismissed to a watch A Suspect a source that communicated with a number of unused IP Addresses within a protected segment A suspect can be escalated to a low medium or high threat Suspect can be dismissed to a watch Watch a source that communicated within a protected segment The source may or may not reside within the segment A watch can be escalated to a suspect low medium or high The Response icons represent an aggregate threat response for all Sentriant appliances managed under SOC The detection states are described be
82. ser Guide If the patch file has not been found on the local machine in the path set from the Path Preferences a web browser opens notifying you that the file must be downloaded 4 Click the Download From This Location link at the bottom of the page J Mozilla Firefox Sele eo File Edit View Go Bookmarks Tools Help e X gt P G x A File C Program 20Files SentriantOpConsole patches PatchNotFour v Go el _ Customize Links _ Free Hotmail _ Windows Marketplace _ Windows Media _ Windows The Software Upgrade you are trying to install needs to be downloaded to your local machine Software Upgrade name 2 2 Gui Name Description SP2 Data export and named sets From Old Version 2 20 4480 To New Version 2 20 4482 Download Patch File 402205000 tgz To Location C Program Files SentniantOpC onsole patches Download From This a non http miragenetworks custhelp com cgi bin miragenetworks cfg php enduser std_adp php p_Fagid 890 The download process begins by downloading the patch file to the local machine into the path set in the Path Preferences Once the download has completed Sentriant Manager is launched and begins the update process Sentriant Operation Console 2 4 User Guide Disable Enable Appliances To disable an appliance 1 From the Setup Tab select Appliance 2 Select an appliance 3 Right click and select Disable Sentriant Operation Console File View Setup Help
83. sion Details N Description 3 Click OK to start rollback Sentriant Operation Console File view Setup Help Monitor Setup Setup Appliance 143 4 gt C aa O x x Domain en eS e Policy Distribution rc 415tc ond IN 41 4 Am AA c245 Rollback action x MNAPOSOGT c244 Software Update Details Version Update Type Description Sentriant Operation Console 2 4 User Guide Domain Panel The Domain Panel is where you will configure and maintain domains and appliances that are members of the SOC The SOC gives you the flexibility to group appliances into domains In an environment where appliances are deployed over a vast geographical area or in a large deployment where the network is managed by business departments or functions domains give you the ability to group appliances based on your environment The Domain Panel consists of an Information Panel where you create domains and add or move appliances When an appliance is added as a member to SOC it is initially placed in a default domain named All if no other domains have been created or the user does not select a domain while adding the appliance Domains can be nested within other domains For example a network environment is spread out across multiple campuses with a main campus and four campus buildings A Domain structure would have the main campus at l
84. splay the total number of the highest threat detected in this case the icon would indicate a high threat with a count of 3 Threat priority icons are as follows A High the most severe priority level High priorities take precedence over all other priorities within SOC panels For example if a source has triggered a medium and high priority only the high threat will be shown A high can be dismissed to a watch Medium threat rules configured with medium priority take precedence over low suspect and watches A medium can be escalated to a high threat or dismissed to a watch b Low threat rules configured with low priority take precedence over suspect and watches A low can be escalated to a medium or high threat priority or dismissed to a watch A Suspect a source that communicated with a number of unused IP Address within a protected segment A suspect can be escalated to a Threat A suspect can be escalated to a low medium or high or dismissed to a watch wa Watch a source that communicated within a protected segment The source may or may not reside within the segment A watch can be escalated to a suspect low medium or high Responses The type of response sent to the threat source The response displayed will be determined on the type Types of responses are Cloak Deceive Snare Slow Scan Track and none with Cloak being the most severe response against a source threat Sentriant Operation Console 2 4 User Guide
85. st displays a breakdown of all threats detected The following data is displayed in the information list threat priority will show the highest threat priority for a source however the source may have triggered lower priority threats name of the rule that has been broken source IP Address date and time the threat triggered status and name of the appliance that received a threat response type taken against the threat Right clicking a threat in the list and selecting Sentriant Manager will launch Sentriant Manager and will open the Monitor gt Network Activity gt Sources Panel Trend Chart The Trend Chart represent a historical view of threats responses The data displayed depends on what is selected in the Radial View a a a D ia PaE 13 25 13 30 13 35 1340 13 45 13 50 13 55 1400 1405 1410 1415 1420 14 25 1430 1435 1440 14 45 Threat Response Watch Suspect Threat Low Threat Medium Threat High Track Deceive Cloak Launched Sentriant Manager Showing Appliances The default Radial view shows the root and first level domains and hides appliances and sub level domains When a threat is detected or there is a warning or error with an appliance the domain icons will change status alerting you that there is activity You can then filter down to where the activity occurred The example below shows there is an error in the Texas domain and a warning in the Colora
86. suspicious behavior If a rule is triggered a mitigation action or response may be taken either automatically or manually The act of applying a previously saved configuration policy to a Sentriant appliance Rules are what drive the detection and response actions of the Sentriant Once a segment is configured and is being monitored by the Sentriant configurable rules are created to detect and respond to malicious network activity A collection of rules assigned to a segment set A Segment Set is a collection of segments that exhibit similar policy behaviors For example if a Segment Set is reserved for DHCP clients laptops then a set can be created containing all laptops within a segment and then parameters can be set for rules deception distributions and modifiers Creating segments is accomplished using the Segment Assistant A tactic employed by the Sentriant specifically designed to significantly increase the time it takes for an external host to scan the monitored network causing the attacker to consume time and resources This feature is only enabled when deception is turned on and slow scan is part of a configured personality Simple Mail Transport Protocol A TCP based application layer Internet standard protocol for sending e mail messages between servers The Sentriant uses it to send alerts and allows remote monitoring Sentriant Operation Console 2 4 User Guide S Continued SOC snaring SNMP source
87. t Operation Console File view Setup Help vii doo seoOX Setup Appliance Appliance Domain Policy Distribution puso 192 168 21 59 2 20 4402 c245 E MEE 192 168 21 85 2 20 4291 _To Be Filled By 0 E M _ Software Update Details Version Update Type Description Editing Appliances To edit an appliance from SOC 1 From the Setup Tab select Appliance 2 Click the Edit Appliance button or right click and select Edit Appliance E Sentriant Operation Console File view Setup Help Monitor Setup Setup Appliance Domain h Policy Distribution pauso 192 168 21 59 2 20 4402 E ausoo3 192 168 21 85 2 20 4291 _To Be Filled By O wm 4p Oo ae OX Software Update Details Version Update Type Description Sentriant Operation Console 2 4 User Guide The Edit Appliance dialog opens 3 Edit the Name IP Address as necessary 4 If moving the appliance to another domain select the domain from the drop down list Edit Appliance Hame DALOO IF Address 192 165 21 55 oman Dallas All Austin Dallas ee Usemame Password 5 Edit the Username and password 6 Click OK Edit Appliance Mame IP Address omai Uszemame Password Sentriant Operation Console 2 4 User Guide The appliance is updated with the new parameters Sentriant Operation Console File v
88. t Operation Console 2 4 User Guide The policy name and source are changed and displayed in the Information Panel Ban Sentriant Operation Console va dbo se OX ar E 2 t Policy Distribution BWAIN O01 to ALL SGilossary access client admin alerts ARP Horizon bad packet broadcast domain cloak cloak all Workstations that have Sentriant Manager installed and that are accessing a Sentriant Access clients based on the type of user logged in can perform Sentriant configuration actions can monitor the fabric and perform manual and automatic mitigation activities System Administrator Extreme Networks Sentriant system user with full read write access to system and application monitoring display and control commands The Sentriant can be configured to send alerts notifying the administrator that threat behavior has been detected Sources or rules trigger alerts to be sent Alerts can be sent via E mails SNMP SysLog or a combination of all An Address Resolution Protocol ARP horizon is the area of a network in which MAC addresses can be resolved ARP is also commonly referred to as Broadcast Domain or segment when referring to the Sentriant Network devices within an ARP Horizon communicate directly without passing traffic through a router A packet that does not conform to the protocol standard has been detected indicating a possible attack Also known as ARP horizon a broadcast dom
89. ted segments The transmission and receiving of packets between two hosts A special technique that is employed by the Sentriant to mislead hackers by providing misleading data about the network Deception uses configurable OS and IP personas to slow attackers A decoy is not a real machine on the network but rather a virtual device intended to deceive a hacker A decoy may appear to be a functioning system but it s actually an unused IP address that does not respond to the Address Resolution Protocol ARP and will not transmit traffic The Sentriant uses decoys to artificially respond to any kind of contact The Sentriant can configure the decoy with an artificial OS personality enabling it for example to respond to a query or probe as a Linux Windows 98 Windows XP based system or a user customized personality The screening and identification of network traffic for potential worms or viruses that may attack or infect hosts by the use of configurable rules Rules are configured that look inside individual packets for suspicious behavior If a rule is triggered a mitigation action or response may be taken either automatically or manually To manually dismissing a threat to a priority of watch Threats with priority status of high medium low or suspect can be dismissed to a watch priority The threat will remain a watch unless the threat triggers a rule with a higher priority level Domain Name System An Internet service that tra
90. tes Error Normal and Disabled View Domain and Appliance Details from the Radial View Threat and response details can be view in a number of ways from the Radial view depending on what is selected at different levels For example selecting the highest level in the radial view in the case below main campus all threats and responses will be displayed in the Details Panel for all appliances Selecting a sub domain within main campus will only show threats and responses in that domain Selecting an appliance will only show threats and responses for the appliance selected To View Threat Details From the Monitor Panel select a domain from the list O db NOTE By default the details panel is turned on If the Details Panel has be turned off it can be turned on by right clicking in the information panel and selecting Details from the menu Sentriant Operation Console 2 4 User Guide The Details Panel opens with a set of drop down lists across the top a threat response counter to the right and an information list displaying active threats for the domain or appliance selected E Sentriant Operation Coneole EEE Fig Wew Setup Heb Monin fehg Beee ir ad JA 4k oe O Pa a0 Asda w bam FL n Appare fF Label Ejem Threst feb fe ieen Arpana fey Label lean Angora LI Cahot g eh F7 w Hee Mr Ad BD tesa E uo PE iinirose EZE l H m EEE M E Ea E senda a ae Aaga al Mer hel eee ar E BE SAG J san ante Be
91. the U S and other countries Specifications are subject to change without notice All other registered trademarks trademarks and service marks are property of their respective owners 2007 Extreme Networks Inc All Rights Reserved Sentriant Operation Console 2 4 User Guide Table of Contents EVER GUNG COIN csc ceases cotcne ns cane secare E E E 5 installing Sentriant Operation Console we covcs ccnuaqunsunseacewadate auacnuawoseailuens tne sieneimantereaananieapnneieeysaateadaies 5 GEWE VSG ct rave ncratis area EETA wana nea A Ea A OERS 6 Running Sentriant Operation Console siwiccis cisnaecindaavseveeiacsh veunnsese sdacawaiwiandeederdewsaras sdncuadeneiniwateuss 6 Log In to Sentriant Operation Console as eciecctsis ce nsaieacdnsiinstese vnusaddouies ienalense da kutadueae tunes devekao reser 6 Using the On line Help System ciccnrnenscaseecsacaasndamsneccmaaeene Wius a 6 Cuanter 1 OV INOW srci E EE E A E 9 Navigating the Sentriant Operation Console cccececececeseeeeeeeeeeeeaegeseaeeeeaeaeseeseneatataestaeeaeanatas 9 Customizing the Screen arieceaastaarnecsevnr stone mente jelansdind eanemaucusa trated anit qutciea eaelennseesanmeaendauteestionmotnaend 18 STS E a EE ese atten eee tein E E E ace encanisameeenenanrerantaeiae 23 Contacting Extreme Networks ccccccseececececeseseeeateceeeeeaeeeeeeaetaeateseeeaeataeateeeatatateneaeaeatatataes 27 MATER 2 Monitor oiiscc cain babctecaw ces ccezecanedscaeeesanetoananabalcesa
92. the domain panel 1 From the Setup Tab select Domain 2 Click the Edit Appliance button or right click and select Edit Appliance Sentriant Operation Console File View Setup Help Monitor Setup Setup Domain vi 23 apo sox A All Arizona New Mexi dh Domain dia Applian Texas ce E ca Delete Launch Sent riant Manager EA auso The Edit Appliance dialog opens 3 Edit the Name IP Address as necessary 4 If moving the appliance to another domain select the domain from the drop down list Edit Appliance Hame IF Address Domain Username Password SEDO 192 168 21 77 K Austin Texas Dallas T exas New Mexico San Antonio eas Texas Sentriant Operation Console 2 4 User Guide 5 Edit the Username and password 6 Click OK x Edit Appliance tran eal cones The appliance is updated with the new parameters Ban Sentriant Operation Console Domin o a OO Policy Distribution AustinT exas D allas Texas LS an Antonio Texas Moving an Appliance To move an appliance 1 From the Setup Tab select Domain 2 Right click an appliance and select Move To Seles Sentriant Operation Console File View Setup Help Monitor Setup yz qpo sox Setup Domain Appliance CJ J Al Policy Distribution Arizona New Mexico Te
93. the packet An administrator can configure whether packet match rules should trigger for packets that Match the defined parameters or for packets that do not match the supplied parameters A Packet Match rule specifying a network based location indicates that the offset and data parameters should be applied starting from the Network header of the packet Most commonly the IP protocol header is stored within the Network portion of the packet Sentriant Operation Console 2 4 User Guide P Continued offset receive transmit transport personality personality set ping flood policy port scan primary For packet match rules the administrator must first define a base from which an offset can be defined This will describe the network header that should be inspected The offset defines the number of bytes into a specified header that should be advanced before inspection begins The offset value also provides a second field for input after a If this field is populated the Sentriant will search the data packet starting at the specified offset and end at the value provided in the second input field The admin can specify the direction in which packet match traffic should be inspected If Receive is selected then packets which are received by the source as responses to a communication stream initiated by the source are inspected to determine if the packet contents match the supplied parameters The adm
94. triant Manager In this case Sentriant Manager was launched from Setup gt Appliance Therefore Sentriant Manager will open and navigate to the Appliance Panel Sentriant Manager AUS001 192 168 21 59 User Role Admin File wiew Monitor Events Reports Yiew Config Edit Config Appliance Help Segment Set D OT a0 101 192379 B OT ag 102 349459 A 1 A 65 1 2 A A 1f Monitor Events Reports View Config Edit Config Appliance ren Sources yu aoe oOxX Network Activity D Defaut v CO GTag 102 3494599 v A ThreatHigh v Sources J i Pee pe a eee e Fes Targets 4 Too Many G 192 168 10 Mon 06 13 2005 05 65 QTag 10 Deceive 192 168 102 198 Trends _ 192 168 102 197 Address Space a 192 168 102 195 Access Activity 192 168 102 194 Annana anan o General v IP E 192 168 101 100 Gateway IP Address Gateway MAC 192 168 102 1 00 60 D0 97 15 15 Start Mon 06 13 2005 05 54 17 PM Last Traffic Mon 06 13 2005 05 54 20 PM E Ei S pa 06 13 2005 22 59 Coordinated Universal Time Results group Segment Set Default segment Segments 17740341 32 priority Threat High 1 100 Sentriant Operation Console 2 4 User Guide Backup Appliance Configuration Backup Appliance Configuration is used to save the complete configuration for the selected appliance which includes appliance name IP Address user accounts alerts deception settings na
95. works WIAA Bxtremenetworks cam Sentriant Operation Console 2 4 User Guide Icon Legend An Icon Legend is provided that groups icons relative to their usage i e threat priority domain appliance A short description follows each icon You may collapse or expand each group as needed To view the Icon Legend 1 From the Menu Bar select Help then Icon Legend sentriant aperatian Console Sentriant Operation Console Hel Monitor Morutor Setup r Icon Legend i a Main Cam con Leger Conkack Extreme Wetywiarks eae Cip E vo City Campus Eo City Campus 1 EN Hone W Hone i City Campus 3 pa Hanon 192 168 21 59 j Threat High E Deceive d City Campus 2 me None W None r City Campus 3 None None d g h aji zn m i mi 9 ee pr mi eee A a 2 Scroll down the list to see the icon categories Icon Legend core oe mA Threat High Threat Medium FN Threat Low Suspect ay y Watch Response Sentriant Operation Console 2 4 User Guide Contacting Extreme Networks Please contact Extreme Networks Support by logging into our Technical Support Portal at https esupport extremenetworks com The portal allows you to search the Extreme Networks knowledge base submit a support incident and track incidents that your organization has submitted If you wish to speak with a support representative call toll free at 800 998 2408 Before calling please cr
96. xas Austin T exas Dallas T exas ab Appliance Edit CS Delete Move To Launch Sentriant Manage 3 The Move To dialog opens From the list select a domain This domain is where the appliance will be moved under 4 Click OK Sentriant Operation Console File View Setup Help Monitor Setup Setup Domain se Appliance i Policy Distribution Arizona New Mexico Texas Cancel Sentriant Operation Console 2 4 User Guide The appliance now resides under the selected domain Sentriant Operation Console File View Setup Help Monitor Setup J23 0 BOX Setup Domain qual ap All Arizona 2 New Mexico x ST exas Austin T exas Dallas T exas Launch Sentriant Manager from the Domain Panel To launch Sentriant Manager from the Domain Panel 1 From the Setup Tab select Domain 2 Right click an appliance and select Launch Sentriant Manager Sentriant Operation Console File View Setup Help Monitor Setup y2 00u gx Setup Domain aay GP All Arizona New Mexico Texas Austin T exas dh Appliance Edit Co Delete Launch Sentriant Manager h Sentriant Operation Console 2 4 User Guide The Sentriant Manager Login dialog opens and begins the login process Note that the appliance parameters have already been populated Sentriant Manager
97. y Campus 1 iel City Campus 2 City Campus 1 wd None T E Normal City Campus 2 w None v E Disabled City Campus 3 wA None D E Disabled A manon 192 168 21 59 ah None Fi A Noma City Campus 3 Threats si All Threats v All Responses v 0 0 Rule Source IP Time Appliance Response Om 0 ojo ogo 0 m0 Threat Response T Results Domain 3 Appliance 1 Drop down list of opened panels Selecting a panel from the drop down list will display that panel 23 Indicates the logical ordering of panels under the current top level node 4 gt Click the right or left arrow to scroll forward or backward through the panels Keeps the current panel active when you navigate to another panel When selecting Tile the panel marked as keep will be displayed in the panel workspace Click the Tile icon to tile all panels that have been opened The tile panels button is used mainly when you are reviewing charts across multiple segments By tiling the trend charts you will see activity across multiple segments on the screen at once Click the icon to maximize or minimize the panel Click the icon to close the panel Sentriant Operation Console 2 4 User Guide Customizing the Screen The Sentriant Operation Console displays information in the Information Panel as a tabular list of items along with their major properties These properties are arra

Download Pdf Manuals

image

Related Search

Related Contents

  epson  Manual de Utilizador Plataforma de Estágios TIC  EFB Elektronik 5m, USB 2.0, M/F  C11440-22CU C14400-22CU01 Instruction manual  取扱説明書 - 日東工業株式会社 N-TEC  Nokia 301  取扱説明書 - マイコンソフト  PMC730 User`s Manual  Thème: Agir. TP 18-b DOSAGE par étalonnage des COLORANTS D  

Copyright © All rights reserved.
DMCA: DMCA_mwitty#outlook.com.