Index

INDEX

A

accessing the popup menus

: alarm popup menu 5-2
: application popup menu 5-2
: machine popup menu 5-1

ACLs

: Cisco ACLs and NetRanger 2-6
: configuring NetRanger-defined ACLs 6-25
: configuring user-defined ACLs 6-23

adding an operational Sensor to an organization 3-30

advanced Director functions 9-1 to 9-42

alarms

: context 4-7
: daemon down 4-8
: daemon unstartable 4-9
: error 4-8
: intrusion 4-6
: labels 4-11
: OKAlarms 4-10
: popup menu 5-2
: route down 4-9

C

Caution

: changing a Sensor's NetRanger IDs 9-15
: changing symbol status source 9-34
: changing symbol type 9-34
: definition xxiv
: deleting nrConfigure databases 5-18
: deployment of shunning 1-4
: MAC media type in STK filters B-9
: maximum length of STK filter names B-10
: shun.fil filename B-3

changing status propagation schemes 9-35

configuration management

: across a distributed network 6-1
: and nrConfigure 1-10
: defined xxiii
: See also nrConfigure

customizing the Director's environment 4-13

D

database

: setting data collection and staging 6-11
: setting triggers 6-14
: See also DMP

device management

: configuring device management 6-17
: defined xxiii
: introducing 1-5
: upgrading device management 3-27
: See also network devices

Director

advanced functions 9-1 to 9-42

capabilities 1-6

: analysis of Sensor data 1-12
: collection of Sensor data 1-10
: Sensor management 1-9
: Sensor monitoring 1-7
: support for user-defined actions 1-12

changing interface parameters 9-35

changing map configuration parameters 4-13

customizing the Director's environment 4-13

event processing support 9-2 to 9-12

introducing 1-1

modifying and viewing entity attributes 9-21

placement on your network 2-8

setting HTML browser preference 4-14

starting 4-12

stopping 4-15

submap hierarchy 4-1

G

: generating reports from NetRanger data 7-19

I

icons

: deleting 9-22
: displaying attributes 9-21
: hiding and revealing 9-24
: introducing 1-7
: manually adding Application icons 9-20
: manually adding Collection icons 9-17
: manually adding Director icons 9-19
: manually adding Sensor icons 9-18
: repositioning on a submap 9-23
: saving attributes to a file 5-13
: working with 9-17

Insert Sensor utility 3-30

installation

adding an operational Sensor to an organization 3-30

Director

: before you install the Director 3-4
: configuring the Director after installation 3-10 to 3-13
: installing and configuring 3-4

Sensor

: assembling 3-14
: building (optional) 3-31
: completing the configuration 3-18 to 3-26
: configuration steps 3-14
: determining network configuration 3-15
: initializing 3-16
: installation parameters 3-17
: rear panel (figure) 3-15

upgrading device management 3-27

upgrading existing Sensors and Directors 3-26

upgrading signatures 3-29

L

: limiting access to NetRanger information 9-39

M

maps

: creating and using multiple maps 9-36
: using read-only maps 9-38

menu function

: Security>Network Device 5-12

menu functions

: Describe>Modify Symbol 9-33
: Edit>Add Object 9-17
: Edit>Delete 9-14, 9-15
: Edit>Delete>From All Submaps 9-22
: Edit>Describe/Modify Object 9-21
: Edit>Hide 9-24
: Faults>Events 9-10
: Locate>Objects 9-23
: Map>Maps>Describe/Modify 9-35
: Map>Maps>New 9-36
: Map>Refresh Map 9-38
: Map>Submap>Describe/Modify 9-34
: Options>Event Configuration 9-11
: Security>About the Director 5-19
: Security>Advanced>ACL Syslogs>Disable 5-16
: Security>Advanced>ACL Syslogs>Enable 5-16
: Security>Advanced>Logging>Show Log Filename 5-17
: Security>Advanced>Logging>Switch Log File 5-17
: Security>Advanced>nrConfigure DB>Backup 5-17
: Security>Advanced>nrConfigure DB>Create 5-17
: Security>Advanced>nrConfigure DB>Delete 5-18
: Security>Advanced>nrConfigure DB>Restore 5-18
: Security>Advanced>Reset Rel DB Status 5-18
: Security>Configure 5-8
: Security>Create>SNMP Trap 5-9, 9-10
: Security>Create>Trouble Ticket 5-9
: Security>Daemons>Restart 5-10
: Security>Daemons>Start 5-10
: Security>Daemons>Stop 5-10
: Security>Exclude Alarms 5-10
: Security>File Transfer 5-11
: Security>Help 5-19
: Security>Save to File 5-13
: Security>Show>Alarm Submaps 5-4
: Security>Show>Connection Status 5-5
: Security>Show>Context 5-4
: Security>Show>Current Events 5-5
: Security>Show>Daemons>Attributes 5-5
: Security>Show>Daemons>Status 5-6
: Security>Show>Daemons>Version 5-6
: Security>Show>Database Info 5-6
: Security>Show>IP Logging 5-7
: Security>Show>Shun List 5-8
: Security>Shun>Host 5-13
: Security>Shun>Network 5-14
: Security>Shunning>Disable 5-18
: Security>Shunning>Enable 5-18
: Security>Statistics>Reset 5-19
: Security>Statistics>Show 5-19
: Security>Unshun>All 5-15
: Security>Unshun>Host 5-14
: Security>Unshun>Network 5-15
: View>Automatic Layout 9-23

N

NetRanger

: architecture 1-15
: architecture (figure) 1-16
: components 1-1
: data collection 1-10
: types of connections (figure) 2-2

network devices

: and Sensor deployment 2-5
: Cisco access control lists 2-6
: defined xxiii
: types of devices supported 2-6

Network Security Database (see NSDB)

nrConfigure

components 6-2

configuring communications 6-6

configuring data management

: introducing 6-10
: setting data collection and staging 6-11
: setting triggers 6-14

configuring device management 6-17

configuring Director forwarding 6-28

configuring event processing

: configuring an event source to send events to eventd 6-35
: configuring and enabling eventd 6-31
: introducing 6-31
: setting up the infrastructure 6-31

configuring intrusion detection

: advanced setup 6-42
: basics 6-37
: introducing 6-37

configuring policy violation logging

: See also ACLs
: configuring NetRanger-defined ACLs 6-25
: configuring user-defined ACLs 6-23
: introducing 6-22

configuring the system files 6-48

introducing 1-9

nrdirmap

: changing registration files 9-25 to 9-30
: command line examples 9-31
: command line parameters 9-26 to 9-31
: disabling 9-39

NSDB

: accessing NSDB through HTML browser 8-2
: accessing NSDB through the Director interface 8-1
: introduction 8-1
: setting HTML browser preference 4-14

O

: OKAlarms 4-10

P

Post Office

: capabilities 1-13
: introducing 1-2
: message propagation (figure) 1-14
: see also nrConfigure

pre-installation

: deployment of network devices 2-5
: managing network devices 2-6
: placing the Director 2-8
: placing the Sensor 2-4
: understanding your network 2-1

S

Sensor

capabilities 1-2

: attack response 1-4
: device management 1-5
: network sensing 1-3

introducing 1-1

network device deployment 2-5

placement on a network 2-4

rear panel (figure) 3-15

types of connections (figure) 2-2

services

: introducing 1-15

shunning 6-20

: defined xxiv

signatures

: embedded 8-6
: how to set up string matching 8-7
: introducing 8-6
: introduction 8-6
: string matching 8-6 to 8-9

starting the Director 4-12

stopping the Director 4-15

submaps

: application 4-5
: collection 4-3
: introducing 4-1
: machine 4-4
: top level 4-2

sysconfig-director 3-10

sysconfig-sensor

: installation parameters 3-17
: Main Menu 3-16

syslog support 6-22

T

terminology xxiii

Timesaver

: building a Sensor 3-31
: definition xxv

troubleshooting A-1 to A-19

U

: uninstalling the Director 3-32
: upgrade information 3-26

W

Warning

: battery handling 3-2
: circuit breaker (15A) 3-3
: definition xxv
: grounded equipment 3-4
: installation 3-1
: installation warnings 3-1 to 3-4
: jewelry removal 3-2
: lightning activity 3-2
: power disconnection 3-2
: power supply 3-3
: product disposal 3-2
: SELV circuit 3-3
: TN power 3-3

Table of Contents

INDEX