copyright © 2002-2006 airdefense proprietary and confidential. deploying airdefense enterprise
TRANSCRIPT
Copyright © 2002-2006 AirDefense Proprietary and Confidential.
Deploying AirDefense Enterprise
Copyright © 2002-2006 AirDefense Proprietary and Confidential.
Deploying AirDefense Enterprise
Needs Assessment Installation Requirements Network Connections & User Interfaces Users & Roles Setting up AirDefense Enterprise Sensor Setup Sensor Deployment Enterprise UI
Copyright © 2002-2006 AirDefense Proprietary and Confidential.
Needs Assessment
What is at Risk ?
Which Locations are at Risk ?
Intended System Use
Sensor Needs
Server Needs
Employee Educational Needs
Copyright © 2002-2006 AirDefense Proprietary and Confidential.
What Devices are a Possible Threat
ASSETS
What WLAN devices are in my air space?
Which devices are mine?
Copyright © 2002-2006 AirDefense Proprietary and Confidential.
Setup Checklist Physical Resources
Standard, grounded 120/240 VAC connection
Keyboard and monitor (for local access to the Server)
Standard 19-inch rack (1U height) with mounting rails
Network Information
IP address (supports DHCP)
Subnet Mask
Default Gateway
DNS Servers
Mail Relay Server
IP Address (of the System the Admin uses)
Copyright © 2002-2006 AirDefense Proprietary and Confidential.
Interfaces Server
GUI – Web Browser Connection Perform most administrative and operational
tasks Four roles: admin, manager, guest and network
op
Command Line Interface or SSH Initial setup and configuration; as well as backup
Sensor GUI – Web Browser Connection
Initially configure sensor settings
Console (serial port connection – M400 only) Sensor maintenance
Copyright © 2002-2006 AirDefense Proprietary and Confidential.
Network Connectivity
8543
22
SSH Client
Console Client
Enterprise Appliance510 Sensor
Browser Client
443 or 80*
443 or 80*
https: 443
* Use port 443 if Encrypted (default) or port 80 if Unencrypted
520 Sensor
Copyright © 2002-2006 AirDefense Proprietary and Confidential.
Server Communication: Backup Server Sensors can be configured to support a backup server for
failover purposes.
Install a separate AirDefense server at same or an alternate location
Configure sensors with the address of the backup server
Periodically restore backup of primary server onto failover server
If a primary server failure occurs, or if the network for the primary server fails, sensors will connect to the backup server
Copyright © 2002-2006 AirDefense Proprietary and Confidential.
Server GUI Roles Admin User
Only Admin users have full read and write privileges, enabling them to make changes in all of AirDefense, including deleting users, and changing policy.
Can add new users to AirDefense and can assign them to a role, including as another admin user.
Manager Same as admin, but can’t create new users, manage the appliance or clear edit log
Guest User Guest users have read-only access to the following GUI program areas:
Dashboard, Alarm Manager, Sensor Manager, Policy Manager, Notification Manager
In addition, Guests have privileges to Set their own user preferences and passwords in the Admin program area Create and save alarm filters in Alarm Manager
Network Operator Network operators have the same read-only access as Guest users But, they can acknowledge, clear, and purge alarms in the Alarm Manager program
area.
Copyright © 2002-2006 AirDefense Proprietary and Confidential.
ADDadmin
Set of utilities for setup, basic configuration, and backup
Default server IP address 192.168.100.2
Important! AirDefense reboots on exit from the Command Line Interface on execution of some programs. AirDefense will automatically reboot and the new settings will take effect.
Copyright © 2002-2006 AirDefense Proprietary and Confidential.
Accessing ADDadmin: Direct Access Via Keyboard / Monitor
Connect monitor / keyboard to AD server
Wait for login prompt and type credentials
Type ADDadmin
Via SSH Launch SSH client (version 2+)
Enter username / password
Type ADDadmin
Remember command line username / password different then web browser
Copyright © 2002-2006 AirDefense Proprietary and Confidential.
Launching ADDadmin
Copyright © 2002-2006 AirDefense Proprietary and Confidential.
Changing Passwords Log in to the Command Line Interface.
Type m, press <Enter> at the command prompt.
Copyright © 2002-2006 AirDefense Proprietary and Confidential.
Changing Passwords: Command Line Type the line number of the user whose password you
want to change (smxmgr or smxarchive). Press <Enter>. If you are the Command Line User smxmgr and you
pressed “1,” AirDefense prompts you for your current UNIX password. Type in your password now. AirDefense then prompts you for a new password.
If you are the Command Line User smxarchive and you pressed “2,” AirDefense prompts you for a new password.
Type the new password. Press <Enter>. Type the new password again. Press <Enter>.
Copyright © 2002-2006 AirDefense Proprietary and Confidential.
Add a User Type WEBU, press <Enter>.
Select Change a Password.
Type the name of the Web User for the password change, press <Enter>.
Type the current Web User password, press <Enter>.
Type the new Web User password, press <Enter>.
Type the new Web User password again, press <Enter>.
AirDefense asks you if you would like to change the password for this user.
Type yes or no, press <Enter>.
Copyright © 2002-2006 AirDefense Proprietary and Confidential.
Entering Configuration
Type “c” then press enter for configuration
Copyright © 2002-2006 AirDefense Proprietary and Confidential.
Configuring Initial Settings
For each required setting, type the name of the ADDadmin utility at the prompt and provide the required information for each setting. Type “Yes” to save the input.
IP—to set the IP address, subnet mask, and default gateway of the AirDefense Server
DNS—to define DNS servers
HNAME—to set the Host Name
DNAME—to set the Domain Name
HALLOW—to set Allowed Hosts (for SSH access)
MRELAY—to configure the AirDefense Server to point to a mail relay host
TIME—to set the AirDefense Server’s operating time and date (alternative: enable NTP)
TZ—to set the AirDefense Server’s time zone (alternative: enable NTP)
NTP—enable a specific network time server (NTP) instead of setting TIME and TZ Type q, press <Enter> to return to the ADDadmin main menu.
Type q, press <Enter> again to quit the Command Line Interface—The system automatically reboots.
Copyright © 2002-2006 AirDefense Proprietary and Confidential.
Sensor Setup
Checklist
AirDefense Sensor
IP Address of the Primary AirDefense Server
IP Address of Secondary server for Failover.
IP Address of Sensor (DHCP default)
Copyright © 2002-2006 AirDefense Proprietary and Confidential.
Sensor Setup Four Options:
Cross-over cable via Default IP Address Use Crossover RED cable in the box Setup Laptop to 192.168.100.x IP Range Connect to sensor : https://192.168.100.100
DHCP/Static IP connected via Hub/Switch Connect Sensor to network. Determine IP Address (e.g. Kiwi Syslog) Connect to sensor via web UI : https://<IP-of-Sensor>
Console access via Serial Cable and Hyperterm (M400 only) Connection setup : Port-COM1, Speed-1152000bps, Flow-None, Data
bits-8, Parity-None, Stop bits-1 Login - admin/airdefense
Zero-Config Option – DHCP server provides IP, ServerIP “043 Vendor Specific Option” in your DHCP Server Use gendhcp.exe to generate value string.
Copyright © 2002-2006 AirDefense Proprietary and Confidential.
Sensor Communication: Overview
Sensors connect to server only through wired network
Sensors use PKI authentication
Communicate in Clear text or Encrypted (default)
Communication over TCP/IP (Layer 3)
Sensors Initiate communication (no Network Address Translation needed)
3 Missed Heartbeats result in Sensor Failover to secondary server
Copyright © 2002-2006 AirDefense Proprietary and Confidential.
Sensor UI
Copyright © 2002-2006 AirDefense Proprietary and Confidential.
Sensor Deployment
Use Sensor deployment guide PDF for planning
Use AirDefense Architect to predict sensor placements
Determine if Power-over-Ethernet will be used or not
Model 400 : custom AirDefense POE
Model 510 / Model 520: Standard 802.3af compatible POE
Determine if ZeroCabling option can be used
Note down Sensor Info (IP, MAC etc) and location on Map
Order cabling (if needed)
Install Sensor at the specified location.
Copyright © 2002-2006 AirDefense Proprietary and Confidential.
Enterprise-Class Scalability with Lowest TCO
Easy to use dashboards and wizards Automatic classification of network devices Role-based & domain-based views Events prioritized by threat level Actionable alarms allow administrators to
efficiently solve problems
Simple Daily Administration
Hundreds of locations can report back to a centralized server
Supports up to 100,000 devices & hundreds of sensors per server
Start-up wizard to simplify initial system setup & configuration
Low bandwidth requirements (< 3 Kbps per sensor)
Appliance-based solution Zero-config sensors
Scalable & Easily Managed Platform
23
View by Locations/Groups/
Sensors
Easy to understand alarm explanations &
recommendations
Copyright © 2002-2006 AirDefense Proprietary and Confidential.
Sensor Density Recommendations
Copyright © 2002-2006 AirDefense Proprietary and Confidential.
AirDefense ZeroCabling solutionPOE Switch with
power on data pair
802.3af compliant Access Point
Y-cable
Y-cable
802.3af compliant AirDefense Sensor
Up to 300 ft. Cat5
Obviates the need for Sensor Cabling
Piggy-backs on the existing AP cabling
Substantial cost and time reduction for sensor deployment
Uses 2 Switch ports and provides full 12.95W – 15.4W to each device
Sensor is not inline: hence sensor failure does not impact AP
Copyright © 2002-2006 AirDefense Proprietary and Confidential.
Sensor Troubleshooting Solving Orphaned Sensor Problem
Cross-over cable via Default IP Address
Use Crossover RED cable in the box
Setup Laptop to 192.168.100.x IP Range
Connect to sensor : https://192.168.100.100
Network Sniffing for ARP requests
Either connect to sensor via Crossover or on network
Using Ethereal, sniff ARP requests from Sensor MAC address
Console access via Serial Cable and Hyperterm
Connection setup : Port-COM1, Speed-1152000bps, Flow-None, Data bits-8, Parity-None, Stop bits-1
Login - admin/airdefense
Note down Sensor Configuration from the status screen
Copyright © 2002-2006 AirDefense Proprietary and Confidential.
Sensor Troubleshooting
Solving Connectivity Problems Check light on the Sensor for network connectivity
On Console, verify the Sensor boot up process
Check Switch Port for Sensor MAC
Check Link Speed (default Auto : 100Mbps Full Duplex)
Ensure Port 443 can connect from sensor to server (No firewalls blocking that port)
View Sensor Status (Web UI – status)
View Sensor Syslog (Web UI - status)
Run Netstat command on the Server to check Sensor connection with Server
Check Server UI for Sensor Online/Offline status
Copyright © 2002-2006 AirDefense Proprietary and Confidential.
AirDefense Enterprise GUI Downloadable Application
Certain prerequisites
Copyright © 2002-2006 AirDefense Proprietary and Confidential.
Enterprise GUI Use Before you access the GUI for the first time, you
must download and run the installer from the thin client web page at one of the following locations:
• https://<server_ip_address>:8543
• https://<server_name>:8543
After you finish the GUI installation, you can log in remotely from a browser.
The GUI is not accessible directly from the AirDefense Server.
Copyright © 2002-2006 AirDefense Proprietary and Confidential.
Logging Into the Enterprise GUI
1. Accept the Security Certificate2. Download the correct
application for your OS3. Supports both Linux and
Windows Platforms
Copyright © 2002-2006 AirDefense Proprietary and Confidential.
GUI Prerequisites
The AirDefense GUI requires
a minimal resolution setting of: 1024 x
768, which you set on your computer.
Copyright © 2002-2006 AirDefense Proprietary and Confidential.
Summary
Basic Needs and Requirements
Network Connections & User Interfaces
Enterprise Setup
Sensor Setup
Copyright © 2002-2006 AirDefense Proprietary and Confidential.
Summary
33