Installation Guide McAfee Asset Manager Sensor Version 6.5
COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee AppPrism, McAfee Artemis, McAfee CleanBoot, McAfee DeepSAFE, epolicy Orchestrator, McAfee epo, McAfee EMM, McAfee Enterprise Mobility Management, Foundscore, Foundstone, McAfee NetPrism, McAfee Policy Enforcer, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, SmartFilter, McAfee Stinger, McAfee Total Protection, TrustedSource, VirusScan, WaveSecure, WormTraq are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other names and brands may be claimed as the property of others. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. 2 McAfee Asset Manager Sensor Installation Guide
Contents Preface 7 About this guide... 7 Related Documents... 7 Audience... 7 Conventions... 7 What s in this guide... 8 Finding product documentation... 8 1 Introducing the McAfee Asset Manager Solution Suite 9 The McAfee Asset Manager Solution Suite... 9 Architecture... 9 Installation method... 10 2 Installation Requirements 11 Installation checklist... 11 Installation requirements... 12 Hardware specifications... 12 Networking... 12 Switch access (SNMP configuration)... 13 Client-side requirements... 13 Information required for installation... 14 Non-trunked network interface ( static )... 14 Trunked network interface... 14 Additional information... 14 3 Install the McAfee Asset Manager Sensor 17 Install the McAfee Asset Manager Sensor software... 17 4 Installing McAfee Asset Manager Sensor on VMware ESX servers 21 Configuring the passive network interface... 21 Modifying the vswitch configuration... 22 Configuring the active NIC (VLAN trunk)... 22 Creating a virtual machine for the McAfee Asset Manager Sensor... 23 Installing the software... 24 5 Accessing the McAfee Asset Manager Sensor 25 Accessing the McAfee Asset Manager Sensor... 25 6 McAfee Asset Manager Sensor post-installation configuration 27 Active network services detection (optional)... 28 Post-installation configuration... 28 Networking... 29 Network configuration... 29 Configure a passive interface... 29 Configure a static interface... 30 Configure a trunked interface... 30 Configure a sub-interface... 31 Configure an interface as disabled... 31 McAfee Asset Manager Sensor Installation Guide 3
Remove an interface configuration... 31 Edit the configuration... 31 Networking configuration verification... 32 Verify the initial network configuration... 32 Verify the NIC configuration... 33 Active interface configuration testing... 36 Examine network traffic received by a passive interface(s)... 37 Visual identification of passive interface problems... 38 DNS settings... 39 Configure DNS resolution... 39 Topology discovery related configurations... 39 SNMP community strings... 39 Configure SNMP... 39 Define external network settings... 43 Configure external networks by IP address... 43 Configure external networks by subnet... 43 Active network services detection (optional)... 44 Deep audit (optional)... 44 Microsoft Windows-based device auditing... 45 *NIX-based device auditing... 47 ESX virtual device auditing... 47 Audit module configuration... 47 Credentials for *NIX-based devices... 48 Configure credentials for ESX virtual devices... 49 Define the Exclude list... 49 Initiate an audit... 50 View the auditing report... 50 Active Directory credentials (optional)... 50 Configure wireless networks (optional)... 51 Post-installation information verification... 52 Verify subnet information... 52 Verify detected switches... 52 Verifying the physical network topology schema... 53 Verify the deep audit process results... 53 Profile alignment... 54 Generating a profile... 54 7 Remote sensor settings (optional) 57 McAfee Asset Manager remote sensor... 57 Remote sensor configuration... 57 SNMP traps and informs... 58 4 McAfee Asset Manager Sensor Installation Guide
Contents McAfee Asset Manager Sensor Installation Guide 5
Preface This document is provided in order to assist in the successful installation of the McAfee Asset Manager Sensor software. About this guide The document includes general information about the system, and describes the requirements and procedures for installing the McAfee Asset Sensor software. Related Documents McAfee Asset Manager Sensor User Guide McAfee Asset Manager Console User Guide Audience McAfee documentation is carefully researched and written for the target audience. The information in this guide is primarily intended for: Administrators People who implement and enforce the company's security program. Users People who are responsible for configuring the product options on their systems, or for updating their systems. Conventions This guide uses the following typographical conventions and icons. Book title or Emphasis Bold User input, Path, or Code Hypertext : Tip: Important/Caution: Title of a book, chapter, or topic; introduction of a new term; emphasis. Text that is strongly emphasized. Commands and other text that the user types; the path of a folder or program; a code sample. A live link to a topic or to a website. Additional information, like an alternate method of accessing an option. Suggestions and recommendations. Valuable advice to protect your computer system, software installation, McAfee Asset Manager Sensor Installation Guide 7
Introducing the McAfee Asset Manager Solution Suite Finding product documentation network, business, or data. Warning/Danger: Critical advice to prevent bodily harm when using a hardware product. What s in this guide This guide is organized to help you find the information you need. Chapter 1, The McAfee Asset Manager Solution Suite Describes the McAfee Asset Manager Solution Suite and its architecture. Chapter 2, Installation Requirements Details the installation prerequisites. Chapter 3, Installing the McAfee Asset Manager Sensor Describes how to install the McAfee Asset Manager Sensor. Chapter 4, Installing McAfee Asset Manager Sensor on VMware ESX Servers Describes how to configure the networking of a VMware ESX server in preparation for installing McAfee Asset Manager Sensor on a virtual machine. Chapter 5, Accessing the McAfee Asset Manager Sensor Describes how to access the McAfee Asset Manager Sensor. Chapter 6, McAfee Asset Manager Sensor Post-Installation Configuration Describes the McAfee Asset Manager Sensor Post Installation Configuration. Chapter 7, Remote Sensor Settings (Optional) Describes the Remote Sensor settings. Finding product documentation McAfee provides the information you need during each phase of product implementation, from installation to daily use and troubleshooting. After a product is released, information about the product is entered into the McAfee online KnowledgeBase. 1 Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com. 2 Under Self Service, access the type of information you need: To access User documentation KnowledgeBase Do this 1 Click Product Documentation. 2 Select a Product, then select a Version. 3 Select a product document. Click Search the KnowledgeBase for answers to your product questions. Click Browse the KnowledgeBase for articles listed by product and version. 8 McAfee Asset Manager Sensor Installation Guide
1 Introducing the McAfee Asset Manager Solution Suite This chapter introduces the McAfee Asset Manager Solution Suite and its architecture. Contents The McAfee Asset Manager Solution Suite The McAfee Asset Manager Solution Suite Total Network Visibility with Real-Time Network, Device, and User Intelligence McAfee Asset Manager provides a 360 view into the actual state of your network security. It builds and maintains a complete and accurate inventory of ALL devices operating on the enterprise network. Utilizing unique profiling technology, McAfee Asset Manager provides meaningful network, device and user intelligence, thereby reducing ambiguity and enabling better decision making based on accurate and in-depth audit information. Network information is continuously collected to reflect the actual current state of the network. McAfee Asset Manager detects 20%-50% of additional devices residing on an enterprise network, which otherwise would not be accounted for. McAfee Asset Manager automatically performs security configuration audits based on the asset classification information collected, simplifying the process of conducting network-wide security configuration audits. McAfee Asset Manager provides efficient security compliance tracking and auditing procedures, highlighting the gap between the actual security configurations of devices to industry best practices. McAfee Asset Manager can integrate with your security ecosystem to enhance the operation of your existing security products and provide total network visibility with real-time network intelligence. The McAfee Asset Manager takes a unique approach and is an agentless solution; it does not require any integration with infrastructure components and is vendor agnostic. Architecture The McAfee Asset Manager Solution Suite is a distributed application where Sensors are deployed in different organizational locations and report to a centralized console. A Sensor can be installed as an appliance and as a virtual appliance, and also supports remote deployment. The McAfee Asset Manager Console is a software-based application that enables IT management to easily control multiple McAfee Asset Manager Sensors deployed on multiple distributed networks. The McAfee Asset Manager Console consolidates information from hundreds of Sensors into a unified management view using a single web-based user interface. McAfee Asset Manager Sensor Installation Guide 9
Introducing the McAfee Asset Manager Solution Suite The McAfee Asset Manager Solution Suite The McAfee Asset Manager Sensor and the McAfee Asset Manager Console are software basedproducts shipped as an ISO image including an underlying hardened Linux operating system (based on the Debian Linux distribution) and the McAfee Asset Manager application. Installation method The McAfee Asset Manager suite is a software ISO image that can be used to install both the McAfee Asset Manager Sensor and the McAfee Asset Manager Console. Installing both the MAM console and sensor on the same machine is not a supported deployment option for production environments. 10 McAfee Asset Manager Sensor Installation Guide
2 Installation Requirements This chapter details the minimum hardware platform requirements. Contents Installation checklist Installation requirements Installation checklist For successful installation of the McAfee Asset Manager Sensor, it is important to adhere to the guidelines set forth in this installation checklist. Hardware Physical or virtual appliance with appropriate hardware specification Hardware compatibility with MAM platform in case of a physical appliance Network A span port configured on a switch that terminates layer-2 traffic of the networks to be monitored (more than a single span port can be used with additional passive network interfaces). The span port should mirror traffic coming in and going out of the networks to be monitored A regular switch port on a switch part of a network to be monitored, or a Trunk port allowing layer-2 access to the VLANs/subnets Other configuration SNMP community string(s) to allow read-only access to managed switches operating on the network A single IP address and its related network configuration, or an IP address on each VLAN/subnet Credentials that allow probing VMware ESX servers, Microsoft Windows and *NIX-based operating systems (optional) Credentials that allow probing an Active Directory server (optional) Client-side requirements JAVA JRE Version 6.0 or above Microsoft Internet Explorer 7.x/8.x/9.x McAfee Asset Manager Sensor Installation Guide 11
Installation Requirements Installation requirements Installation requirements For successful installation of the McAfee Asset Manager Sensor, it is important to adhere to the guidelines set forth in the following sections. Hardware specifications For general sizing guidelines and hardeware requirements, please refer to the "MAM v6.5 General Sizing Guidelines" document. Networking McAfee Asset Manager Sensor uses two types of NICs: The first type is used to perform surgical active probing. It is called the Active network interface. The first Active network interface is also used for the management user interface. The second type is used to observe network traffic coming in to and going out of monitored networks. Such a NIC receives network traffic and does not transmit any. It is called the Passive network interface and should be connected to a switch span/mirror port. McAfee Asset Manager Sensor should be connected using at least two NICs, an active NIC and a passive NIC. Depending on the network structure and topology, it can also use several active and/or passive NICs. For profiling mobile devices, the wireless networks should be configured for bridged mode. Passive network interface card Passive NICs need to be connected to a central switch, passively receiving network traffic coming in and out of all of the monitored network(s) using the switch s span port (i.e., mirroring port). The information received through the passive NICs must include network traffic, layer-2 and above, coming in and out of all of the monitored network(s); therefore the passive NICs need to be connected to a central switch (the Core switch in many cases) that terminates layer-2 traffic. The passive NICs can handle up to 1 Gbit/sec of network traffic. An NIC used as a passive interface should be a 10/100/1000 Mbit/s NIC. A 10/100 Mbit/s NIC can be used only when less than 100 Mbit/s of traffic is expected to pass through it. Active network interface card Regular port When a single network is monitored by McAfee Asset Manager Sensor, the active NIC must be connected to one of the switches that is part of the monitored network and be assigned an IP address belonging to the monitored IP network. When multiple networks are monitored, the IP address assigned to the active NIC must belong to one of the monitored networks. The IP address assigned to the McAfee Asset Manager Sensor must be allowed to send query packets to any device on any monitored network. 12 McAfee Asset Manager Sensor Installation Guide
Installation Requirements Installation requirements In a multi-vlan environment, the IP address assigned to the McAfee Asset Manager Sensor must belong to one of the monitored VLANs, and must be allowed to send query packets to any device on any monitored VLAN. Trunk port If the active NIC is connected to a Trunk switch port, the active NIC should be assigned an IP address on each monitored VLAN. One of the VLANs is designated as the default VLAN and its IP address must be allowed to send query packets to any device on any other VLAN. The NIC used as an active interface should be a 10/100 Mbit/s NIC. A faster card may be used. McAfee Asset Manager Sensor supports the configuration of sub-interfaces on nontrunked active interfaces. Network requirements 3 A span port configured on a switch that terminates layer-2 traffic of networks to be monitored (more than a single span port can be used with additional passive network interfaces if needed). The span port should mirror traffic coming in and out of the networks to be monitored. 4 A regular switch port on a switch part of a network to be monitored, or a Trunk port allowing layer-2 access to VLANs/Subnets (multiple active interfaces may also be used if needed). Switch access (SNMP configuration) The McAfee Asset Manager Sensor requires read-only access to all managed switches in order to provide a complete physical network topology map, and location-related information for the devices it monitors. The following conditions must be met as part of the SNMP configuration: The SNMP protocol must be enabled on all switches (v1, v2, or v3) operating on a network. The McAfee Asset Manager Sensor must have the ability and permission to query all of the manageable switches operating on the network. The SNMP community strings for read-only access used with the switches must be configured for the McAfee Asset Manager Sensor (in the Configuration module). The SNMP v1 public community string is defined by default. Probing switches with SNMP traffic can be turned off. It is controlled by a system parameter, SNMP Queries Enabled, located under Configuration > System Parameters > Real- Time. By-default this setting is set to Yes. Changing its value to No disables sending SNMP queries. that if set to No, the topology and device location will not be available. Refer to the McAfee Asset Manager Sensor FAQ for more information on how to verify (and troubleshoot) the correct SNMP community strings information and the switches' willingness to communicate with the McAfee Asset Manager Sensor. Client-side requirements The following are the prerequisites for a computer accessing the web interface of the McAfee Asset Manager Sensor: McAfee Asset Manager Sensor Installation Guide 13
Installation Requirements Installation requirements 1 Java JRE Version 6.0 or above must be installed on the client system and configured in the browser in order to access the McAfee Asset Manager Sensor and enjoy the full capabilities of the GUI. To install Java, refer to http://www.java.com. 2 Microsoft Internet Explorer 7.x/8.x/9.x. Information required for installation The initial configuration of the McAfee Asset Manager Sensor requires the configuration of a single active interface. The active interface may be configured as: Static: A static IP address is assigned to the NIC. Trunk: The NIC is connected to a switch trunk port. Trunk (Native VLAN): The NIC is connected to a switch trunk port using the VLAN ID, which is designated as native (i.e., will not use the 802.1Q encapsulation for packets sent on the trunk). Non-trunked network interface ( static ) The following information must be configured as part of the initial installation process for a nontrunked network interface: IP address and network configuration information: The McAfee Asset Manager Sensor must have an IP address for at least one of its active NICs. This IP address must be a static IP address. Additional networking parameters must be configured, such as the network address mask and the default gateway s IP address. Trunked network interface The following information must be configured when the active NIC is connected to a trunk switch port: The VLAN ID of the VLAN to be used by the active NIC Knowledge whether or not this VLAN ID acts as the Native VLAN for the network Network configuration information: IP Address Network address mask The default gateway s IP address for this VLAN Additional information The following information is required after the initial install: Any network configuration-related information required to configure the rest of the NICs (which interface(s) will be configured as passive, continuing the configuration of the trunked active NIC, configuring additional active cards whether static or trunked, and so on). The configuration can be performed in the Configuration > Network > TCP/IP page of the McAfee Asset Manager Sensor GUI. 14 McAfee Asset Manager Sensor Installation Guide
Installation Requirements Installation requirements SNMP community strings for the switches operating on the network. The SNMP community strings used with manageable switches operating on the network must be configured for the McAfee Asset Manager Sensor in the Configuration module of the web interface after the initial installation of the system. Credentials that allow probing VMware ESX servers, Microsoft Windows and *NIX-based operating systems for deep auditing (optional). Credentials that allow probing an active directory server (if applicable) in order to retrieve additional user-related information about an identified logged on user (optional). Figure 1: McAfee Asset Manager Sensor Deployment McAfee Asset Manager Sensor Installation Guide 15
Installation Requirements Installation requirements 16 McAfee Asset Manager Sensor Installation Guide
Install the McAfee Asset Manager Sensor Install the McAfee Asset Manager Sensor software 3 Install the McAfee Asset Manager Sensor This chapter describes how to install the McAfee Asset Manager Sensor. Contents Install the McAfee Asset Manager Sensor software Install the McAfee Asset Manager Sensor software Before you begin Verify that all of the prerequisites detailed in Chapter 2, Installation Prerequisites, have been met. 1 Verify that the BIOS Setup is configured to boot from the CD ROM/DVD. 2 Insert the installation CD into the CD-ROM/DVD drive. 3 Boot the system. After the operating system has loaded, the Installation page is displayed. 4 Select the Install option from the menu for graphical installation mode. The advanced and Text Install options should only be used by McAfee personnel for debugging purposes. The Detect Network Hardware page is displayed. When the network hardware detection process is complete, the Welcome to the McAfee Asset Manager Installer screen is displayed. 5 Click Continue to acknowledge formatting the drive prior to the software installation. Formatting the disk is mandatory for the installation. 6 Set the password for the root user. The Software selection page is displayed. 7 For the McAfee Asset Manager Sensor installation, select McAfee Asset Manager Sensor, then click Continue. McAfee Asset Manager Sensor Installation Guide 17
Install the McAfee Asset Manager Sensor Install the McAfee Asset Manager Sensor software 8 In the Configuring Sensor screen, enter the name of the physical location of the McAfee Asset Manager Sensor, then click Continue. The End User License Agreement is displayed. 9 Read the license agreement carefully, then click Continue. The License confirmation page is displayed. 10 Select Yes to confirm your agreement to the license terms, then click Continue to begin the installation process. The installation process begins. After a few minutes, the computer ejects the CD and automatically reboots. When the computer restarts and the system boots for the first time, the Initial IP Configurator screen is displayed. To navigate within the configuration screens, use the arrow keys, the TAB key, and the Enter key. 11 Select Yes to allow the installation system to attempt enumerating network settings, enabling the automatic configuration of key networking parameters. Otherwise select No to continue. When Yes is selected, the network settings are automatically enumerated. The active NIC configuration screen is displayed (regardless of the selection made). The initial configuration of the McAfee Asset Manager Sensor mandates configuring a single active network interface. After the initial install, all other network configuration is to be performed in the Configuration > Network > TCP/IP page of the McAfee Asset Manager Sensor GUI. 12 Press <Enter> to list the interfaces available for configuration. Use the arrow keys to navigate and select the interface you want to configure, then press <Enter> again. 13 Press Tab to move to the Interface Options and select the required interface type: Static: A static IP address is assigned to the NIC. Trunk: The NIC is connected to a switch trunk port. Trunk (Native): The NIC is connected to a switch trunk port using the VLAN ID, which is designated as native (i.e., it will not use 802.1Q encapsulation for packets sent on the trunk). McAfee Asset Manager Sensor supports the configuration of multiple active NICs, or one or more trunk ports. McAfee Asset Manager Sensor supports the configuration of multiple passive NICs. 14 Press the TAB key to select and configure the remaining required network configuration parameters: IP address, Netmask, default gateway and, if needed, the VLAN ID. 15 Select Next. The DNS Configuration page is displayed. 16 Type the IP address of your primary DNS server under Primary DNS IP Address. 17 If using a secondary DNS server, type its IP address under Secondary DNS IP Address. 18 Insert the fully qualified domain name of your DNS domain under Fully Qualified Domain Name (FQDN). 19 Select Next. The Time Configuration screen is displayed. 18 McAfee Asset Manager Sensor Installation Guide
Install the McAfee Asset Manager Sensor Install the McAfee Asset Manager Sensor software 20 In the Time Configuration page, type the IP address or the hostname of your NTP server under NTP Server IP Address/Name. 21 Select either the Time Zone or the Country where the McAfee Asset Manager Sensor is installed to correctly align the time zone of the McAfee Asset Manager Sensor. 22 Select Finish. McAfee Asset Manager Sensor Installation Guide 19
Install the McAfee Asset Manager Sensor Install the McAfee Asset Manager Sensor software 20 McAfee Asset Manager Sensor Installation Guide
4 Installing McAfee Asset Manager Sensor on VMware ESX servers This chapter describes how to configure the networking of a VMware ESX server in preparation for installing McAfee Asset Manager Sensor on a virtual machine. Contents Configuring the passive network interface Modifying the vswitch configuration Configuring the active NIC (VLAN trunk) Creating a virtual machine for the McAfee Asset Manager Sensor Installing the software Configuring the passive network interface This section describes how to create a vswitch to be used for passive monitoring or as an active VLAN Trunk. 1 Log in to the VMware VI Client, then select the server from the inventory panel. The hardware configuration page for this server is displayed. 2 Click the Configuration tab, then click Networking. 3 Click the Add Networking link. 4 On the right side of Add Network Wizard screen, click Add Networking. The virtual switches are presented in an overview and details layout. 5 Accept the default connection type, Virtual Machines, then click Next. 6 In the Network Access screen, select Create a virtual switch, then click Next. 7 In the Connection Settings screen, enter 4095 in the VLAN ID field; the port group will receive network traffic from any VLAN while leaving the VLAN tags intact. McAfee Asset Manager Sensor Installation Guide 21
Installing McAfee Asset Manager Sensor on VMware ESX servers Modifying the vswitch configuration Modifying the vswitch configuration 1 Log in to the VMware VI Client, then select the server from the inventory panel. The hardware configuration page for the server is displayed. 2 Click the Configuration tab, then click Networking. 3 On the right side of the window, select the vswitch that you want to edit, then click Properties. 4 In the vswitch Properties dialog box, select the network adapter to change the configured speed, then click Edit. 5 Select 1000Mb, Full Duplex. 6 In the Properties dialog box for the vswitch, click the Security tab. 7 In the Policy Exceptions pane, accept the Layer2 Security policy exception for Promiscuous Mode by selecting Accept. Placing a guest adapter in promiscuous mode causes it to detect all frames passed on the vswitch that are allowed under the VLAN policy for the port group to which the adapter is connected. 8 Click OK. Configuring the active NIC (VLAN trunk) 1 Log in to the VMware VI Client, then select the server from the inventory panel. The hardware configuration page for the server is displayed. 2 Click the Configuration tab, then click Networking. 3 Click the Add Networking link. 4 On the right side of Add Network Wizard screen, click Add Networking. The virtual switches are presented in an overview and details layout. 5 Accept the default connection type, Virtual Machines, then click Next. 6 In the Network Access screen, select Create a virtual switch, then click Next. 7 In the Connection Settings screen, enter 4095 in the VLAN ID field; the port group will receive network traffic from any VLAN while leaving the VLAN tags intact. 22 McAfee Asset Manager Sensor Installation Guide
Installing McAfee Asset Manager Sensor on VMware ESX servers Creating a virtual machine for the McAfee Asset Manager Sensor Creating a virtual machine for the McAfee Asset Manager Sensor 1 From the Virtual Center client, click Inventory in the navigation bar. 2 From the Inventory list, select the managed host to which you want to add the new virtual machine. 3 Select File > New > Virtual Machine. 4 In the New Virtual Machine wizard, select Custom, then click Next. 5 Type a virtual machine name, then click Next. 6 Select a folder, then click Next. 7 Select the resource pool from the list, then click Next. 8 Select a datastore, then click Next. 9 From the Guest operating system dropdown list, select Other, then click Next. 10 Set the number of virtual processors to be used by the virtual machine, then click Next. 11 Configure the virtual machine s memory size, then click Next. (The minimum recommended size is 1GB.) 12 Select the previously created networks to connect to by selecting the names of the networks (NIC 1 to Passive and NIC 2 to Active), select Connect to them at power on, then click Next. 13 Select the LSI Logic SCSI adapter to be used for the virtual machine. 14 Select the Virtual Disk type, then click Next. You can store virtual machine data in a new virtual disk, an existing virtual disk, or a mapped storage area network (SAN) logical unit number (LUN). To create a new virtual disk, you must select the size of the virtual disk. The minimum recommended size is 8 GB. 15 Specify a datastore location for the disk, then click Next. 16 Select the virtual device node and disk mode for the virtual disk. (SCSI(0:0)) 17 If you select Independent disk mode, select Persistent as the type (meaning that changes are immediately and permanently written to the disk). 18 Click Next, then click Finish. McAfee Asset Manager Sensor Installation Guide 23
Installing McAfee Asset Manager Sensor on VMware ESX servers Installing the software Installing the software McAfee Asset Manager Sensor can be installed on the virtual machine using either the McAfee Asset Manager installation CD-ROM or an ISO image file. 1 Using the Virtual Machine Settings editor, connect the virtual machine s CD-ROM drive to the ISO image file and power on the virtual machine. 2 Follow the instructions provided earlier in this guide to complete the installation. For details, refer to 3.2 Installing the McAfee Asset Manager Sensor on Dedicated Hardware. It may be necessary to change the boot order in the virtual machine BIOS so that the virtual machine attempts to boot from the CD/DVD drive/device before trying other boot devices. To do so, press F2 when prompted during the virtual machine startup. 24 McAfee Asset Manager Sensor Installation Guide
5 Accessing the McAfee Asset Manager Sensor This chapter describes how to access the McAfee Asset Manager Sensor. Contents Accessing the McAfee Asset Manager Sensor Accessing the McAfee Asset Manager Sensor Once the McAfee Asset Manager Sensor software has been installed, you are ready to access the application. If the McAfee Asset Manager Sensor is located behind a firewall, access to the IP address of the system using TCP ports 22 (SSH), 443 (web access), and 18000 (viewing topology data) must be allowed through the firewall in order to successfully access and use the system. 1 Using Microsoft Internet Explorer 7.x/8.x/9.x, browse to https://<ip address of the McAfee Asset Manager Sensor> and press <Enter>. The McAfee Asset Manager Sensor Login page is displayed. 2 Enter your username and password in the designated fields, then click Login. By default, the Dashboard module of McAfee Asset Manager Sensor is displayed. By default, one user account is defined in the system with administrative privileges, which allows the user to perform configuration changes (username admin). By default, the passwords for the admin user account is Password@5. To prevent unauthorized access, it is highly recommended that you change this password as soon as possible. McAfee Asset Manager Sensor Installation Guide 25
Accessing the McAfee Asset Manager Sensor Accessing the McAfee Asset Manager Sensor 26 McAfee Asset Manager Sensor Installation Guide
6 McAfee Asset Manager Sensor postinstallation configuration This chapter describes the MAM Sensor Post Installation Configuration. Contents Post-installation configuration Networking Network configuration Networking configuration verification McAfee Asset Manager Sensor Installation Guide 27
McAfee Asset Manager Sensor post-installation configuration Active network services detection (optional) DNS settings Topology discovery related configurations Define external network settings Active network services detection (optional) The McAfee Asset Manager Sensor can perform network services audit both passively and actively. Following the initial installation of the McAfee Asset Manager sensor, the active network services detection mechanism is disabled by default and should be explicitly enabled if needed. Enable active network services detection You can enable the active network services detection mechanism. 1 Select Audit on the module selection bar to display the Audit module. The Servers Audit tab is displayed. 2 Select Enable Active Network Services Detection. 3 Click Save. Deep audit (optional) Active Directory credentials (optional) Post-installation information verification Post-installation configuration This section describes the steps that need to be taken to configure the McAfee Asset Manager Sensor following installation, including the following configurations: Networking DNS Settings Topology Discovery related configuration SNMP community strings External networks (if needed) Deep Audit (optional) Credentials for probing an active directory server (optional) 28 McAfee Asset Manager Sensor Installation Guide
McAfee Asset Manager Sensor post-installation configuration Networking Networking After the initial installation, the McAfee Asset Manager Sensor is configured with a single active interface. You can perform additional networking configurations in the Configuration > Network > TCP/IP page of the McAfee Asset Manager Sensor GUI and verify their operation. The McAfee Asset Manager Sensor can be configured to use multiple passive and active NICs. The configuration is done in the Configuration > Network > TCP/IP page. Any changes made to the configuration of the network settings mandate a restart without persistency whereby the system starts recollecting information after it has restarted. The user must log in to the McAfee Asset Manager Sensor UI within 3 minutes after the system has restarted. This is to prevent a rollback to the previous configuration. If errors were included in the configuration changes, this mechanism allows reverting to the previous network configuration. Network configuration A user with the necessary permissions can configure any of the available network interfaces listed in the Network Connections table in the Interface column. The following types of network interfaces can be configured: Static: A static IP address is assigned to the NIC. Sub-interface: An additional IP address is assigned to the NIC. Trunk: The interface is connected to a switch trunk port. Trunk (Native): The interface is connected to a switch trunk port and is using the VLAN ID, which is designated as native (i.e., will not use the 802.1Q encapsulation for packets sent on the trunk). Disabled: The interface is disabled. Configure a passive interface This section describes how to configure a NIC to be used as a passive interface. 1 In the Configuration module, select the Network tab. 2 In the TCP/IP page, click the name of the interface to be configured as passive. The Connection Configuration window for the interface is displayed. 3 Set the interface type to Passive, then click Update. 4 Click Save, then restart the McAfee Asset Manager Sensor. You can configure all the required network interfaces and then save the configuration and restart. McAfee Asset Manager Sensor Installation Guide 29
McAfee Asset Manager Sensor post-installation configuration Network configuration Configure a static interface This section describes how to configure a static network interface, meaning that static IP address is assigned to the network interface card. 1 In the Configuration module, select the Network tab. 2 In the TCP/IP page, click the name of the interface to be configured as static. The Connection Configuration dialog box for the interface is displayed. 3 Set the interface type to Static. 4 Insert the IP Address, the Netmask, and the Default Gateway for this interface. 5 Click Update. 6 Click Save, then restart the McAfee Asset Manager Sensor. You can configure all the required network interfaces and then save the configuration and restart. Configure a trunked interface You can configure a network interface that is connected to a switch trunk port. 1 In the Configuration module, select the Network tab. 2 In the TCP/IP page, click on an interface you want to configure as trunk. The Connection Configuration window for the interface is displayed. 3 Set the interface type to Trunked, then click Update. 4 The interface type now has changed to Trunked. 5 To configure an interface on a specific VLAN click Trunked under the interface s type. The VLAN Settings window appears. 6 Fill in the VLAN ID with which this interface is to be associated, the IP Address, the Netmask, and the Default Gateway. 7 (Optional) If the VLAN ID associated with this interface is to be configured as the Native VLAN for this trunk, set Native VLAN to True. 8 Click Update to list the information. 9 Click Save, then restart the McAfee Asset Manager Sensor. You can configure all the required network interfaces and then save the configuration and restart. 30 McAfee Asset Manager Sensor Installation Guide
McAfee Asset Manager Sensor post-installation configuration Network configuration Configure a sub-interface You can configure a sub-interface, meaning that an additional IP address is assigned to the network interface card. 1 In the Configuration module, select the Network tab. 2 In the TCP/IP page, click the name of the interface under which the sub-interface is to be added. The Connection Configuration window for the interface is displayed. 3 Click Add Interface to add a sub-interface configuration for the interface you had selected. 4 Insert the IP Address, the Netmask, and the Default Gateway for this sub-interface. 5 Click Update. 6 Click Save, then restart the McAfee Asset Manager Sensor. Configure an interface as disabled You can configure a specific sub-interface as disabled. 1 In the Configuration module, select the Network tab. 2 In the TCP/IP page, click the name of the interface to be configured as disabled. The Connection Configuration window for the interface is displayed. 3 Set the interface type to Disabled, then click Update. 4 Click Save, then restart the McAfee Asset Manager Sensor. You can configure all the required network interfaces and then save the configuration and restart. Remove an interface configuration You can remove an interface configuration that is no longer valid. 1 In the Configuration module, select the Network tab. 2 In the TCP/IP page, select the checkbox of the interface you want to remove. 3 Click Remove Selected. 4 Click Save, then restart the McAfee Asset Manager Sensor. Edit the configuration If you have administrative privileges, you can access the Configuration > Network > TCP/IP page at any time and change the configuration of the network interfaces. Edit the configuration by clicking the interface name, then change the configuration. McAfee Asset Manager Sensor Installation Guide 31
McAfee Asset Manager Sensor post-installation configuration Networking configuration verification Networking configuration verification This section provides information on how to manually verify the correct configuration of the NICs. McAfee Asset Manager Sensor verifies the connectivity of the NICs defined as active when saving the configuration in the Configuration > Network > TCP/IP tab. Per active interface, the system tests the configuration by verifying whether the default gateway configured for the interface responds or not. If the default gateway does not respond, a yellow exclamation icon is displayed in the network configuration screen to flag the issue. Verify the initial network configuration This section describes how to verify the initial configuration of the active interface configured during the installation of the system. 1 Issue the ping command from the console (for example, against your default gateway s IP address) to confirm that the McAfee Asset Manager Sensor is successfully attached to the network. 2 If the ping command fails: Verify the configuration of the NIC by using the following command and examining its output (with the following example eth1 is the active NIC): root@mam:~# more /etc/network/interfaces auto lo iface lo inet loopback auto eth0 iface eth0 inet manual pre-up ifconfig eth0 up post-down ifconfig eth0 down auto eth1 iface eth1 inet static address 192.168.1.100 netmask 255.255.255.0 gateway 192.168.1.99 broadcast 192.168.1.255 If needed, reconfigure the active NIC using the pic3 command. Verify your new configuration by issuing the following command: more /etc/network/interfaces 32 McAfee Asset Manager Sensor Installation Guide
McAfee Asset Manager Sensor post-installation configuration Networking configuration verification Stop the McAfee Asset Manager Sensor software: monit stop all Stop the Linux operating system s networking services: /etc/init.d/networking stop Start the Linux operating system s networking services: /etc/init.d/networking start Start the McAfee Asset Manager Sensor software: monit start all Re-issue the ping command from the console (for example, against your default gateway s IP address) to confirm that the McAfee Asset Manager Sensor is successfully attached to the network. Verify the NIC configuration After completing the network configuration (in the McAfee Asset Manager Sensor Configuration > Network > TCP/IP screen), you can verify the configuration of the various NICs from the system s console. Multi-NIC configuration This section describes how to verify a multi-nic configuration. 1 Log in to the McAfee Asset Manager Sensor from its console or with SSH using the root credentials. 2 Issue the ifconfig command and view the output. The output needs to include at least three interfaces by default: eth1, eth0, and lo. If either eth0 or eth1 are not present, one of the NICs is not recognized by the installation. Replace the card and perform the installation again (it is recommended to use Intel-based NICs). One of the NICs should be assigned a static IP address; the second NIC must not have an IP address and should be configured in promiscuous mode. 3 View the output of the ifconfig command to verify that the interface that is configured in promiscuous mode passively receives traffic. Examine the RX bytes and TX bytes statistics for the network interface. The TX bytes (transmitted bytes) statistics should be zero (TX bytes: 0 (0.0 b)), where the RX bytes should show numbers (RX bytes:1289582104 (1.2 GiB)). Issue the ifconfig command again and verify these numbers progress. In the following example, eth0 is configured as the passive NIC. root@mam:~# ifconfig eth0 Link encap:ethernet HWaddr 00:03:47:07:60:B6 UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:159617863 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1289582104 (1.2 GiB) TX bytes:0 (0.0 b) McAfee Asset Manager Sensor Installation Guide 33
McAfee Asset Manager Sensor post-installation configuration Networking configuration verification eth1 Link encap:ethernet HWaddr 00:03:47:E1:2A:B8 inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3878650 errors:0 dropped:0 overruns:0 frame:0 TX packets:1267992 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:534027530 (509.2 MiB) TX bytes:223132911 (212.7 MiB) lo Link encap:local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:64474 errors:0 dropped:0 overruns:0 frame:0 TX packets:64474 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:5969910 (5.6 MiB) TX bytes:5969910 (5.6 MiB) The output displayed in this example matches a configuration of a single passive interface (eth0) and a single active interface (eth1). VLAN trunk configuration 1 Log in to the McAfee Asset Manager Sensor from its console or with SSH using the root credentials. 2 Issue the ifconfig command and view the output. The output needs to include at least three interfaces by default: eth1, eth0, and lo. If either eth0 or eth1 are not present, one of the NICs is not recognized by the installation. Replace the card and perform the installation again (it is recommended to use Intel-based NICs). One of the NICs should be configured as a VLAN Trunk. The interface should have sub-interfaces configured per-vlan (i.e., if the interface is eth1, its sub-interface for VLAN 3 would be eth1.3). All of the sub-interfaces should be each assigned a static IP address, where the interface itself must not be assigned an IP address. The second NIC must not have an IP address and should be configured in promiscuous mode. 3 View the output of the ifconfig command to verify that the interface which is configured in promiscuous mode passively receives traffic. Examine the RX bytes and TX bytes statistics for the network interface. The TX bytes (transmitted bytes) statistics should be zero (TX bytes: 0 (0.0 b)), where the RX bytes should show numbers (RX bytes:1289582104 (1.2 GiB)). Issue the ifconfig command again and verify these numbers progress. In the following example, eth0 is configured as the passive NIC. 34 McAfee Asset Manager Sensor Installation Guide
McAfee Asset Manager Sensor post-installation configuration Networking configuration verification root@mam:~# ifconfig eth0 Link encap:ethernet HWaddr 00:03:47:07:60:B6 UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:159617863 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1289582104 (1.2 GiB) TX bytes:0 (0.0 b) eth1 Link encap:ethernet HWaddr 00:03:47:07:60:B6 UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:159617863 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1489582104 (1.4 GiB) TX bytes:0 (0.0 b) eth1.3 Link encap:ethernet HWaddr 00:03:47:E1:2A:B8 inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3878650 errors:0 dropped:0 overruns:0 frame:0 TX packets:1267992 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:534027530 (509.2 MiB) TX bytes:223132911 (212.7 MiB) eth1.5 Link encap:ethernet HWaddr 00:03:47:E2:2B:B8 inet addr:192.168.2.100 Bcast:192.168.2.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3878650 errors:0 dropped:0 overruns:0 frame:0 TX packets:1267992 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:734027530 (709.2 MiB) TX bytes:573132911 (572.7 MiB) lo Link encap:local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 McAfee Asset Manager Sensor Installation Guide 35
McAfee Asset Manager Sensor post-installation configuration Networking configuration verification RX packets:64474 errors:0 dropped:0 overruns:0 frame:0 TX packets:64474 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:5969910 (5.6 MiB) TX bytes:5969910 (5.6 MiB) Active interface configuration testing This section describes how to test the configuration of the various active interfaces. Verify Multi-NIC configuration It is important to verify proper configuration of the active interface(s). 1 Issue the ping command from the console against a selected device on each subnet the McAfee Asset Manager Sensor is attached to using an active interface (for example, against your default gateway s IP address) to confirm that the McAfee Asset Manager Sensor is successfully attached to these networks. 2 If the ping command fails: Verify the configurationn of the NIC by using the following command and examining its output (in the following example eth1 is the active NIC): root@mam:~# more /etc/network/interfaces auto lo iface lo inet loopback auto eth0 iface eth0 inet manual pre-up ifconfig eth0 up post-down ifconfig eth0 down auto eth1 iface eth1 inet static address 192.168.1.100 netmask 255.255.255.0 gateway 192.168.1.99 broadcast 192.168.1.255 If needed, re-configure the active NIC using the pic3 command. Verify your new configuration by issuing the following command: more /etc/network/interfaces Stop the McAfee Asset Manager Sensor software: 36 McAfee Asset Manager Sensor Installation Guide
McAfee Asset Manager Sensor post-installation configuration Networking configuration verification monit stop all Start the Linux operating system s networking services: /etc/init.d/networking restart Start the McAfee Asset Manager Sensor software: monit start all Re-issue the ping command from the console (for example, against your default gateway s IP address) to confirm that the McAfee Asset Manager Sensor is successfully attached to the network. Verify VLAN trunk configuration It is important to verify proper configuration of the active NIC configured as a VLAN Trunk. 1 Issue the ping command from the console against a selected device on each subnet the McAfee Asset Manager Sensor is configured on (for example, against your default gateway s IP address) to confirm that the McAfee Asset Manager Sensor is successfully attached to the network. 2 Examine the output of the arp -a command. Each local IP address you have ping-ed should be represented with the output (meaning the local interface of that subnet is the one which had issued the packets). 3 If the ping command fails: Verify the configuration of the NIC by using the pic3 command. If needed, re-configure the active NIC using the pic3 command. Verify your new configuration by issuing the following command: more /etc/network/interfaces Stop the McAfee Asset Manager Sensor software: monit stop all Start the Linux operating system s networking services: /etc/init.d/networking restart Start the McAfee Asset Manager Sensor software: monit start all Re-issue the ping command from the console (for example, against your default gateway s IP address) to confirm that the McAfee Asset Manager Sensor is successfully attached to the network. Examine network traffic received by a passive interface(s) You can verify the configuration by examining the traffic received by a passive interface(s). 1 Log in to the McAfee Asset Manager Sensor from its console or with SSH using the root credentials. 2 Stop the McAfee Asset Manager Sensor software by issuing the following command: monit stop all McAfee Asset Manager Sensor Installation Guide 37
McAfee Asset Manager Sensor post-installation configuration Networking configuration verification 3 Use the command to save the traffic received by a passive interface: PCAP_USE_PFSRING=YES tcpdump xnvve s 2000 i <interface> w <filename> 4 Stop the tcpdump command by pressing CTRL+C. 5 Examine the traffic received by the interface using the following command: tcpdump xnvve s 2000 r <dumpfile name> more Problems with the configuration of the switch span port may stem from the following factors: If all of the destination IP addresses of the IP packets received target the IP address x.x.x.255, then the passive interface receives only broadcast traffic and the span port is not set correctly. Reconfigure the switch s span port and verify that the passive interface is properly attached to it. Perform the checks again to verify that the passive interface now receives the required traffic. The MAC addresses observed represents merely two devices. The span port is configured to mirror the traffic that passes between two routers. Reconfigure the switch s span port and verify that the passive interface is properly attached to it. Perform the checks again to verify that the passive interface now receives the required traffic. When no exceptions are detected in the network traffic received by the passive interface, restart the McAfee Asset Manager Sensor by issuing the following command: monit start all Visual identification of passive interface problems Improper configuration of the passive interface may be detected using the McAfee Asset Manager Sensor GUI, as follows: If multiple networks should be monitored by the passive interface but the inventory module shows devices from the active NIC s network only. If the only operating system detected under OS Summary is the McAfee Asset Manager Sensor. 38 McAfee Asset Manager Sensor Installation Guide
McAfee Asset Manager Sensor post-installation configuration DNS settings DNS settings You can verify the DNS settings in the Configuration Network DNS page. Configure DNS resolution The McAfee Asset Manager Sensor can be configured to resolve IP addresses to their respective DNS names, if these exist. 1 In the Configuration module, select the Network tab, then click DNS. 2 In the DNS Configuration page, select Enable DNS resolution, then and enter the IP address of the DNS in the DNS Server fields. 3 Click Save to apply and save the configuration. Topology discovery related configurations SNMP community strings The global and specific SNMP community strings are defined in the Configuration Topology tab. Configure SNMP In order for the McAfee Asset Manager Sensor to successfully discover the physical network topology of monitored networks, it must have SNMP read access to switches operating on the network. Various parameters essential for the physical network topology discovery process can be configured in the Configuration Topology Credentials page, including: The default SNMP protocol version and the exact SNMP read-only community string to use by default when a switch is detected (can be more than one). The IP address, the SNMP protocol version, and the exact SNMP read-only community string to use for specific switches not identified automatically by the system. The SNMP protocol version and/or the SNMP read-only community string to use when querying a specific switch. The SNMP protocol version and community string to use when sending SNMP traps from switches to the McAfee Asset Manager Sensor. The Topology Credentials page is also used to verify the information used to query a certain switch allows the McAfee Asset Manager Sensor to collect the required information. Queried switches must comply with SNMP MIB-II. Global Credentials table The Global Credentials table is used to configure the SNMP protocol version and community string to use by default when a new switch is detected by the system. A user can configure more than a single McAfee Asset Manager Sensor Installation Guide 39
McAfee Asset Manager Sensor post-installation configuration Topology discovery related configurations entry, as there may be multiple configurations and various SNMP protocol versions configured, by default, across a network. Global credentials entries are executed according to their order in the Global Credentials table. A higher entry is used before a lower entry. Add global credentials You can add credentials to the Global Credentials table. 1 Select Configuration on the module selection bar. The Topology tab of the Configuration module is displayed. 2 Click Credentials to display the SNMP Strings page. 3 Select the SNMP protocol version to use from the SNMP Version dropdown list, and enter the SNMP read-only community string to use in the Community String field. If required, enter additional relevant data such as username, password and passphrase. 4 Click Add. 5 Click Save. By default, the system is configured to use SNMP protocol version 1, with public as the default SNMP community string. Remove global credentials You can remove credentials from the Global Credentials table. 1 Select Configuration on the module selection bar. The Topology tab of the Configuration module is displayed. 2 Click Credentials to display the SNMP Strings page. 3 Select the global credentials entry to be removed, then click Remove. 4 Click Save. Determine the order of global credential entries You can change the order in which the global credential entries are executed by changing the order in which they appear in the Global Credentials table. A higher entry is used before a lower entry. 1 Select Configuration on the module selection bar. The Topology tab of the Configuration module is displayed. 2 Click Credentials to display the SNMP Strings page. 3 To change the order of the global credential, select the global credentials entry to be moved. 4 Click the up arrow or down arrow to change the location of the entry in the list, thereby changing the order of execution of the selected entry. 5 Click Save. 40 McAfee Asset Manager Sensor Installation Guide
McAfee Asset Manager Sensor post-installation configuration Topology discovery related configurations Switch Configuration table The Switches table includes the IP address, the SNMP protocol version, and the SNMP read-only community string of any switches manually configured by the user. It also includes the operating system of the switch, and indicates whether or not the switch was successfully queried by the system the last time the Topology Discovery process was run. A user can add an entry to the Switches table for any switch that was not identified by the system, and can configure the SNMP protocol version and community string to use when querying the switch. The default SNMP protocol version used by the system is version 1. The default SNMP read-only community string used by the system is public. Add a switch or edit switch information You can add an individual switch to the Individual Credentials table or edit existing switch information. 1 Select Configuration on the module selection bar. The Topology tab of the Configuration module is displayed. 2 Click Credentials button, then select the Switches link to display the Switches individual credentials page. 3 Add an entry for a switch (or change an existing entry) as follows: In the empty cells above the Switch IP Address header, enter the IP address of the switch. Select the SNMP version from the adjacent dropdown list. In the field above the Community String header, enter the SNMP read-only community string. Click Apply. The switch information is added. Click Save. Remove a switch from the Switches table You can remove a switch from the Switches table. 1 Select Configuration on the module selection bar. The Topology tab of the Configuration module is displayed. 2 Click Credentials button, then select the Switches link to display the Switches individual credentials page. 3 Select the entry to be removed from the Switches table, then click Remove. 4 Click Save. After a switch is added to the list of switches and the changes are saved, a Test button appears. Clicking the Test button verifies whether that the system can access the switch using the credentials listed. Test a switch For each switch entry in the Switch table list there is a Test button, which can be used to verify whether the system can access the switch using the SNMP credentials listed. McAfee Asset Manager Sensor Installation Guide 41
McAfee Asset Manager Sensor post-installation configuration Topology discovery related configurations 1 Select Configuration on the module selection bar. The Topology tab of the Configuration module is displayed. 2 Click Switches to display the Monitored Switches page. 3 In the Switches table, click the Test button for the switch that is to be tested. The McAfee Asset Manager Sensor probes the switch and an icon indicating the status of the test is displayed in the Test column as follows: A green icon,, indicates that the switch has been successfully queried and the SNMP credentials are correct. A yellow icon,, indicates that the switch has been successfully queried with the supplied SNMP community string credentials but that the necessary information for the physical network topology discovery process was not provided by the switch. A red icon,, indicates that the test has failed and that there is a problem with either the credentials listed for the switch or with access from the McAfee Asset Manager Sensor to the switch. Switches that were added manually can also be tested from Switches individual credentials section, located under the Configuration module, Topology tab under the switches link SNMP traps The SNMP Traps page is used to configure the SNMP protocol version and community strings to use when SNMP traps are to be sent from switches to the Sensor. Add SNMP trap credentials You can add SNMP trap credentials to the configuration. 1 Select Configuration on the module selection bar. The Topology tab of the Configuration module is displayed. 2 Click Credentials, then select the SNMP Traps page. 3 Select the SNMP protocol version from the SNMP dropdown list, and enter the SNMP read-only community string to use in the Community String field. If required, enter additional relevant data such as username, password and passphrase. 4 Click Add. 5 Click Save. Remove SNMP trap credentials You can remove SNMP trap credentials to the configuration. 1 Select Configuration on the module selection bar. The Topology tab of the Configuration module is displayed. 42 McAfee Asset Manager Sensor Installation Guide
McAfee Asset Manager Sensor post-installation configuration Define external network settings 2 Click Credentials, then select the SNMP Traps page. 3 Select the SNMP Traps credentials entry to be removed, then click Remove. 4 Click Save. Define external network settings Configuring a Management network (as an External network) is required in case switches are managed using a dedicated separate network that is not directly monitored by the McAfee Asset Manager Sensor. The McAfee Asset Manager Sensor can also be used as a Remote Sensor to monitor small external sites that are not covered by the span port of the local site in order to provide real-time visibility to those sites. This capability reduces the number of Sensors required for large organizations and eliminates the need to install a Sensor at each small remote branch. The Topology Ext. Networks page is used for configuring external networks to be monitored by McAfee Asset Manager Sensor, by providing the IP address of switches residing on the external network, or by providing the external network s subnet. Configure external networks by IP address You can configure the IP address of switches residing on the External network in the Ext. Networks IP Conf. page. 1 Select Configuration on the module selection bar. The Topology tab of the Configuration module is displayed. 2 Click Ext. Networks, then select IP Conf. to display the External Networks Configuration by IP Address list. 3 In the fields above the IP Address header, enter the IP address of the external switch. If the IP address of the switch is on a different subnet than the External network itself, enter the subnet in addition to the IP address. 4 Click Add. 5 Click Save. To delete an entry in the External Network Configuration table, select the checkbox, then click Remove. Configure external networks by subnet You can configure the IP address of switches residing on the External network in the Ext. Networks Subnet Conf. page. McAfee Asset Manager Sensor Installation Guide 43
McAfee Asset Manager Sensor post-installation configuration Active network services detection (optional) 1 Select Configuration on the module selection bar. The Topology tab of the Configuration module is displayed. 2 Click Ext. Networks, then select the Subnet Conf. link to display the External Networks Configuration by subnet page. 3 In the empty cells above the Subnet header, enter the external network ID and subnet mask. 4 Click Add. A Class C network is automatically added to the table. 5 Click Save. To delete an entry in the External Network Configuration table, select the checkbox for the row, then click Remove Selected. Active network services detection (optional) The McAfee Asset Manager Sensor can perform network services audit both passively and actively. Following the initial installation of the McAfee Asset Manager sensor, the active network services detection mechanism is disabled by default and should be explicitly enabled if needed. Enable active network services detection You can enable the active network services detection mechanism. 6 Select Audit on the module selection bar to display the Audit module. The Servers Audit tab is displayed. 7 Select Enable Active Network Services Detection. 8 Click Save. Deep audit (optional) The McAfee Asset Manager Sensor can be configured to perform deep auditing against VMware ESX servers, Microsoft Windows and *NIX-based operating systems. This audit function provides for Microsoft Windows and *NIX-based operating systems: A complete list of the hardware configuration per device The software installed per device Running processes/services per device Detection for all major virtualization platforms And other information This audit function provides for VMWare ESX the list of virtual guests running on the ESX server. 44 McAfee Asset Manager Sensor Installation Guide
McAfee Asset Manager Sensor post-installation configuration Deep audit (optional) The data collected supports multiple use cases such as: Verifying the installation of A/V software Listing devices lacking anti-spyware software Finding hardware which needs to be replaced (for example, CPU) Locating users installing non-authorized software Identifying software usage violations Correlation of virtual hosts with their respective virtualized guests (also done independently) The Credentials page of the Audit module is divided into three sub-pages: The auditing of Microsoft Windows-based devices is configured in the Credentials Windows page, as described in Microsoft Windows-based device auditing. The auditing of ESX-based devices is configured in the Credentials ESX page, as described in ESX virtual device auditing. The auditing of *NIX-based devices is configured in the Credentials Unix page, as described in Credentials for *NIX-based devices. Microsoft Windows-based device auditing In order for the McAfee Asset Manager Sensor to successfully audit a Microsoft Windows-based operating system, the following prerequisites need to be met: Domain(s) user account and rights Use an existing username with administrative privileges, or create a new user account under each of the Windows Domains you wish to audit: Make sure to unselect User must change password at next logon when creating the account. Associate the newly created user account with the Domain Admins group. Rights that need to be set manually Enable Administrative Shares: These shares are automatically created by default. If changed, these must include admin$. Rights that are set automatically The following rights are assigned by default to the newly created user account when associating the user account with the Domain Admins group: Allow log on through terminal services Create a pagefile Increase scheduling priority Perform volume maintenance tasks Profile single process Profile system performance McAfee Asset Manager Sensor Installation Guide 45
McAfee Asset Manager Sensor post-installation configuration Deep audit (optional) Take ownership of files or other objects Load and unload device drivers Back up files and directories Restore files and directories Create global objects Access this computer from the network Manage auditing and security log Impersonate a client after authentication Allow log on locally The Active Directory Server's running group policy must be updated (and populated) in order for the changes to take effect. Host machine Operating System: The host operating system should be running: Microsoft Windows 7 Microsoft Windows 2008 Microsoft Windows Vista Microsoft Windows 2003 Microsoft Windows XP Microsoft Windows 2000 Local Services: The following Local Services must be running on the host in order for it to be successfully probed: Remote Procedure Call (RPC) File & Print Sharing for Microsoft Networks Server Windows Management Instrumentation Local Shares The admin$ share must be available. TCP Services TCP port 139 must be remotely accessible to the McAfee Asset Manager system. Firewall RPC-based connections must be allowed if a personal firewall is installed. Anti-Malware 46 McAfee Asset Manager Sensor Installation Guide
McAfee Asset Manager Sensor post-installation configuration Deep audit (optional) Anti-malware programs should not block the execution of the probe. *NIX-based device auditing In order for the McAfee Asset Manager Sensor to successfully audit a *NIX-based operating system, the following prerequisites need to be met: The SSH network service must be installed, running, and reachable on the target device The SFTP component of the SSH server must be enabled Perl 5 must be installed on the target device Proper login credentials are to be provided: *NIX-based operating systems require the usage of a username with root privileges in order to perform this type of audit. Some are configured to disallow such users from remotely login in to the system. Therefore, in some cases, two sets of user credentials are to be provided, one for remotely login in to the device, and one for collecting the audit information. The underlying *NIX operating system should be one of the following: Redhat Linux or one of its derivatives SuSE Linux or one of its derivatives Debian Linux or one of its derivatives Sun Solaris 8, 9, 10, 11 IBM AIX 5.x, 6.x HPUX 10.x, 11.x FreeBSD 6.x, 7.x, 8.x ESX virtual device auditing In order for the McAfee Asset Manager Sensor to successfully audit virtual ESX devices, the following prerequisites need to be met: Proper administrative credentials are to be provided The underlying ESX operating system should be running at least version 3.5 Port 443 must be reachable from the Sensor Audit module configuration The Credentials tab of the Audit module is divided into three pages: Windows, UNIX and ESX. Configure credentials for Microsoft Windows-based devices You can configure the credentials for McAfee Asset Manager Sensor auditing of Microsoft Windowsbased devices. 1 Select Audit on the module selection bar, then select the Audit tab. McAfee Asset Manager Sensor Installation Guide 47
McAfee Asset Manager Sensor post-installation configuration Deep audit (optional) 2 Click Credentials to display the Credentials > Windows page. 3 Select Enable Deep Audit. 4 Set the frequency at which the auditing process is to be run by entering the required number of hours/minutes in the designated field. (The default setting is for every 12 hours). When the deep audit function is enabled, any device classified as either Microsoft Windows-based, ESX or *NIX based that was not audited in the last run of the Audit process will be audited as soon as the classification is made. 5 Configure the credentials auditing parameters as follows: Select Per Host Name (for a single device) or Per Domain (for all devices belonging to a specific windows domain) or Generic (for generic credentials whether for a domain device or for a single host) from the Add Credentials for dropdown list. Enter the user name and password in the designated fields. If you are adding credentials for a Host name, enter the host name in the Name field. OR If you are adding credentials for a Domain, enter the domain name in the Name field. OR If you are adding Generic credentials, this field is automatically populated by the system. 6 Click Add. The Host, Domain, or the Generic credentials are added to the Credentials list. To remove an entry from the Credentials list, select the entry in the list, then click Remove Selected. Credentials for *NIX-based devices You can configure the credentials for McAfee Asset Manager Sensor auditing of *NIX-based devices. 1 Select Audit on the module selection bar, then select the Audit tab. 2 Click Credentials and then Unix to display the Credentials Unix page. 3 Select Enable Deep Audit. 4 Set the frequency at which the auditing process is to be run by entering the required number of hours/minutes in the designated field. (The default setting is every 12 hours.) When the deep audit function is enabled, any device classified as either Microsoft Windows-based, ESX or *NIX based that was not audited in the last run of the Audit process will be audited as soon as the classification is made. 5 Configure the credentials auditing parameters as follows: Select IP or MAC address or Hostname to configure credentials per a single device or Generic for generic credentials from the Add Credentials for dropdown list. Enter the user name and password in the designated fields. 48 McAfee Asset Manager Sensor Installation Guide
McAfee Asset Manager Sensor post-installation configuration Deep audit (optional) If the credentials entered are not of a privileged user, enter a username and password of a privileged user under priv. Username and priv. Password. 6 Click Add. The IP, MAC, Hostname or the Generic credentials are added to the Credentials list. To remove an entry from the Credentials list, select the entry in the list, then click Remove Selected. Configure credentials for ESX virtual devices You can configure the credentials for McAfee Asset Manager Sensor auditing of *ESX-based devices. 1 Select Audit on the module selection bar, then select the Audit tab. 2 Click Credentials, then click ESX to display the Credentials ESX page. 3 Select Enable Deep Audit. 4 Set the frequency at which the auditing process is to be run by entering the required number of hours/minutes in the designated field. (The default setting is for every 12 hours). When the deep audit function is enabled, any device classified as either Microsoft Windows-based, ESX or *NIX based that was not audited in the last run of the Audit process will be audited as soon as the classification is made. 5 Configure the credentials auditing parameters as follows: Select IP or Hostname to configure credentials per a single device. Enter the user name and password in the designated fields. 6 Click Add. The IP or hostname is added to the Credentials list. To remove an entry from the Credentials list, select the entry in the list, then click Remove Selected. Define the Exclude list The Exclude List contains the IP addresses and network subnets that are to be excluded from the deep auditing process. The Audit Exclude List is displayed in the Exclude List page of Audit tab. 1 Select Audit on the module selection bar, then select the Audit tab. 2 Click Exclude List to display the Exclude List. 3 To exclude a single IP address, enter the IP address to be excluded in the empty cell above the IP Address. In the fields above the Network Mask, enter 255.255.255.255. 4 To exclude an IP subnet, enter the network IP address in the empty cell above IP column header. In the fields above the Network Mask, enter the network mask of the IP subnet. 5 Click Add. The IP address or subnet is added to the Audit Exclude list. McAfee Asset Manager Sensor Installation Guide 49
McAfee Asset Manager Sensor post-installation configuration Active Directory credentials (optional) To remove an entry from the Exclude List, select the entry in the list, then click Remove Selected. Initiate an audit You can manually initiate the audit process at any time. 1 Select Audit on the module selection bar, then select the Audit tab. The Status page of the Audit module is displayed. The OS Audit Summary page lists the information regarding the status of the audit process and the statistics of a previous run per operating system. 2 To run the audit process, click Discover. The status of the audit process changes to Running. View the auditing report The auditing report lists the IP Address, Mac address, time, status and a description of auditing events. 1 Select Audit on the module selection bar, then select the Audit tab. 2 Click Report. 3 On the Report page, select the operating system (for example, Windows, Unix or ESX) for which you want to review the report. Active Directory credentials (optional) You can add an Active Directory server on the Active Directory page. 1 In the Credentials tab of the Configuration module, select the Active Directory page. 2 Set the following parameters in the fields immediately above the respective headers: Name: The name of the server. IP Address: The IP address of the server. Port: The TCP port number used to access the server (usually TCP port 389). Username: The display name of the user used to access the server. Make sure you use the Display Name of the user and not the User Logon Name. Password: The password used to access the server. FQDN: The fully qualified domain name of the domain managed by the Active Directory server (for example, il.myorg.com). 50 McAfee Asset Manager Sensor Installation Guide
McAfee Asset Manager Sensor post-installation configuration Configure wireless networks (optional) Path: The path under the active directory server where the privileged user s definitions are found. For example: CN=Users The default location under the Users container OU=<Directory> When the user is defined under a directory other than Users OU=<Directory>, OU=<Directory> When the user is defined under a directory other than Users and the directory has several levels Test: A test button used to verify configuration. The test button appears only after clicking the Save button. 3 Click Add. The new authentication server is added to the respective list after a configuration validation process has been performed. If validation fails, an icon indicates that the test failed. 4 Repeat for additional servers, as required. 5 Click Save. Configure wireless networks (optional) When the McAfee Asset Manager Sensor is installed on a host with a supported wireless card, the wpaconf utility identifies automatically that there are wireless cards on the host and enables you to configure the wireless networks. 1 In the Wireless Network Configuration screen (shown before the Initial IP Configurator screen), select the interface you want to configure. 2 Specify the network ESSID and encryption in one of these ways: Select Scan to scan for availabled networks, then select the network that is required. The correct ESSID and encryption type are automatically copied into the ESSID and Encryption fields. Type the ESSID and encryption type in the designated fields. 3 Select Configure Encryption, then provide the information required to connect to the network: For WEP encryption, the WEP keys must be entered as hexadecimal strings of the appropriate length for 128bit or 40/64 bit keys. The network administrator is responsible for providing these strings. For WPA/WPA2-PSK encryption, the network administrator must provide the correct shared key. If the wireless network is a WPA/WPA2-Enterprise network, then it must be manually configured per the exact enterprise settings and the relevant required configuration. For additional information, see the wpasupplicant documentation supplied in /usr/share/doc/wpasupplicant/, as well as the wpasupplicant main page. The wpaconf utility supports configuring networks with either no encryption, WEP or WPA/WPA2-PSK encryption. The Configure Encryption button is disabled for a network with no encryption. 4 Select Finish. The wpaconf utility sets up the connection to the wireless network (the user can configure the IP using the regular pic3 program). 5 Repeat for additional wireless cards and networks as required. McAfee Asset Manager Sensor Installation Guide 51
McAfee Asset Manager Sensor post-installation configuration Post-installation information verification Only one wireless network is supported on one wireless card at the same time. Post-installation information verification The McAfee Asset Manager Sensor collects profiling information about the network, its devices, and the users using the network in real-time. The initial discovery of assets (i.e., host detection) operating on provisioned networks takes only a few minutes. Each detectable parameter, such as profiling information, physical network topology, or audit information, may take its own time to be identified per asset type due to the nature of operation of the algorithm and the process in-charge of the specific information detection for the detectable parameter. The initial "cycle" of discovery may take only a few minutes or up to an hour. After the initial cycle of discovery is complete, the following parameters should be verified: Provisioning of all subnets (subnet detection information) Detection of all switches Physical network topology schema Windows OS Audit operation Profiling of all devices Verify subnet information Verifying the subnet information ensures that the McAfee Asset Manager Sensor is operating against all known networks within the enterprise network. 1 Select Configuration on the module selection bar to display the Configuration module. 2 In the Configuration module, select the Subnets tab. The Subnets tab is displayed. 3 View the list of detected subnets under Detected Network > Monitored Network. 4 If an address space is missing from the list of detected networks under monitor network, verify the span configuration to make sure that traffic on the missing subnet is actually being monitored. Verify detected switches This section describes how to view the list of detected switches and verify that switches are being properly identified. 1 Select Inventory on the module selection bar to display the Inventory module. 2 In the Inventory tab, search for switches using the keyword switch. The list of identified switches is displayed. 52 McAfee Asset Manager Sensor Installation Guide
McAfee Asset Manager Sensor post-installation configuration Post-installation information verification The list of switches includes devices identified as switches by both the profiling process and the physical network topology process. OR Select Inventory on the module selection bar to display the Inventory module. 3 In the Inventory tab, search for manufactures of switches (i.e., Juniper). 4 View the result list and verify that for each of the listed items identified by the profiling process as a switch device, the capability listed is also of a switch (denoted by S). If the result list includes devices not identified as switches by the McAfee Asset Manager Sensor (where you know they are switches), select the Configuration Topology Switches page (Monitored and External) to view the result of the last physical network topology discovery process, and the reasons why those devices were not probed. In the Switches page, configure SNMP read-only access to switches, and test the configuration verifying that the McAfee Asset Manager Sensor can now successfully probe these devices. If the profiling information of devices you recognize as switches is set to unknown, use the McAfee Asset Manager Sensor s profiling generating capabilities to introduce the appropriate profile for the device (refer to Profile Alignment). Run the physical network discovery process again to verify any new configurations by clicking Discover in the Configuration Topology Summary page. Verifying the physical network topology schema This section describes how to verify the physical network topology schema 1 Select Topology on the module selection bar to display the Topology module. 2 Examine the network architecture presented. When an issue is detected in the physical network topology schema, it is usually a result of a failed SNMP query against a number of switches. 3 Use the Inventory module to locate those switches, and the Configuration Topology tabs to configure appropriate SNMP community string(s). In some cases an access list may prevent querying some switches. These ACLs must be configured to allow the IP address of the McAfee Asset Manager Sensor to successfully query the switch(es). Verify the deep audit process results This section describes how to verify the results of the deep audit process. 1 Select Audit on the module selection bar to display the Audit module. 2 In the Audit module, select the Audit tab. 3 View the OS Audit Summary table to determine whether the audit process has been successful. McAfee Asset Manager Sensor Installation Guide 53
McAfee Asset Manager Sensor post-installation configuration Post-installation information verification 4 In case of many failures, click Reports to view the Reports page. 5 In the Reports page, you can look for the failure cause and determine how to resolve these issues (such as wrong credentials for querying Microsoft Windows-based devices). 6 Perform adjustments, if needed, and re-run the audit process to verify successful implementation of any changes. Partial verification of the execution of the Windows OS Audit can be performed using the Inventory module where service pack, hot fix information and other parameters should be visible when searching for Microsoft Windows-based devices. Profile alignment By default, the McAfee Asset Manager Sensor can identify hundreds of different operating system profiles. If a certain device s operating system profile is not identified, the automatic operating system profile generator mechanism can be used. This mechanism allows operating system profiles to be introduced into the system in an intuitive and easy manner. After a custom operating system profile is created, it can be used to identify other unknown devices whose operating systems match the newly created operating system profile. To search for an unknown device, in the Inventory module, use the keyword unknown to list any unidentified devices. Generating a profile This section describes how to generate an operating system profile, which can then be used to identify other unknown devices based on the characteristics of their operating systems. 1 In the main page of the Inventory module, right-click an unknown device in the Inventory list and select Generate OS Profile. 2 In the Operating System area, set the following parameters: OS Family: The operating system family name (for example, Microsoft Windows). OS Type: The exact type of the operating system (for example, XP). OS Additional Info (optional): Additional information, if applicable (for example, Service Pack 3). Appliance (optional): If the device is an appliance, select Appliance (for example, Linksys wireless access point). 3 (Optional) In the Capabilities area, select the checkboxes for the relevant capabilities. 4 Click Save. The operating system automatic profile generator process begins executing. If the operating system profile is successfully generated, a new operating system profile is created and a popup message indicates that process has been successfully completed. The device s operating system name now reflects the name of the newly added operating system profile. The newly created OS profile is listed in the OS Profiles tab of the Audit module. If, for some reason, the operating system profile generation process fails, an error message is displayed on the screen. 54 McAfee Asset Manager Sensor Installation Guide
McAfee Asset Manager Sensor post-installation configuration Post-installation information verification 5 To apply the new profile against unknown devices in the Inventory list, reschedule the operating system identification process by clicking the Reschedule button in the OS Profiles tab of the Audit module. 6 Any unknown devices that match the new operating system profile are identified. For devices being attached to the enterprise network, new profiles are part of the profile database used to identify a device. McAfee Asset Manager Sensor Installation Guide 55
7 Remote sensor settings (optional) This chapter describes the Remote Sensor settings. Contents McAfee Asset Manager remote sensor Remote sensor configuration SNMP traps and informs McAfee Asset Manager remote sensor McAfee Asset Manager Sensor can remotely monitor small external networks, not belonging to the same physical LAN on which the Sensor resides. External networks are not mirrored on the SPAN port connected to the passive interface of the Sensor. Configuring external networks allows reducing the number of Sensors required for large organizations deployment, and eliminates the need to install a Sensor at each and every small remote branch. Remote sensor requirements Layer-3 Routing to the remote site Unblocked network access to the remote site and all its hosts The remote site should not be using NAT Read-only SNMP community string(s) for allowing access to managed switches operating on the remote network For managed switches operating on the remote network, enable sending SNMP traps to the McAfee Asset Manager Sensor Remote sensor configuration This section describes the requirements and necessary configuration for setting up the centralized McAfee Asset Manager Sensor as a Remote Sensor: The McAfee Asset Manager Sensor must have Layer-3 routing to the remote site and all its hosts The remote site should not be using NAT The McAfee Asset Manager Sensor needs to refer to the External network Subnet or IP (for more information about how to apply these settings, refer to Verify subnet information and Verify detected switches). McAfee Asset Manager Sensor Installation Guide 57
Remote sensor settings (optional) SNMP traps and informs Switches on external sites should be configured to send SNMP traps or informs (for more information about how to apply these settings, refer to Configure SNMP). The McAfee Asset Manager Sensor should be configured to to receive SNMP traps or informs sent by external switches. SNMP traps and informs A Remote Sensor can provide real-time visibility of external sites. To do so, it must use SNMP traps or informs sent from switches located in the external sites. There are specific SNMP traps/informs that should be sent from the switches. Accordingly, McAfee Asset Manager Sensor must be configured to receive SNMP Traps and informs using relevant SNMP credentials. These SNMP Traps or informs must be configured on the external site switches: SNMP-server linkup SNMP-server link-down 1 Select Configuration on the module selection bar. 2 In the Topology tab, click the Credentials button, then select the SNMP Traps link to display the SNMP Traps table. 3 Use the SNMP trap credentials configured in the Sensor when configuring the external site switches to send traps/informs to the Sensor. Figure 2: Remote McAfee Asset Manager Sensor deployment 58 McAfee Asset Manager Sensor Installation Guide