10.2. Auditing Cisco PIX Firewall with Quest InTrust



Similar documents
Quest ChangeAuditor 5.0. For Windows File Servers. Events Reference

Foglight for SQL Server

An Introduction to Toad Extension for Visual Studio. Written By Thomas Klughardt Systems Consultant Quest Software, Inc.

Direct Migration from SharePoint 2003 to SharePoint 2010

Go Beyond Basic Up/Down Monitoring

Secure and Efficient Log Management with Quest OnDemand

Eight Best Practices for Identity and Access Management

Taking Unix Identity and Access Management to the Next Level

Migrating Your Applications to the Cloud

Quest Management Agent for Forefront Identity Manager

Dell InTrust Preparing for Auditing Cisco PIX Firewall

Using Stat with Custom Applications

How to Use Custom Site Templates and Definitions supporting Corporate look-and-feel

Enterprise Single Sign-On 8.0.3

2007 Quest Software, Inc. ALL RIGHTS RESERVED. TRADEMARKS. Disclaimer

Enterprise Single Sign-On Installation and Configuration Guide

6.0. Planning for Capacity in Virtual Environments Reference Guide

Proactive Performance Management for Enterprise Databases

Toad for Oracle Compatibility with Windows 7 Revealed

How to Use Custom Site Templates and Definitions supporting Corporate look-and-feel

Key Methods for Managing Complex Database Environments

Six Steps to Achieving Data Access Governance. Written By Quest Software

How Password Lifecycle Management Can Save Money and Improve Security

An Innovative Approach to SOAP Monitoring. Written By Quest Software

Quest Site Administrator 4.4

Quest One Privileged Account Appliance

The Active Directory Recycle Bin: The End of Third-Party Recovery Tools?

8.0. Quick Start Guide

The Case for Quest One Identity Manager

Top Seven Tips and Tricks for Group Policy in Windows 7

The Active Directory Management and Security You ve Always Dreamed Of

Quest Application Performance Monitoring Implementation Methodology

SharePoint Nine Key Features

Desktop to Cloud. Browser Migration in the Enterprise. Written By Quest Software, Inc.

6.5. Web Interface. User Guide

Quest Support: vworkspace Troubleshooting Guide. Version 1.0

Dell InTrust Preparing for Auditing CheckPoint Firewall

Image-Based Data Protection: Simply Better Data Protection

Five Tips for Effective Backup and Recovery in Virtual Environments

8.6 Migrating to Exchange 2010

2009 Quest Software, Inc. ALL RIGHTS RESERVED. Trademarks. Disclaimer

formerly Help Desk Authority Quest Free Network Tools User Manual

Moving to the Cloud : Best Practices for Migrating from Novell GroupWise to Microsoft Exchange Online Standard

Benchmark Factory for Databases 6.5. User Guide

Are You Spending More than You Realize on Active Directory Management?

2010 Quest Software, Inc. ALL RIGHTS RESERVED. Trademarks. Third Party Contributions

Protecting and Auditing Active Directory with Quest Solutions

Authentication Services 4.1. Authentication Services Single Sign-on for SAP Integration Guide

SHAREPOINT Best Practices for Preparing for SharePoint Migrations. Colin Spence IN FOUR EASY STEPS. Written by

Foglight Foglight Experience Viewer (FxV) Upgrade Field Guide

Foglight. Managing Java EE Systems Supported Platforms and Servers Guide

How to Use Custom Site Templates and Definitions supporting Corporate look-and-feel

Exchange 2010 and Your Audit Strategy

Achieving ISO/IEC Compliance with Quest One Solutions for Privileged Access. Written By Quest Software, Inc.

Foglight for Oracle. Managing Oracle Database Systems Getting Started Guide

Foglight Managing SQL Server Database Systems Getting Started Guide. for SQL Server

Enterprise Single Sign-On. The Holy Grail of Computing

Spotlight on SQL Server 7.0. Reporting and Trending Guide

4.0. Offline Folder Wizard. User Guide

IT Consolidation in the Public Sector: How to Achieve IT Optimization

Quest Site Administrator 4.4

The Quest Cloud Automation Platform

Quest SQL Optimizer 6.5. for SQL Server. Installation Guide

Spotlight Management Pack for SCOM

Foglight Managing SQL Server Database Systems Getting Started Guide. for SQL Server

FOR WINDOWS FILE SERVERS

ChangeAuditor 5.6. For Windows File Servers Event Reference Guide

Top Five Reasons to Choose Toad Over SQL Developer

Authentication Services 4.1. Mac OS X Administrator's Guide

A Governance Guide for Hybrid SharePoint Migrations. Written By Chris Beckett Information Systems Architect and SharePoint Solutions Specialist

Dell Spotlight on Active Directory Server Health Wizard Configuration Guide

ChangeAuditor 6.0 For Windows File Servers. Event Reference Guide

Dell One Identity Cloud Access Manager How to Configure vworkspace Integration

Foglight. Dashboard Support Guide

How to Use Custom Site Templates and Definitions supporting Corporate look-and-feel

System Requirements and Platform Support Guide

Foglight. Foglight for Virtualization, Enterprise Edition 7.2. Virtual Appliance Installation and Setup Guide

Best Practices for SharePoint Development and Customization

Enterprise Single Sign-On Getting Started with SSOWatch

for Oracle User Guide

Quest ChangeAuditor 5.1 FOR ACTIVE DIRECTORY. User Guide

Quest One Password Manager

Quest vworkspace Virtual Desktop Extensions for Linux

Best Practices Guide for IT Governance & Compliance

DATA GOVERNANCE EDITION

Spotlight on Messaging. Evaluator s Guide

Controlling & Managing Super User Access

2.0. Quick Start Guide

8.0. Forest Edition. Deployment Guide

Defender Delegated Administration. User Guide

Quest Collaboration Services 3.5. How it Works Guide

Desktop Virtualization: Best Bet for a Dwindling IT Budget?

Quick Connect Express for Active Directory

Migrating Lotus Notes Applications to Microsoft Office 365 and SharePoint Online

Introduction to Version Control in

Spotlight Management Pack for SCOM

formerly Help Desk Authority HDAccess Administrator Guide

Foglight Cartridge for Active Directory Installation Guide

2010 Quest Software, Inc. ALL RIGHTS RESERVED. Trademarks. Third Party Contributions

Transcription:

10.2 Auditing Cisco PIX Firewall with Quest InTrust

2010 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser s personal use without the written permission of Quest Software, Inc. The information in this document is provided in connection with Quest products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Quest products. EXCEPT AS SET FORTH IN QUEST'S TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, QUEST ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL QUEST BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF QUEST HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Quest makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Quest does not make any commitment to update the information contained in this document. If you have any questions regarding your potential use of this material, contact: Quest Software World Headquarters LEGAL Dept 5 Polaris Way Aliso Viejo, CA 92656 www.quest.com e-mail: info@quest.com Refer to our Web site for regional and international office information. TRADEMARKS Quest, Quest Software, the Quest Software logo, AccessManager, ActiveRoles, Aelita, Akonix, Benchmark Factory, Big Brother, BridgeAccess, BridgeAutoEscalate, BridgeSearch, BridgeTrak, BusinessInsight, ChangeAuditor, CI Discovery, Defender, DeployDirector, Desktop Authority, Directory Analyzer, Directory Troubleshooter, DS Analyzer, DS Expert, Foglight, GPOADmin, Help Desk Authority, Imceda, IntelliProfile, InTrust, Invirtus, itoken, JClass, JProbe, LeccoTech, LiteSpeed, LiveReorg, LogADmin, MessageStats, Monosphere, NBSpool, NetBase, NetControl, Npulse, NetPro, PassGo, PerformaSure, Point, Click, Done!, Quest vtoolkit, Quest vworkspace, ReportADmin, RestoreADmin, ScriptLogic, SelfServiceADmin, SharePlex, Sitraka, SmartAlarm, Spotlight, SQL Navigator, SQL Watch, SQLab, Stat, StealthCollect, Storage Horizon, Tag and Follow, Toad, T.O.A.D., Toad World, vautomator, vconverter, vecoshell, VESI,vFoglight, vpackager, vranger, vspotlight, vstream, vtoad, Vintela, Virtual DBA, VizionCore, Vizioncore vautomation Suite, Vizioncore vessentials, Vizioncore vworkflow, WebDefender, Webthority, Xaffire, and XRT are trademarks and registered trademarks of Quest Software, Inc in the United States of America and other countries. Other trademarks and registered trademarks are property of their respective owners. Quest InTrust Updated March 5, 2010 Software version 10.2

CONTENTS Introduction... 3 Auditing Cisco PIX Firewall with InTrust... 4 About Quest Software, Inc.... 6 Contacting Quest Software... 6 Contacting Quest Support... 6 i

Auditing and Monitoring Microsoft IIS Introduction InTrust has built-in support for Cisco PIX Firewall auditing. The necessary data is provided by the Cisco PIX log in plain text format. Use the following InTrust objects to work with data related to Cisco PIX Firewall: Cisco PIX text Log data source Cisco PIX Firewall: All Events gathering policy Cisco PIX Firewall: All Events import policy Cisco PIX Firewall log daily collection task Cisco PIX Firewall weekly reporting task All syslog servers for Cisco PIX firewalls site InTrust also provides a Cisco PIX report pack (for the full list of reports, refer to the InTrust 10.2 Reports for Firewalls document). You can schedule the reports with the Cisco PIX Firewall weekly reporting task. 3

Quest InTrust 10.2 Auditing Cisco PIX Firewall with InTrust The predefined Cisco PIX data source works with Cisco PIX Firewall log data in ASCII format. The log files are located on a Syslog server, which receives Syslog messages from the Cisco PIX Firewall computer. The data source works with the following log formats: 1. <date/time> <facility>.<severity> <hostname> <message> 2. <date>,<time>,<host>,<facility>,<severity>,<datetime_generated>: <message> An example of a message in the log is as follows: %PIX-6-605005: Login permitted from 192.168.0.3/2629 to inside:192.168.0.1/https for user "enable_15" The format depends on the syslogd daemon used and its settings. You may need to change the data source to suit your log format. To configure gathering of the Cisco PIX Firewall log 1. On the Cisco Firewall computer, configure sending of Syslog messages to a Syslog server, which will act as an intermediary computer. For detailed information about the settings, see Cisco PIX documentation. 2. Install the InTrust agent on the Syslog server to gather the log. The agent is not required if the log files are located in a share on a Windows computer or an SMB share on a Unix computer. 3. In InTrust Manager, edit the Cisco PIX data source. Specify the log file name and location; you can use regular expressions and wildcards. If you want to gather without an agent, specify the path using the %COMPUTER_NAME% variable and a share name (\\%COMPUTER_NAME%\share_name). 4

Auditing and Monitoring Microsoft IIS 4. Make sure the All Syslog servers for Cisco PIX firewalls site includes the intermediary computer. If the log is located in an SMB share on a Unix host, and you want to gather the log without an agent, you need to manually create a site under the Microsoft Windows Network node, and include the Unix computer in it. This is necessary because InTrust currently supports gathering from network shares only in Microsoft Windows Environment sites; this workaround makes InTrust aware of the share even though the processed computer is not actually running Windows. 5. Schedule the Cisco PIX Firewall log daily collection task. Make sure the gathering job within this task uses the Cisco PIX Firewall: All Events gathering policy. For agentless gathering from an SMB share on a Unix host, you need to create a separate gathering policy under the Gathering Gathering Policies Microsoft Windows Network node and use the policy in the gathering job instead of Cisco PIX Firewall: All Events. In this scenario, the Use agents to execute this job on target computers option must be turned off for the gathering job. 6. Schedule the Cisco PIX Firewall log weekly reporting task. Configure the reporting job within this task to create the reports you need. 5

Quest InTrust 10.2 About Quest Software, Inc. Now more than ever, organizations need to work smart and improve efficiency. Quest Software creates and supports smart systems management products helping our customers solve everyday IT challenges faster and easier. Visit www.quest.com for more information. Contacting Quest Software Phone 949.754.8000 (United States and Canada) Email info@quest.com Mail Quest Software, Inc. World Headquarters 5 Polaris Way Aliso Viejo, CA 92656 USA Web site www.quest.com Please refer to our Web site for regional and international office information. Contacting Quest Support Quest Support is available to customers who have a trial version of a Quest product or who have purchased a Quest product and have a valid maintenance contract. Quest Support provides unlimited 24x7 access to SupportLink, our self-service portal. Visit SupportLink at http://support.quest.com/ From SupportLink, you can do the following: Retrieve thousands of solutions from our online Knowledgebase Download the latest releases and service packs Create, update and review Support cases View the Global Support Guide for a detailed explanation of support programs, online services, contact information, and policy and procedures. The guide is available at: http://support.quest.com. 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information