AirDefense Personal 3.4 User Guide
Contents
1. cccccccccsccceeeceeeceeceeeseeeseeesaeesaeeseeenaes 4 3 Using the Device Usage Tab cc cceccccccceceseceseeeseeee cece cess eeseeeseeesseeseeeaeesseeeaeeeaeeses 4 3 To Access the Device Usage Table cccccccccccececeeeceeeceeseeeseeesaeesseeneeenaes 4 5 Using the Policy Violation Tab 00 0 0 cccccccceceeeeeeeeeeeeeeeeeeeeeeeeseeeseeeseeseeeseeeseeeeeeees 4 5 To Access the Policy Violation Table cccccccccccceecceeeeeeeeeeseeeeeeeseeeseeeseeesees 4 7 Using the Alarms NO iacrehse rtrd eae seraecde sian eo ations neertepeedieesistre tie eine dameisecpeediedebeeeeeeeene vdacusierntnues 4 8 To Access the Alarms Table cccccccecceceeseeeeeeeeeeeeeceseeeeeeseeseeeeeesseteeeneeeaens 4 9 Chapter 5 Wizards irises recta cect tsesio eat seceiea cena vaceunn tvdeepoetysseruatvoseeeesyocedectronedescesoes 5 1 Using the Rule Wizard cccccccecccecceseceeeceeeceeecuecceesuecauecaeesaeesaeecseeceeecuesaueseeesaeeses 5 1 New R ule or Edil RUIG eee eee 5 2 OPERU ere T A E E 5 4 FOG SSS TUG aan E A E AE 5 6 REIST RUIG sonenoseie a cdecamnsetogasateuueeuciscoast diate secanecnd 5 8 PEVCE NG aE A E 5 11 INS TY OTS US ice nomics seitinecncandoticx naan eondstonuceneasanantnesneatantnusvar prausountesqnessisenenninenteniesemaneemuraes 5 13 polete RUG aana E E A T 5 14 Response Wizard arsrretcersn ays decease a O EREA EEEE TN A A ERNE 5 16 New Response or Edit Response ccccccceec2. Current Wireless Status The Current Wireless Status section displays each type of wireless device It illustrates if a device is present or not in your system and if it is currently enabled or disabled Wireless LAN Status The Wireless LAN Status section displays information about your wireless local area network such as Adapter Name Security and SSID Additionally Preferred SSIDs and Lease history displays in two viewing windows AirDefense Personal Users Manual 3 11 Agent List Wireless Status History Details Use the Wireless Status History tab to display the historical status of your wireless devices and your wireless local area network To Access Wireless Status History 1 Either double click on an agent in the Agent list or click on one of the graphs and then double click on one of the data rows to see the Agent Details 2 Click the Wireless Status History tab to access the Agent s wireless status history Ea Agent Details for sparker ADD600SPARKER lert History Threat Level History Alarm History Wireless Status Wireless Status Histoy 1b Browse Wireless Status History Record 2 of 5 Go to Record Number o Wireless LAN Status DateTime 254012006 20 34 09 Adapter Mame AirDefense Mobile 4R5001 4 Wireless Network Adapter Location Tracking Enabled SSID airdetense Eip Security Mot Present Preferred SSIDs Country FE Great Britain Property Value Physical
3. Printer Name wbeast ip officejet 5500 seres Status Ready Type hp officejet 5500 series Where USBOU Comment _ Print to file Print range Copies All Mumber of copies 1 r Je Jal Collate Selection 2 i C Ca 2 Select the desired print options such as Printer Print Range and number of copies 3 Click on OK to start the print job Print Preview Graph 1 Click on the Print Chart menu option select one of the four available graphs to print and use the right arrow to select Print Preview 2 The Print Preview dialog displays the selected 2 4 AirDefense Personal Users Guide Getting Started JE Print preview 6P OO BBB 26 01 2006 13 41 14 To set up the printing of a graph 1 Click on the Print Chart menu option select one of the four available graphs to print and use the right arrow to select Print Preview 2 The Print Preview dialog displays with the selected graph in the preview section of the dialog 3 The Page Setup dialog displays AirDefense Personal Users Manual 2 5 Getting Started Page Setup Paper Size Source Upper tray w Orientation Margins millimeters O Panat Left Righi Landscape Top Bottom 4 Select the desired page setup options such as Paper Orientation and Margins 5 Click on OK to save settings 6 Click on Printer to start printing process Using the Help Option 2 6 Go to Help and click on the AirDefense Person
4. Column Meaning User Name The user name assigned to this Agent Computer Name The alpha or numeric computer name of this Agent Threat Level The threat level for this Agent Severe High Elevated Guarded or Low Agent ID The MAC address of this Agent Last Seen The last date and time this alarm was generated for this Agent in the format mm dd yyyy hh mm ss am pm Critical The number of Critical alarms generated for this Agent The number of Major alarms generated for this Agent Minor The number of Minor alarms generated for this Agent The number of Ignored alarms generated for this Agent AirDefense Personal Users Manual 4 9 Chapter 5 Wizards AirDefense Personal Manager has a series of Wizards built into the product which help the administrator easily set up the system and create new profiles for deployment Note For very detailed examples see the Policy Design Guide on http support airdefense net The Wizards included with this release are e Rule Wizard e Response Wizard e Policy Wizard e Profile Wizard e Group Wizard You should perform the actions in the following order 1 Determine what corporate policy security and mobile enforcement 2 Design rules around your determination 3 Define your set of responses for various rules 4 Create policies 5 Create a new profile and assign the relevant policies and settings to the profile This will be your new profile to assign new u
5. Print Charts Use the Rule Wizard Use the Response Wizard Use the Policy Wizard Use the Profile Wizard Use the Groups Wizard Upgrade Licenses Set a Refresh Time Interval Refresh the system Print Charts allows you to print each tabbed graph or chart displayed on the main window Device Usage Threat Level Policy Violation and Alarms The following tasks from this menu option are available Print Preview Preview a print job before sending it to the printer Page Setup Configure print jobs Print Print selected charts Help Displays the help system and its contents Using the File Option 1 Use File gt Exit to exit from the system fw AIT 5 Tools Pr Exit F a i 2 Goto File and click on Exit AirDefense Personal Manager ends the monitoring session and saves all current settings Although you will not be able to see AirDefense Personal Manager the AirDefense Personal Server will continue to operate AirDefense Personal Users Guide Getting Started Using the Tools Option The selections available in the Tools Menu enable Administrators to perform most of the key features in the AirDefense Personal Manager AirDefense Personal Manager 3 3 File Tools Print Charts Help Rule Wizard Response Wizard Policy Wizard Profile Wizard Group Wizard Upgrade License Set Refresh Time Interval Ckrl T Refresh FS Using Wizards To launch one of the wizards simply select it
6. Vireless Networks isi NOT using E Encrypt Password T Set Password Pasewerd eee Canin Personi Possword must contain 6 16 characters 5 26 AirDefense Personal User Manual Wizards This window is divided into following four sections Section Description General Set the following options e Scan Frequency sets the frequency rate in minutes of the scans SplashScreen determines how long the splash screen is displayed in seconds when accessing the GUI Delete all alarm history older than specifies how many days to keep alarm history data before deleting it Alert Message Specify if you want to display alert messages when they Window occur and how long to display the message Check the checkbox to turn this feature on and then specify the times in seconds Set the following agent settings Specify time intervals for the following fields Check Profile Send HeartBeat and Signal Strength polling interval Specify the Signal Strength threshold Check the checkbox for Show ignored Alarms if you want to show ignored alarms Check the checkbox for Enable Signal Strength monitoring if you want to monitor signal strength Check the checkboxes for Allow the WZC service to run and Allow ADPersonal to control WZC behaviors if you want to use WZC service Check the checkbox for Delete any entries from Preferred Wireless Networks list NOT using Encryption if you only want devices on your network u
7. 20 AirDefense Personal User Manual Wizards x Policy Wizard A Policy Rules Add rules from the list of Available Rules or Remove rules from Selected Rules as needed to build the desired policy Once the corect policies are selected choose a Response Finally select the proper tigger criteria based on the rules selected Available Rules Selected Rules ls Connection Formed Over an HSDPA a le Connection Formed Over GPRS Inte le Connection Formed Over wikan Int _Add gt le More than One WLAN Card Present ls Not WEP Communication lt Remove ls Not WPA Communication ls Redirected to Another AP ls Station Connected to Both Wired Ari Ie WLAN Connected e H ls Access Point Phishing ls Adhoc Mode Enabled ls Bluetooth Adapter Detected ls Bridging Enabled ls Connected to Black List SSID ls Connected To Ethernet Response Name TestALLResponse the response that will be taken Trigger Criteria Initiate response of the rule 15 triggered Initiate response if the ruleis NOT triggered Initiate response if ANY rules are triggered Initiate response if ALL rules are triggered C Initiate response if NO rules are triggered Initiate response if NOT ALL rules are triggered Note Fields marked with asterisk 7 are Mandatory lt Back Cancel e Available Rules This list box displays all rules available for use within a policy e Selected Rules This list box contains all the rules
8. Address O0 40 96 4 3 1F 66 Lease Obtained Thu Jan 12 16 23 53 GMT Lease Expires Thu Jan 12 16 23 39 GMT Subnet Mask 255 205 200 0 IP Address 10 0 0 10 DHCP Server 10 0 0 138 Default Gateway 10 0 0 138 To advance to the next record click on the right arrow at the top of the window To go back click on the left arrow You have the option of going directly to a particular record if you know the record number by entering the number in the entry box The Wireless LAN Status section displays the following information on the e Date Time Current date and time based on the AirDefense Personal Manager computer setting e Adapter Name The type of adapter e Security Wireless security settings for the Personal Manager for example WEP 3 12 AirDefense Personal Users Guide Agent List e Preferred SSIDs List of the AirDefense Personal Manager computer s SSID preferences e Lease Information This table displays the historical lease information for this AirDefense Personal Manager computer e Location Tracking If agent tracing is enabled in the profile you can access the trace route information by clicking the Info button If a city or country is available for the IP address you will see this displayed here The Location Tracking Info button will display a record of the trace route from the agent to the given IP address or URL Ea Agent Trace Country IP Address Host Name Great Britain 217 4r 1 20 72 btd
9. Day ccccccccccsececeeeceeeeceeeesueeseeeeaneeseeeeaes 3 8 To Display Specific Severity Levels of Alarms cccccecccsececeeeeeeeeeeeeees 3 8 A COUN Seana epee ae ne ee ee eee eo eee ere 3 8 EXPO AICI HISTO ee ee E G 3 8 Threat Level History Details ccccccccscccseecseeceeeceeeeseeaeecaueceeceeseeecueeseeeaaes 3 9 TO Access Alert History ccccccccccecceeeeeeeceeeseeeseeeseeeseeeeeeseeeseeeseeeteeeaeeeaees 3 9 Alam FISON OU ANS eco cee sesacenst e ne E E SEE 3 10 TO Access Alarmi gi 0 6 ee ee nae ee ia ii a 3 10 Wireless Status Details cgi severed cavsuicesetesesuveenandeticiieatabcetunrdentcewsevertedeteesonerietentes 3 11 AirDefense Personal User Manual iil Table of Contents TO Access Wireless Status cccccccccececeeeceseeeeeeeeeeeeseesaeesegeeseeeseeesaeeess 3 11 Current Wireless Status ccccccceccsseceeeeeeeeeeeteceseeeeseeeeeeeeeseeeseeteeeseeesees 3 11 Wireless LAN CS isna nitentoan crane EENE Ea 3 11 Wireless Status History Details 2 0 0 0 cccccccccececececeeeeeeeeseeeseeeseeeeseeeseeeeeneees 3 12 To Access Wireless Status HIStory ccccccccceeccseeceeeeseeeseeeeseeeeaeeeeeeees 3 12 Chapter 4 Using the Manager Graph TabS 1cccssccseccsenssecssscsescnsscsnsssnssnessnssnesennes 4 1 Using the Threat Level VAD ycccecce cs necie vesedeccenouioeutee ante snateicesntendsd ceastecasauenbinaecseseacndeniee 4 1 To Access the Threat Level Table
10. Name O1f25 2006 08 30 08 PM 25 01 2006 20 32 16 GMT OO 00 Minar Wireless Conn O1 25 2006 08 30 08 PM 25 01 2006 20 32 16 GMT OO 00 Minar Wireless LAM O1f25 2006 08 30 08 PM 25 01 2006 20 32 16 GMT 00 00 Minar Connected to O1 25 2006 08 30 08 PM 25 01 2006 20 32 16 GMT OO 00 Minor Connected to 01 25 2006 08 30 08 PM 25 01 2006 20 32 16 GMT OO 00 Minar Mo Encryption Last Scan and Scan Frequency The Agent s Alert History displays the Last Scan date and time and the Scan Frequency time between scans AirDefense Personal Users Manual 3 7 Agent List To Display Alarms by Specific Day Click on the drop down arrow in the Show field and select either e Most Current Alarms e Today s Alarms e Yesterday s Alarms e All Alarms The alarms will display in the table at the bottom of the Alert History dialog The Alarms are displayed by Alarm Raised date and time Database Upload date and time Time Zone Severity Name and Category To Display Specific Severity Levels of Alarms Click on the drop down arrow in the Severity field and select either e Ignore e Minor e Major e Critical e All Depending on the Severity Level selected the appropriate Alerts Severity Levels will be displayed Alert Counts The Alert Counts section of this dialog displays the number of Alarms for each Severity Level Export Alert History You can export all of the Alert History by clicking the lt Export gt button
11. Process Aule To determine whether the process if running on the system enter the Process Hame andor the Hash code Process Name blackd exe eg processname ene eg e7 48451 4c0464642be b4d Pame ada c2689354c8 Trigger if process 1S running Trigger if process is MOT running Note Fields marked with asterisk 7 are Mandatory lt Back Cancel 1 In the Process Name field enter in the name of the process to be searched for e g openvpn exe 2 The Hash Code is optional In this field you can enter the MD5 checksum hash for the process When the agent detects the process it will run a checksum against it to make sure it really is the expected process instead of another application masquerading as something else 3 You also need to choose the trigger condition e By Selecting Trigger if process IS installed you will return a positive detection to the agent if the process is installed e By Selecting Trigger when process is NOT running you will return a positive detection to the agent if the process is NOT installed AirDefense Personal User Manual Wizards E Rule Wizard cay AirDefense You have created edited or deleted a rule For your changes to take effect please press Enter Please press Cancel to discard your changes To close this wizard click Finish 4 By Clicking lt Finish gt you will commit the new rule or change if editing to the database If you a
12. Use the lt Back gt button to go back to the previous screen not active when grayed out ka Profile Wizard Wigdcome bo e Aurion Peisonal Profle Wizard This vil hdo you Oetform polke management an pour suglem Alesse aded an acion below O New Profibe Edit Profike C Delete Profile Ta cobria chek Mest The first wizard screen gives you three choices To choose click on the radio button next to the choice e New Profile Choose this to create a new profile e Edit Profile Choose this to edit an already created policy e Delete Profile Choose this to delete an already created policy 5 24 AirDefense Personal User Manual Wizards Create New Profile or Edit Profile If you choose New Profile or Edit Profile the following screen appears Ew Profile Wizard Profile Wizard Profile Name Profile Name Default Created by AirDefense Description Default Profile Policies in a Profile Available Policies Policies to Include in Profile WPA2 Hotfix not installed Wireless Connection Formed A VPN must be in use Bluetooth Adapter Detected iPass enforcemenrt Wireless LAN Adhoc Network Forn WPA2 is not supported on this compute Wireless LAN Adhoc Mode Enablec Redirected to Another 4P Connected to Non Preferred SSIC Simultaneous Connection to Wirec Network Bridging Enabled Connected to Unsecured 4P No Encryption Found Access Point Phishing More Than One WLAN Card Prese Connected to
13. at the bottom of the Alert History tab and following the prompts The data is exported as a CSV file Once you save the file you can open it in Excel or any other program that will read and format a CSV file 3 8 AirDefense Personal Users Guide Agent List Threat Level History Details Use the Threat Level History tab to view Threat Levels for a selected Agent across a historical time line To Access Alert History 1 Either double click on an agent in the Agent list or click on one of the graphs and then double click on one of the data rows to see the Agent Details 2 Click on the Threat Level History tab Ea Agent Details for sparker ADD600SPARKER i Threat Status Alert History Threat Level History Alarm History Wireless Status Test 2901 2006 20 32 58 2901 2006 20 34 09 2901 2006 20 35 12 Ea co are poe Ea oo oo E Lm Co co co co co co uo a The graph displays the cumulative Threat Levels generated by the selected Agent by date and time AirDefense Personal Users Manual 3 9 Agent List Alarm History Details Use the Alarm History tab to view the Alarms generated on a selected Agent The Alarm History tab displays color bars that indicate the number and severity of alarms for the dates and times indicated To Access Alarm History 1 Either double click on an agent in the Agent list or click on one of the graphs and then double click on one of the data rows to
14. data all the data for the agents listed with the lt Export gt button located at the bottom of the table Once you save the file you can open it in Excel or any other program that will read and format a CSV file Agent Details You should select the ordering desired by Group User Threat Level or User To see agent details double click on an Agent in the Agent List The Agent Detail dialog displays six tabs that contain detailed information about the Agent The tabs are e Threat Status displays the scan and threat status e Alert History displays the Alert information such as counts e Threat Level History displays the alarm count and threat level information e Alarm History displays the Alarm information such as counts and severity e Wireless Status displays the current wireless and wireless LAN status e Wireless Status History displays past wireless and wireless LAN status Esa Agent Details for sparker ADD6OOSPARKER Threat Status Alert History Threat Level History Alarm History Wireless Status Agent ID 00 0F 1 F CE Ce D6 Current Threat Lewel Last Scan Performed Last Database Upload Time 0125 2006 08 35 12 PMi Severe Total Scans 5 H igh Elevated what this means Thie computer is well configured t has minimal wireless security Guarded risks t weil be very hard for intruders ta hack it Wireless Threat Status Today Yesterday All 3 4 AirDefense Personal Users Guide Ag
15. from the tools menu Wizard functionality is covered in more detail in Chapter 5 Using Upgrade License To Upgrade the AirDefense Personal Manager License Go to Tools gt Upgrade License The AirDefense Personal License dialog displays with a field to enter a new license key Enter the key and click lt OK gt Using Set Refresh Time Interval Go to Tools gt Set Refresh Time Interval A Refresh screen appears that enables you to set an automatic refresh time in minutes Enter a time in minutes from the selector and click lt Apply gt Using Refresh Go to Tools and click on lt Refresh gt All data displayed will be refreshed Tools gt Refresh pulls the latest data into AirDefense Personal Manager from the server Using the Print Screens Option Go to Print Charts and select the type of chart Device Usage Threat Level Policy Violation or Alarms and the print option You can select Print Preview Page Setup and Print e If Select Print Preview to preview a graph e Select Page Setup to access a Page dialog that allows setting page dimensions and orientation a print job e Select Print to display a Print dialog which allows you to start a print job AirDefense Personal Users Manual 2 3 Getting Started Use the steps below to complete each task To print a graph 1 Click on the Print Chart menu option select one of the four available graphs and use the right arrow to select Print The Print dialog displays
16. icon Each color represents a Threat Level e Severe Red e High Orange e Elevated Yellow e Guarded Blue High e Low Green AO Elevated Guarded Fage 1 1 E parker ADDBUUSPARKEF B a Lowafl Page 1 1 i Administrator ADH YAITHA Group Operations Data Search The ability to search for data is included in Group Operations and System Operations Group Operations can be used to search the highlighted group System Operations will search the entire system To initiate a search right click on a group and select Group Operations or highlight at the system level and select System Operations Note Starting with a higher level group expands your search Group Tree WES ae Tree y E Group Tree Group Tres ig Aiport ccess E o o s P Airporh System Operations g Default 8 Default ogi DOD NTKProject B ol DOD NTKProject a iis Mais Georgia Dobbins4Fb Page 1 1 ka E can Group Operations he KE L ave force xperimental lll canderson ADDBZ0CAMAT a a F a a Shorce E experimental 3 2 AirDefense Personal Users Guide Agent List The System Data window is displayed This is where you define your search The following search fields are available Description Search Based On Searches are based on the column headings They are User Name Computer Name Agent ID Last Seen Time Group Name Profile Name Critical Alarm Major Alarm Minor Alarm Ignore
17. is MOT installed Mote Fields marked with asterisk 7 are Mandatory lt Back Cancel _ 1 In the Hotfix ID field you need to enter in the number of the Hotfix ID field e g KB893357 2 You also need to choose the trigger condition e By Selecting Trigger when Hotfix is installed you will return a positive detection to the agent if the Hotfix is installed e By Selecting Trigger when Hotfix is NOT installed you will return a positive detection to the agent if the Hotfix is NOT installed 5 4 AirDefense Personal User Manual Wizards 3 Click lt Next gt to proceed to the next rule information screen After defining all your rules the following window display Fa Rule Wizard ce AirDefense You have created edited or deleted a rule For pour changes to take effect please press Enter Please press Cancel to discard Your changes To close this wizard click Finish 4 By Clicking lt Finish gt you will commit the new rule or change if you are editing it to the database If you are editing a rule which already appears in at least one distributed Profile then this will automatically update the profile as well Then the next time the agent checks profile it will be downloaded automatically AirDefense Personal Users Manual 5 5 Process Rule If you chose Process the Create New Process Rule screen displays Click lt Next gt to proceed to the next rule information screen xi
18. see the Agent Details 2 Click on the Alarm History tab Ea Agent Details for sparker ADD600SPARKER Threat Status Alert History Threat Level History Alarm History Wireless Status J wo m oo Lm ao oo oo a a uo T 29101 2006 20 31 15 29101 2006 20 32 16 29101 2006 20 3258 2001 2006 20 3409 3 10 AirDefense Personal Users Guide Agent List Wireless Status Details The Wireless Status tab displays the status of your wireless devices and your wireless local area network To Access Wireless Status 1 Either double click on an agent in the Agent list or click on one of the graphs and then double click on one of the data rows to see the Agent Details 2 Click on the Wireless Status tab to access the Agent s wireless status Ea Agent Details for sparker ADD600SPARKER Threat Status Alert History Threat Level History l Alarm Histo Wireless Status 4 Current Wireless Status Wireless LAM Present Bluetooth Mot Present Adhoc Mot Present Bridging Mot Present Wireless LAN Status AirDefense Mobile ARS001 Praner Value Wireless Network Adapter Physical Address O0 40 96 43 1F 66 Lease Obtained Thu Jan 12 16 24 56 Security Mot Present Lease Expires Thu Jan 12 16 24 42 Subnet Mask 255 255 205 0 IP Address 10 0 0 10 DAS Server 10 0 0 138 DHCP Server 10 0 0 138 Preferred SSIDs Default Gateway 10 0 0 138 Adapter Mame SSID airdetense
19. successful You also need to choose the trigger condition Delete Rule By Selecting Trigger if ping request IS successful you will return a positive detection to the agent if the device name filter Device Type Connection State and Operational State matches the values and operator By Selecting Trigger if ping request is NOT successful you will return a positive detection to the agent if the device name filter Device Type Connection State and Operational State does not match the values and operator If you choose Delete Rule the following screen appears ka Rule Wizard Rule Wizard Rule Title Rule T ppe E Rule Description Prepared By Company Hame Cancel From the Rule Title drop down list select the rule you want to delete from the database and then click lt Next gt If you are deleting a rule which already appears in at least once distributed Profile then you will be presented with a warning that informs you that this rule is being used and it must be removed from a policy before it can be deleted AirDefense Personal User Manual Wizards x Cannot Delete rule HotheWOT THere because there are policies referencing this tule The policies using this rule are Hottie bestRulel Otherwise the finish screen will be presented ka Rule Wizard You have created edited or deleted a rule For your changes to take effect please press Enter Please press Cancel to discard y
20. AirDefense Personal 3 4 Manager User Guide AirDefense Personal User Guide AirDefense Personal 3 4 Manager User Guide This document is to be used exclusively by AirDefense employees authorized dealers customers and distributors of AirDefense products The information in this manual is subject to change without notice and should not be construed as a commitment by AirDefense AirDefense shall in no event be liable for any loss of business loss of use or data interruptions in business or for damage of any kind arising from any defect or errors in this publication or in the AirDefense hardware or software This material may not be reproduced in whole or in part by any means without permission from AirDefense All other trade names not listed above and referenced in this document are the service marks trademarks or registered trademarks of their respective manufacturer s and belong to their respective owner s Copyright 2007 AirDefense All rights reserved AirDefense Inc 4800 Northpoint Parkway Suite 100 Alpharetta GA 30022 Online Support The AirDefense GUI provides a link that enables you to access the Support Center to Open New Cases to View Cases and to access the self support site to search for solutions Click on the help icon and pull down the help menu Choose Support Click on Open or View Cases Or you can access online support at http support airdefense net Call Center Support Email
21. AirDefense is available to you 24x7 via our Online Customer Care Tracking System AirDefense s Support Desk or Email Hours of service and response times are subject to customer care contract terms e Call Center Support 800 913 1257 e International callers 1 306 791 5673 e Online Customer Care Tracking hitp support airdefense net Technical Support may be reached by email at Support AjirDefense net Table of Contents CTVADCCH 1 Bere VOU CI rasa ies aes eee eee 1 1 FADO UL HANS IVAIA A seisne a e a chases a S teases 1 1 Additional FRO SOM OS xaos esate sete cps tran Ea i E a NE 1 1 Chapter 2 Getting Staircase ig ope nes escis evens tevetevstaesieceiiesie cdi vetesedeseeeeeseee 2 1 About the AirDefense Personal Managel cccccccseeeceseeceeeceeeseeeeseeesaeeeeeess 2 1 About the AirDefense Personal System ccccccceeccceeeeeeeceeeeeeeceeeeseeeseeeeaees 2 1 Integration with AirDefense Enterprise ccccccccseccceeeceececeeeeeeeeseeeeseeeaeeesaees 2 1 using ine Ment spec carsceacye vane qoececencessecacetemasnkesabeee a aa vse e E a a a N a Eaa 2 1 Summary of Menu Bar Options ccc cece eeccceeeceeeecececeeeeseeeeeeeeseeeseeeesneesaneeaes 2 2 l cst ET EN A O EE EE E OA E seaiee ax 2 2 Bielo e E E E E E E ges onan atone tanedenunetonaceee 2 2 PCC VAN Sige a E E E 2 2 E S R PEE E E E E E E E A E A E condoned uaneeok 2 2 SIF Cie FE OPON aeee E E N A E 2 2 Using ihe Tools ODUON ssceost
22. Alarm Sort Order You may select ascending or descending search Sort Results Based On You can sort the results based on the column headings list above Show The total amount of records to be displayed as a group You may select 10 100 200 500 1000 Search String A specific string to search for If this field is blank search for all is assumed After specifying all your search criteria click the lt Search gt button to display the search data Once the data is displayed you can view more specific details by double clicking on one of the agents You can also right click on the agent to display more details These options are discussed in detail under Agent Details You can select highlight two or more agents by sweeping them Left click in the white space next to left the first agent while continuing to hold the mouse button move the cursor to the last agent that you want to select and then release the mouse button Once you have made your selection you can delete or move the agents by right clicking in the highlighted area AirDefense Personal Users Manual 3 3 Agent List Data Export Group Operations also includes a data export feature This feature allows you to save all data from your search to a CSV file Just click the lt Export gt button and follow the prompts Another way to export data is to click on any graph in the dashboard view to display a table view of the graph While in table view you can export
23. ID The MAC address of this Agent Last Seen The last date and time this alarm was generated for this Agent in the format mm dd yyyy hh mm ss am pm AirDefense Personal Users Manual 4 7 Using the Manager Graph Tabs Using the Alarms Tab The Alarms tab displays an overview of alarm activity by severity level You can view a graph that summarizes the information or a more detailed table The graph shows e The number of alarms being generated for each severity e The number of Agents in your AirDefense Personal system that are generating the alarms P Alarms A E Right click on one of the bars in the graph to view this information as a table A Alame q b User Hame Computer Hame Threat Level gent lD Last Seen Critical Alarms Prev 100 vw Next a 7 pe i E Double left click on a row to view the Agent Details screen for that Agent 4 8 AirDefense Personal User Manual Using the Manager Graph Tabs The Previous and Next buttons page allow you to see more devices in this view You can choose the number of device per page by selecting this from the drop down box Right click on the table to return to the graph view Sa To Access the Alarms Table E To access the table place your mouse on any bar in the graph and right click The table displays the following information Entries in the table are color coded according to their severity level Severe High Elevated Guarded Low
24. Next buttons page allow you to see more devices in this view You can choose the number of device per page by selecting this from the drop down box 4 4 AirDefense Personal User Manual Using the Manager Graph Tabs Right click on the table to return to the graph view To Access the Device Usage Table To access the table place your mouse on any segment in the chart and right click The table displays the following information Entries in the table are color coded according to their severity level Severe High Elevated Guarded Low Column Meaning User Name The user name assigned to this Agent Computer Name The alpha or numeric computer name of this Agent Threat Level The threat level for this Agent Severe High Elevated Guarded or Low Agent ID The MAC address of this Agent Last Seen The last date and time this alarm was generated for this Agent in the format mm dd yyyy hh mm ss am pm Using the Policy Violation Tab The Policy Violation tab displays all of the policies that are being violated by all of the Agents in your AirDefense Personal system You can view a graph that summarizes the information or a more detailed table Policies are color coded according to the color key on the chart The graph shows e The policy violations being generated e The number of Agents generating the policy violations e A color coded policy key AirDefense Personal Users Manual 4 5 Using the Manager Graph Tab
25. a HotSpot Connected to Black Listed SSID Maine Channe in Wireless Sinnal S Oe 1 You need to assign a new unique name to the profile if you are creating a new Profile Delete Default in the Profile name 2 By default all of AirDefense s inbuilt policies will be included in the profile You can choose to move these out of the profile if you do not wish to run them You can then also move any of your custom policies you have created over to the right for inclusion in the profile 3 Click lt Next gt AirDefense Personal Users Manual 5 25 Wizards Ey Profile Wizard Profile Wired Sle Pili lah RE MMF Hols pot hI A Jk Hea y Care 4 On the next screen you can drop down and choose any policy included in the profile and edit the alarm severities for each of the three wireless states of the agent If you make any changes you MUST click lt Apply Changes gt after each change made 5 Click lt Next gt to continue Ea Profile wizard E i eel Fe Profile Wizard Gansa A Ha Winde Scan Frequency Cimin F O O Show Alet Message Window SplashScreen sst b a Time To Show sats fi p Delete all alarm ica Time To Stay sees i laisan oll acl l Time to Hide sers p Agents AN ret Pa Check Profile min Fo mir Alre ADPersonal to control Show ignored Alans Ei WIC behaviors E ee Ako the WIC service to run ie sit eicito any entries trom Prederred
26. al Manager Help option to access the Help system Click on the About option to display a dialog detailing brief specifics about your version of the AirDefense Personal Manager application En AirDefense Personal Manager 3 3 a x Release Date 0222200 Version ep 3 3 0 3 Copyright AirDefense Inc 2007 http iww airdetense net AirDefense Personal Users Guide Chapter 3 Agent List The Agent List is a list of Agents in your system Through the Agent List you can display an Agent Detail dialog for each Agent in your AirDefense Personal system Agent Filter Using the filter selection at the top of the tree you can display the contents of the Agent List by Threat Level by User Name by Computer Name or by Group Name User Tree Computer Tree Threat Level Tree he g F eE Group Tree eu Default Page 1 1 E sparker ADD BOUSRP4ARKREF a te gli Page 1 1 AE Administrator SAD HY Al TH A OB G2 i Threat Level Tree 9 JEVE Elevated ey Guarded Page 1 1 i parker AD DBOUSPAREEF a o Lowal Page 1 1 Been Administrator ADH AIT H 4 Computer Tree P User Tree Page 1 1 Computer Tree Page 1 1 PE Administrator AD HVAT HA AR sparker ADD 6005PARKER AR Administrator ADHVAITHA ABS sparker ADD600S PARKER AirDefense Personal Users Guide 3 1 Agent List Color Coding Each Agent is represented by a color coded
27. all 3 are running the program is operating normally However if any of the 3 go down an alarm is required Selecting the NotAll operator satisfies this requirement Another user may be satisfied if at least one of the 3 processes is running regardless of which one but at no time should all 3 be down at once In this case the user may choose the NO operator so that a response will only be fired if no processes are detected There are many other combinations possible and it is left to the user to work through examples that are needed in their environment AirDefense Personal User Manual Wizards Delete Policy If you choose Delete Policy the following screen appears From the drop down list in the Policy Name box select the policy you want to delete from the database and then click lt Next gt If you are deleting a policy which already appears in at least one Profile then you will be presented with a warning that informs you that this policy is being used and it must be removed before it can be deleted Otherwise click lt Next gt to finish ChrisTEST1 AirDefense Personal Users Manual 5 23 Wizards Profile Wizard Using the Profile Wizard To use the Profile Wizard to create edit or delete a policy do the following From the Tools menu pull down and select Profile Wizard When you select the Profile Wizard the first wizard screen appears You can click on the X in the upper right to close the screen at any time
28. ard Rule Title Rule Type Pe Rule Description Prepared Ey Company Name Enter new rule details in the fields see the descriptions below Some fields are required to activate the lt Next gt button Use the lt Back gt button to go back to the previous screen Rule Title This must be a unique name for the rule you are creating Rule Type You have the following choices Hotfix Process Registry Device Network Rule Description This is a text field where you should explain what the rule does Prepared By Enter the administrator s name that created the rule Company Name Enter the Company Name All of these fields are mandatory apart from the Rule Description Field If you miss one by mistake the program will not proceed and show you where you have missed the field AirDefense Personal Users Manual 5 3 Wizards Prepared By Company Hame a Please enter a the name of the user who prepared the rule Click lt Next gt to proceed to the next rule information screen Hotfix Rule If you choose Hotfix the Create Hotfix Rule screen displays Fa Rule Wizard Hotfis rule Detects whether 4 particular Microsoft Patch iz installed Microsoft Hotfis ID KBa93357 e g KBSS3357 Enter the Microsoft KB number in all CAPS Trigger when HotFix is installed Trigger when HotFix
29. ards Device Rule If you choose Device the Create New Registry Rule screen displays Click lt Next gt to proceed to the next rule information screen F Rule Wizard q Dewce Type Rule Detects whether the defined device exists Device Type Network Adapter Connection State Connected Operational State Enabled ki Filters Enter values below then click Add fiter You can add multiple filters Network Property ee e g Device Hame Operator e g Contains Property Yalue le g Gigabit Controller Add Filter Filter Value Delete Filter Device Name Contains Broadcoarn Filter Operator bs I WAWAN 0 Trigger if device DOES match filter Trigger if device does NOT match filter lt Back Cancel The Device Rule is used to look at the various types of network adapters in your system and then provide information about their connection and operational states This rule is useful in detecting non Ethernet adapters such as Wireless WAN adapters e g EV DO or 3G adapters because Windows does not provide a mechanism to differentiate these from normal modems By looking for certain text strings within the name of the adapter it is very easy to build up a rule which can identify the Wireless WAN cards available in your country AirDefense Personal Users Manual 5 11 Wizards e Device Type Can be Any Modem or Network Adapter e Connection State Can be Any Disconnected o
30. ation address can be accessed via ping Protocol Options Destination Address 172 16 2 56 Wait Timeout f secs Packet Count 5 Packet Size 32 bytes SUCCESS f Allow partial success Do NOT allow partial success f Trigger if ping request IS successful Trigger if ping request is NOT successful Note Fields marked with asterisk are Mandatory Back Cancel The Network rule is used to create ping tests to defined addresses This test can be used to reach specific networks that may only be available when you have access to a corporate network either directly or via a VPN Note Currently the only protocol available in the Network Rule Wizard is ping Fill in the following parameters e Destination Address This address can either be an IP address in the XXX XXX XXX XXX format or a name such as www airdefense net AirDefense Personal Users Manual 5 13 Wizards Wait Timeout This is how long the agent should wait before determining the ping has failed to reach its destination The value is in seconds 1 sec default Packet Count This how many times we should do the test 5 is the default Packet Size This is the size in bytes of the ping packet 32 bytes is the default Allow Partial Success These radio buttons allow you to specify by clicking Yes if you will allow at least one successful ping out of the test to pass or if all pings must pass to be
31. cal Major Minor Either double click on an agent in the Agent list or click on one of the graphs and then double click on one of the data rows to see the Agent Details Click on the Threat Status tab A Threat Status Alert History ThreatLevel Histo AlarmHistom Wireless Status Current Threat Level Severe High Elevated Guarded Ignore The Threat Status tab displays e The Agent ID e The date and time the last scan was performed on the Agent e The Current Threat Level e The Total Scans performed e An explanation of the Current Threat Level e A Wireless Threat Status table that displays all alarms received today and yesterday AirDefense Personal Users Guide Agent List Alert History Details Use the Alert History tab to view the Alerts generated by the selected Agent The Alert History tab displays Alerts Alert Counts and Severity Levels To Access Alert History 1 Either double click on an agent in the Agent list or click on one of the graphs and then double click on one of the data rows to see the Agent Details 2 Click on the Alert History tab Ea Agent Details for sparker ADD600SPARKER Threat Status Alert History Threat Level History Alarm History Wireless Status Show All Alarms ka Last Scan Severity ALL hal Scan Frequency Alert Counts larm Raised Time Database Upload Time Timezone Severity
32. ccusascnconcatevecesudsiestanguipnracsieucntvectseaatevsieusistneutendsosteSucsetencderd 2 3 EEE VV ZA OS A E E E E E A 2 3 Using Upgrade License cccceccceeccsecceecceecceeceuecauecaeeceecacecseecueecueeaueseetseess 2 3 Using Set Refresh Time Interval ccccccccccsceceeeceeeeseeeseeeeseeesegeeseeesseeeseeens 2 3 Using ReneS hessen ERE E a E E a ii 2 3 Using the Print Screens Option secicsetecdcnecccesessnsenecestetauracieldeubeec a eaa a 2 3 Print Preview Graph cccccceccceceseeceeeceeeteeeeeeeseeeeeeeseeeeeeesseeseeeseeeaeeeeseeaeeeeeees 2 4 To set up the printing Of a graph cc cccecceccceeece cece ceeeeeeeeceeeceeeeeeeteeeseeeeeenaes 2 5 CJ SUG Ne ICH ODIO oeeie erann O EErEE AEE 2 6 69 6 0 2 gat AGENTES oa a E ee E TE E 3 1 AOC NCF INO oe ee E E E A eee 3 1 Coor OCIA aerea E E E 3 2 OU OPS ON ee E A en eee eee ee 3 2 IB f Fs Ise oy 6 6 eee eee ee ee eee 3 2 ANE XO a srctrsisarie caine pints acre A A 3 4 AONE DOIS as eae ee ee ee ee ee 3 4 Treat oas B 2 een E einer se tl nee ee eee 3 6 To Access Threat SlAUUS Foto scs teedicndcieseiedanecacosvasceewebsqwstuadec dade lt tceacehionmcaswedel 3 6 Aleni HIStony 2 e ee ee ee eee ore 3 7 TO Access Alert History ccccsccscceeeceeeseeeseseceeeceeeceeeeeecasecseesseesseesueeaaes 3 7 Last Scan and Scan Frequency cccceeccceecceeeecececeeeecueeseeessusesseeeeeeeseeees 3 7 To Display Alarms by Specific
33. eecceeteeeeeeceeceeeceeseeaueteeeeeesaes 5 17 Delete RESPONSE cccccceccecesecceetececneteeceeececeeesseteeseeecgecseeteeseecseeseetseeseesaees 5 18 FONG WIZI e eerie steele earns vo assert oer un A aie octtio E E 5 19 New Policy OF Edit CUSIONT PONCY icsccscscescdacentccubsiidaacd r AEU r 5 20 DEISE FONGO eonna E E E E E EE 5 23 FO Sy Zl a E E sere edatned 5 24 Create New Profile or Edit Profile ccc cccceccsseesseeeseeeseeeeeseeeeeeeeeeseeaaees 5 25 Delete Profile naasen nianna E eE EEE E O EEEE E EEA ENE EEEE 5 31 OUD VIZA eae e E E E E E E 5 32 OUDS IZ A ae EEE EA EEE 5 32 REN OTOU aa E A ee eee ee rere eee 5 33 iV AirDefense Personal User Manual Chapter 1 Before You Begin About this Manual This guide describes the information needed to successfully operate AirDefense Personal Manager Additional Resources e Registered users can logon to http support airdefense net and view technical documentation e User Guides e Install Guides e Quick Install Guides e Policy Guides AirDefense Personal Users Guide 1 1 Chapter 2 Getting Started Welcome to the AirDefense Personal Manager the key to effectively administering and monitoring activities for all AirDefense Personal Agents About the AirDefense Personal Manager Using the Personal Manager you can e Centrally define and update policy e Automatically enforce wireless laptop security policy e Dashboard view of alarms threat level policy violation
34. ent List You can also access the Agent Details screen by right clicking on the Agent in the List view and selecting Agent Details j e f Severe 2 High E Elevated Guarded Page 1 1 fee cparker ADD 600SP4A Agent Details S Lowl Page 1 1 a IM Administrator ADHVA T K From this menu you can also delete all of the Agent information from the Database You will be asked if you want to delete all of the details pertaining to this agent in the database Select the Delete button to confirm this action AirDefense Personal Manager A This action will delete all details pertaining to Selected Agents from the system Do you want to proceed If the Agent is still active then the next time the agent uploads information it will reappear in the Default group and it will download the profile for the Default group and run that until it is moved into a different group AirDefense Personal Users Manual 3 5 Agent List Threat Status Details Use the Threat Status tab to view current threat detail information for the selected agent To Access Threat Status 1 3 6 Ew Agent Details for sparker ADD600SPARKER Agent ID 00 0F 1F CB C 06 Last Scan Performed Last Database Upload Time 0125 2006 06 35 12 PM Total Scans 6 What this means This computer is well configured thas minimal wireless security risks t vill be very hard for intruders ta hack tt Wireless Threat Status Criti
35. fense Mobile License you would select HKEY LOCAL MACHINE from the drop down menu and then type SOFTWARE AirDefense Mobile in the text box 5 Wild Card Type Choose whether to use a card wild card type to search all keys beneath a certain registry path The Default is generic which means not used Wild Card Type 6 Match Allows more advanced filtering on the exact registry key To do this select an operator from the drop down menu e s Equal to e Not Equal to lll ls Equal to he e Contains ls Equal to Not Equal to e Ends With Contains Ends With e Starts With Starts With 7 Registry Key Enter a text string up to 255 characters where the rest of the registry key can be found For example for HKEY LOCAL _MACHINE SOFTWARE AirDefense Mobile License you would select HKEY LOCAL MACHINE from the drop down menu and then type Software AirDefenseMobile License in the text box 8 Key Format Select the key format To do this select one of the formats from the drop down menu e REG BINARY e REG SZ e REG DWORD 9 Convert To Enter the format you want to change the registry key value to before checking for the value Choices are e Hexadecimal Convert To e Numeric HEXADECIMAL HEADECIMAL a e String 10 Operator Includes the following NUMERIC STRING Operator E Equal To Not Equal To Contains Starts With Ends With True False Less Than AirDefense Per
36. following screen appears Ea Group Wizard Group Wizard Available Groups Add New Group Po Select Profile Add the new group name From the drop down list select the profile you want to assign to this group Click lt Next gt Click lt Finish gt The new group will appear in the tree You can transfer agents into the group by selecting the agent dragging it into the group oe IS If you delete a group its agents will go under the default group AirDefense Personal Users Manual 5 33 AirDefense Personal 3 4 User Manual Issue 1 0 May 2007 fra E7 Thi ENTERPRISE 4800 North Point Parkway Alpharetta Georgia SA 30022 880 663 8115 www airdefense net info airdefense net
37. have access to Commonly people will use the disable Wireless Card action with the Connected to Black listed SSID alarm 12 Click lt Next gt to continue ka Profile Wizard Profile Wizard Agent Tracing By Enabling the Agent Tracing feature you are performing a Traceroute from the reas to the URL you specify here This will enable you to find the city in which the gent Is Agent Tracing Destination URL www airdefense net AirDefense Personal Users Manual 5 29 Wizards 13 You can optionally enable the Agent tracing feature You need to tick the check box and add in a URL or IP address which the agent can trace route back to This information will be sent back with the alerts to the central server The server will then try to find out which city country the agent was in at the time 14 Click lt Next gt to continue ka Profile Wizard AirDefense Please click Finish to seve your pralle changes To eloce lhe wierd cick Fingh Back Finish Cancel 15 Click lt Finish gt to create edit the Profile 5 30 AirDefense Personal User Manual Wizards Delete Profile If you choose Delete Profile the following screen appears Sa Profile Wizard Profile Wizard 1 Select the profile you want to delete and click the left hand arrow to move it across to the right box You can move multiple profiles across 2 Ifa profile is assigned to a group you cannot delete it Assign a different p
38. hg548 hg 1 ealing broadband bt net Great Britain 21f 4 120 34 Great Britain 217 477 120 110 Great Britain elf 4 219 242 Great Britain 217 41 165 29 Great Britain 217 41 165 150 Great Britain 217 41 1565 62 Great Britain elf 47 220 42 z Great Britain 194 72 17 245 core poss 0 ealing ukcore bt net Great Britain 1594 74 65 202 core poe 0 0 redbus uk core bt net Great Britain 195 66 226 185 R United States Washington 130 117 0 185 p1 0 corel boz0 atlas cogentca cam United States Washington 66 28 4 110 p5 0 corel ord 1 atlas cogentco com United States Washington 66 28 4 185 p5 0 corel sfo0 atlas cogentca com Pur Par Putt ar F AirDefense Personal Users Manual 3 13 Chapter 4 Using the Manager Graph Tabs The four tabs that display on the AirDefense Personal Manager main menu enable you to monitor various performance and system health statistics of your wireless network e Threat Level Graph Displays the threat levels and number of threats received against Agents in your system e Device Usage Graph Displays all the devices being used by Agents in your system e Policy Violation Graph Displays all the policies being violated by all the Agents in your system e Alarms Graph Displays the number and types of alarms that Agents on your system are generating P Right Click Option Right clicking on a chart gives you a table tha
39. iod Message T ext secs 1 Type in a unique name in the Response Name field 2 Select the response you want to from the choices available DisableAdhoc This can be used to disable the setting in the Windows Zero Configuration Client which allows Ad Hoc connections to be formed This is only supported currently in this supplicant and will not work for other supplicants DisableBluetooth This will disable the Bluetooth adapter Disable Bridge This will disable bridges set up between two different adapters on the same system Disable Card Disables the currently active Wireless LAN adapter DisableWWANCard Disables the currently active WWAN adapter Log Alarm Logs the alarm in the system Log Alert Silently Logs the alarm but nothing is seen on the agent PopupMessage Pops up a message in the lower right hand corner of the user s screen The message will appear on top of any other windows and will remain there until the user clicks on it Re EnableBluetooth Re enables the Bluetooth adapter Re Enable Card Re Enables the current disabled Wireless LAN adapter Re EnableWWAN Re enables the wireless WAN adapter AirDefense Personal Users Manual 5 17 Wizards e ReCheck Alarm ReChecks the same Policy to see if it is still being raised usually used with the wait state to recheck the policy after X secs 3 Add more actions until you are done Action Details Please
40. note that you can only use the message text with popup message action Also the Wait Period is always applied BEFORE taking the action Action Detak Wait Period Message Text pe O O X Delete Response If you choose Delete Response the following screen appears Ea Response Wizard Response Wizard Response Hame Actions Available Acton Acthons Included in the Response DisableAadhac DisableBluetooth DisableBridge DisableCard Diable w AN Card LogAlarm Log4lertS lent Popuphessage FRe EnableBluetooth Re EnableCard FRe Enablew yah ReCheck larm Action D etak W ait Period Message Text a secs 1 Choose the Response you want to delete from the drop down list then click lt Next gt 2 Click lt Finish gt to delete the response 5 18 AirDefense Personal User Manual Wizards Policy Wizard Using Policy Wizard To use the Policy Wizard to create edit or delete a policy do the following From the Tools menu pull down and select Policy Wizard When you select the Policy Wizard the first wizard screen appears You can click on the X in the upper right to close the screen at any time Use the lt Back gt button to go back to the previous screen not active when grayed out E Pohcy Wirard cpr es ss AirDefense This vazeid val help you menage pokies hl sre sopied o scents Pease sect an aho E Create New Policy C Fahl Cuim Folic C Edit Oefaull Poly C Delia Pulky To continus cle
41. our changes To close this wizard click Finish Click the lt Finish gt button to delete this rule from the database AirDefense Personal Users Manual 5 15 Wizards Response Wizard Using the Response Wizard To use the Custom Rule Wizard to create edit or delete a custom rule do the following 1 From the Tools menu pull down and select Rule Wizard When you select the Response Wizard the first wizard screen appears You can click on the X in the upper right to close the screen at any time Use the lt Back gt button to go back to the previous screen not active when grayed out ka Response Wizard e AirDefense This wizard wll helo wou manage responses for agents Plasse select an action Deale New Response C Edit Resporese C Delete Fesp To continue digk Mex Back Carcal _ 2 The first wizard screen gives you the following choices Make a selection from the radio button options e Create New Response Choose this to create a rule e Edit Response Choose this to edit an already created rule e Delete Response Choose this to delete an already created rule e Click lt Next gt 5 16 AirDefense Personal User Manual Wizards New Response or Edit Response If you choose New Response or Edit Response the following screen appears Ea Response Wizard Response Wizard Response Name Actions Available Actions Actions Included in the Response Action Detads Wait Per
42. r Connected e Operational State Can be Any Enabled or Disabled Filters can then be applied based on the name of adapter e Network Property Can be Device Name e Operator Can be Is Equal to Not Equal to Contains Starts with and Ends with e Filter Value User defined Multiple values can be added using the Add Filter button and a Boolean operation can be chosen based on AND or OR Filters can also be removed by clicking on the Remove Filter button An optional checkbox is there if this new rule is looking for Wireless WAN WWAN adapters This is needed if you want to enforce the simultaneous wired and WWAN or simultaneous wireless and WWAN policies You also need to choose the trigger condition e By Selecting Trigger if device DOES match filter you will return a positive detection to the agent if the device name filter Device Type Connection State and Operational State matches the values and operator e By Selecting Trigger if device does NOT match filter you will return a positive detection to the agent if the device name filter Device Type Connection State and Operational State does not match the values and operator 5 12 AirDefense Personal User Manual Wizards Network Rule If you chose Network the Create New Network Rule screen displays Click lt Next gt to proceed to the next rule information screen x Wizard Page Pe Provide the information needed to determine if 4 destin
43. re editing a rule which already appears in at least one distributed Profile then this will automatically update the profile as well The next time the agent reports to the server it will automatically download any updates AirDefense Personal Users Manual 5 7 Wizards Registry Rule If you chose Registry the Create New Registry Rule screen displays 1 Click lt Next gt to proceed to the next rule information screen i Registry Rule Detects whether the defined Hegistry E ntp exists Registry Select Root Kep Registry Path test mpregistiykey Wild Card Type Gensis o YS Registry Kep fest Match JisEqualto Kew Format REG_DWORD Operator ls Equal Ta Value fos Hexadecimal Mask Offse Start Byte End Byte sisSzY Convert To HEAD E CIMAL Trigger if registry value s DOES match Trigger if registry waluels does MOT match Mote Fields marked with asterisk 7 are Mandatory lt Back Cancel 2 Enter the required registry key and then the value to compare via operator 3 Select Root Key Enter a choice for the registry key To do this select one of root keys from the drop down menu e HKEY LOCAL MACHINE e HKEY CLASSES ROOT e HKEY CURRENT USER e HKEY USERS e HKEY CLASSES ROOT e HKEY CURRENT CONFIG 5 8 AirDefense Personal User Manual Wizards 4 Registry Path Enter a registry path For example for HKEY LOCAL _MACHINE SOFTWARE AirDe
44. rofile to the group before you continue 3 Click the lt Next gt button to continue 4 Click on lt Finish gt to delete the Profile AirDefense Personal Users Manual 5 31 Wizards Group Wizard AirDefense Personal Manager provides a Groups Wizard that enables you to easily create edit or delete custom Groups Groups Wizard To use the Groups Wizard to create edit or delete a group do the following 1 From the Tools menu pull down and select Group Wizard AirDefense Personal Manager 3 3 File Tools Print Charts Help Rule Wizard Response Wizard Policy Wizard Profile Wizard Group Wizard Upgrade License Set Refresh Time Interval Ckrl T Refresh FS 2 The first wizard screen gives you four choices To choose click on the radio button next to the choice e New Group Choose this to create a new group e Edit Group Choose this to edit an already created Group e Delete Group Choose this to delete an already created Group e Apply Profile to Group Choose this to apply a profile to a Group Ee Group Wizard ea i AirDefense eloame to the AiDaere Personal Grap wiad The ve od wou pelo gaug manages on your agents Fleas adect on acion h CO Mew Group Edit Group Hame Delete Group Apply Profile to Groups lo corinve salecl en ajan and chch Hesi 5 32 AirDefense Personal User Manual Wizards 3 Click lt Next gt to continue New Group If you choose a New Group the
45. s Policy Violation S as Percent 10 00 G Connected to Non Preferred 55ID Bag Connected to Unsecured AP Gg iPass enforcemenrt 2 More Than One WLAN Card Prasant Gg Network Bridging Enabled E No Encryption Found GS Wireless Connection Formed GS Wireless LAN Adhoc Moda Enabled CJ WPA is not supported on this computer Right click on one of the segments in the graph to view this information as a table Policy Violation qp User Mame Computer Hame Threat Level Agent D Last Seen Critical Alarms Frew 100 ka Next Double left click on a row to view the Agent Details screen for that Agent l The Previous and Next buttons page allow you to see more devices in this view You can choose the number of device per page by selecting this from the drop down box Right click on the table to return to the graph view JPS FT 4 6 AirDefense Personal User Manual Using the Manager Graph Tabs To Access the Policy Violation Table To access the table place your mouse on part of the colored pie chart and right click The table displays the following information Entries in the table are color coded according to their severity level Severe High Elevated Guarded Low Column Meaning User Name The user name assigned to this Agent Computer Name The alpha or numeric computer name of this Agent Threat Level The threat level for this Agent Severe High Elevated Guarded or Low Agent
46. s Mag The first wizard screen presents the following choices To choose click on the radio button next to the correct selection e Create New Policy create a new policy e Edit Custom Policy edit an already created policy e Edit Default Policy edit the response to a Default policy e Delete Policy delete an already created policy AirDefense Personal Users Manual 5 19 Wizards New Policy or Edit Custom Policy 1 Choose New Policy or Edit Policy the following screen appears LT i x Policy Wizard Prepared By 7 his Company Name ou CompanyNameHere Policy Detaik Policy Name i TestPolicy Policy Descriptor E nter a description of the policy Issue Describe what possible issues can be affected Solution describe a possible solution and the steps involved Category apt f Note Fields marked with asterisk 7 are Mandator lt Back Cancel e Prepared By Enter the administrator s name that created the rule e Company Name Enter the Company Name the rule applies to here e Policy Name Enter a name for this alarm set e Policy Description This is a text field where you should explain what the policy does for other administrators to view e Issue Insert descriptive text for a likely cause e Solution Insert descriptive text for a potential remedy e Category Select one of four categories to assign the alarm set 2 Click lt Next gt 5
47. s and devices e Usage summary e Setup profiles e View Personal Agents e View various operating parameters for Agents e Monitor performance and system health statistics in your wireless network e Serves as the interface to the AirDefense Personal Server About the AirDefense Personal System Profiles that are defined in AirDefense Personal Manager are automatically transmitted to each AirDefense Personal Agent If threats are discovered the AirDefense Personal system can be configured to notify the user and send logs to the Personal Manager for central reporting and notification Integration with AirDefense Enterprise The database component of AirDefense Personal can also simultaneously run on an existing AirDefense Enterprise Server Once integrated the Enterprise Graphical User Interface GUI can display all AirDefense Personal alarms Alarms normally seen on the AirDefense Personal Agent and Manager can be viewed in the Enterprise GUI Using the Menu The Menu Bar occupies the left hand side of the AirDefense Personal Manager Graphical User Interface main screen The Menu Bar contains drop down menus that provide options and functionality for the program Fe AirDefense Personal Manager 3 3 Fie Tools Print Charts Help AirDefense Personal Users Guide 2 1 Getting Started Summary of Menu Bar Options File File allows you to exit out of the system by clicking on Exit Tools Tools allow you to do the following
48. sers when they first access the system 6 Assign this profile to the Default Group 7 Create more profiles if needed 8 Create groups and assign the relevant profiles 9 Move users into the relevant groups Using the Rule Wizard To use the Rule Wizard to create edit or delete a custom rule do the following From the Tools menu pull down and select Rule Wizard Ew AirDefense Personal Manager 3 1 Fie BMEWS Print Charts Help B Response Wizard E i When you select the Rule Wizard the first wizard screen appears You can click on the X in the upper right to close the screen at any time Use the lt Back gt button to go back to the previous screen not active when grayed out AirDefense Personal Users Guide 5 1 Wizards FE Rule Wizard ay AirDefense This wizard will help pou manage rule definitions that are Used by agents Please select an action Create New Rule C Edit Rule Delete Rule To continue chick Next lt Back The first wizard screen gives you three choices To choose click on the radio button next to the choice e Create New Rule Choose this to create a rule e Edit Rule Choose this to edit an already created rule e Delete Rule Choose this to delete an already created rule Click lt Next gt New Rule or Edit Rule If you choose New Rule or Edit Rule the following screen appears 5 2 AirDefense Personal User Manual Wizards E Rule Wizard Rule Wiz
49. sing an encryption method Password Check the checkbox to Set Password if you want the profile to have password protection and then specify a password by entering it in twice 6 Click lt Next gt to continue AirDefense Personal Users Manual 5 27 Wizards k Profile Wizard Profile Wizard Pustened S31Ds Airledanse Add bo List Remove from List Remiss 7 On this screen you can add in any Preferred SSID you want Please note that the check is CASE SENSITIVE 8 Click lt Next gt to continue fa Profile Wizard Profile izard HotSpots tmobile Add to List boingo Wayport_Access etwireless STSN cometa panera FastAccess hotspotzz Freedomlink Remove from List BTOpenzone Remove C ae 9 On this screen you can add in any Hotspot SSID you want Please note that the check is CASE SENSITIVE This can be used to differentiate between a non preferred SSID and a genuine hotspot although most customers treat both hotspot and non preferred SSIDs as the same in terms of a security risk 5 28 AirDefense Personal User Manual Wizards 10 Click lt Next gt to continue l Profile Wizard Profile Wizard Dlsck listed 72s Add bo List Aenea we from Liat Hermie ee 11 You can add Black listed SSIDs here Commonly these are networks from neighbors or internal Guest Wireless VLANs which you don t want your own users to
50. sing the Manager Graph Tabs To Access the Threat Level Table To access the table place your mouse on any bar in the graph and right click The table displays the following information Entries in the table are color coded according to their severity level Severe High Elevated Guarded Low Column Meaning User Name The user name assigned to this Agent Computer Name The alpha or numeric computer name of this Agent Threat Level The threat level for this Agent Severe High Elevated Guarded or Low Agent ID The MAC address of this Agent Last Seen The last date and time this alarm was generated for this Agent in the format mm dd yyyy hh mm ss am pm Using the Device Usage Tab The Device Usage tab displays an overview of all the different types of devices that are being used by all of the Agents in your AirDefense Personal system You can view a graph that summarizes the information or a more detailed table The graph shows e The number of each type of device in use e The type of device by color code AirDefense Personal Users Manual 4 3 Using the Manager Graph Tabs Device Usage E Bridge ME WLAN Right click on one of the segments in the graph to view chart information as table Device Usage UserName Computer Mame Threat Level Agent ID Last Seen Critical Alarms Prey 100 Next Double left click a row to display for the detailed information The Previous and
51. sonal Users Manual 5 9 Wizards 11 12 13 14 15 Mask Enter the mask you require Please note that the zero value means ignore this bit Mask Start and End Enter the start offset you wish to start matching with an optional End offset if needed Value Enter the registry value to search for The value will depend on your choice for Key Format For example if REG_DWORD was chosen then a text input box is needed along with a radio button for decimal or hexadecimal translation You also need to choose the trigger condition e By Selecting Trigger if registry value s DOES match you will return a positive detection to the agent if the process is installed e By Selecting Trigger if registry value s does NOT match you will return a positive detection to the agent if the process is NOT installed Click lt Next gt ka Rule Wizard AirDefense You have created edited or deleted a rule For your changes to take effect please press Enter Please press Cancel to discard your changes To close this wizard click Finish 16 By Clicking lt Finish gt you will commit the new rule or change if editing to the database If you are editing a rule which already appears in at least one distributed Profile then this will automatically update the profile as well The next time the agent reports to the server it will automatically download any updates AirDefense Personal User Manual Wiz
52. t lists statistics for that eS tab Double Left Click Option ial If you double left click on a particular row on the table each row pertains to a specific Agent the Agent Details screen is displayed Using the Threat Level Tab The Threat Level tab displays the threat levels and number of threats received against Agents in your AirDefense Personal system You can view a graph that summarizes the information or a more detailed table The graph shows e The number of threats e The color coded threat level of the threats received e The number of Agents polled Example The graph below shows that there are currently one elevated one Guarded and one Low threat against two Agents in the system AirDefense Personal Users Guide 4 1 Using the Manager Graph Tabs 4 2 Threat Status q gt Right click on one of the bars in the graph to view this information as a table Sai cs Threat Status al j User ame Computer Hame Threat Level AgentID Last Seen Critical Alarm Prey 10 ka Next Double left click on a row to view the Agent Detail screen an Agent The Previous and Next buttons page allow you to see more devices in this view You can choose the number of device per page by selecting this from the drop down box Right click on the table brings you back to the display to the graph view F i J AirDefense Personal User Manual U
53. that are selected to use within a policy e Response Name Choose from the drop down box of defined responses e Policy Rules to be included Each policy needs at least one rule You can select this one rule from the list of available rules by using the arrow buttons Transfer the rule into the alarm set as desired If you just select one rule the screen remains the same If you select more than one rule the Trigger Criteria field becomes active You must select an ANY ALL NO NOT ALL actions to determine how your policies relate to each other See example below AirDefense Personal Users Manual 5 21 Wizards 5 22 The following example shows a set of 3 rules Each rule is set to trigger if a process is running The next 4 columns show when a policy will fire a determined response based on choices made during policy creation policy Rules Set for to Trigger if process is running The above example can be used to explain a situation where a user wants to monitor 3 processes Depending on the requirements the user may want ANY ALL NO or NotAll processes to be running In this particular case the user has selected to check if a process is running and to return a positive detection to each rule if the process 1 3 is found to be running The user can then base his her response on the operators available For example let s say that processes 1 3 are all related to a security application As long as
Download Pdf Manuals
Related Search