QAHandbookSourcefireWord下载.docx
- 文档编号:20693850
- 上传时间:2023-01-25
- 格式:DOCX
- 页数:9
- 大小:627.56KB
QAHandbookSourcefireWord下载.docx
《QAHandbookSourcefireWord下载.docx》由会员分享,可在线阅读,更多相关《QAHandbookSourcefireWord下载.docx(9页珍藏版)》请在冰豆网上搜索。
4.2IDSExternalTAP4
5.DefenseCenterOperations5
6.Teststeps9
7.DebugmethodsandKnownissues9
1.Introduction
TheSourcefire3DSystemprovidesyouwithreal-timenetworkintelligenceforreal-timenetworkdefense.Ithasthetoolsyouneedto:
discoverthechangingassetsandvulnerabilitiesonyournetwork,determinethetypesofattacksagainstyournetworkandtheimpacttheyhavetoyourbusinessprocesses,anddefendyournetworkinrealtime.
TIPS:
1.1Wherecanwegetthesourcefiresoftware?
Locatethedirectorytothe/software/cbsnas2/SourceFire/4.10.0/,youcandownloadthesoftwarewhichyouwanttoinstalltotheXOSandinstallit.
1.2AbouttheDefenseCenterupgrading
ThenewestDefenseCenterversionis4.10.2.2,youcandownloadandinstallthenewestpatchfrom/software/cbsnas2/SourceFire/4.10.2.2,pleaseseethe“5DefenseCenter-->
Bynavigation:
Operations→Update:
”
1.3TheDefenseCenter’sIPaddressis192.168.213.231,thepasswordissameastheusernameadmin
1.4InordertoinstalltheSourcefire,theharddiskismustrequired.
1.5Knownissue:
thepolicyforthenetwork/vlan,therelevantebasicpolicy(InitialInlinePolicy/InitialPassivePolicy)needstobeinstalledfirstly,afterthat,theuser’spolicyshouldbeinstalled.
2.Component
SourcefireIPS,theintrusiondetectionandpreventioncomponent
SourcefireRNA,theReal-timeNetworkAwarenesscomponent
SourcefireRUA,theReal-timeUserAwarenesscomponent
SourcefireDefenseCenter
TIP!
Sourcefire3DSensorSoftwareforX-SeriesPlatformcanrunIPSandRNAbutnotRUA.
3.Prerequisite
TheX-SeriesPlatformisinstalledandconfigured
TheX-SeriesPlatformisrunningXOSversion9.0orlatereachCPMhasamininumof4GBofRAMeachAPMhasamininumof2GBofRAMandalocalharddiskxslinux_v5vap-groupavailableandaccessibleDefenseCenter(192.168.213.231)correctcbipackage.
4.Basictopologyandconfiguration
IPSmode
circuitbr
device-namebr
vap-groupsf
circuitins
device-nameins
promiscuous-modeavtive
circuitouts
device-nameouts
promiscuous-modeactive
bridge-modebrtransparent
interfacegigabitethernet1/1
logical-allins
interfacegigabitethernet1/2
logical-allouts
4.1IDSInternalTAP
vap-groupfw
ip-forwarding
ip16.0.0.100/24
promiscuous-mode
ip17.0.0.100/24
logicalins
logicalouts
4.2IDSExternalTAP
TheconfigurationsaboutXOS:
circuitmonitor
device-namemonitor
logical-allmonitor
TheconfigurationsCiscoSwitch:
monitorsession1sourceinterfacegi0/1
monitorsession1destinationinterfaceGi0/7encapsulationdot1qingressdot1qvlan2407<
---有VLAN的配置方法
monitorsession1destinationinterfaceGi0/7ingressdot1qvlan1<
---没有VLAN的配置方法
5.DefenseCenterOperations
DCaccess
Sensorcreation
Bynavigation:
Operations→Sensors:
Interface-Setcreation
Operations→InterfaceSets:
DetectionEnginecreation
Operations→DetectionEngines:
Sensorupdate
Rulescreation/modification
Policy&
Response→IPS→InstrusionPolicy:
Policycreation/push
Logs
Analysis&
Reporting→IPS→InstrusionEvents:
6.Teststeps
InstallXOS
Setbasicconfiguration(vap-group,mgmt,iproute,bridgeorTAP)
CopytheSFinstallationcbipackageto/crossbeam/apps/archive
InstallSFbyCLIcommand“application….”eachparameterandreloadvap-group
WebaccesstoDC
CreatesensorperVAP
CreateInterface-SetperVAP
CreateDetectionEngine
Updatesensorfrom4.10.0torequiredversion(4.10.22)
Createspecficrules
Createpolicyandaddrules
Sendtrafficandverify
7.DebugmethodsandKnownissues
7.1CapturethepackageintheVAP
7.1.1[root@x82admin]#rshsf410_1
7.1.2runthecommand“source/opt/sf/profile”
sf410_1(x82):
~#source/opt/sf/profile
7.1.3Capturethepackageontheinterfacetapcir)
~#/opt/sf/usr/sbin/tcpdump-i%Xtapcir
7.2SincetheLogabouttheSFisveryslowly,wecanusethetool“sflib.sh”tocheckoutthelogimmediately.
7.2.1Copythescriptsflib.shtothe/tmp(CPM)
7.2.2Changetheattributeofthisfile
7.2.3Runthescript
sourcesflib.sh
7.2.4Runthecommand“setlog”
7.2.5RestarttheserviceaboutSF
7.2.6Runthecommand“chklog”
7.2.7Finally,runthecommand“outlog”tocheckoutthelog
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- QAHandbookSourcefire