McAfee Vulnerability Manager on RSP

Deployment Guide McAfee Vulnerability Manager on RSP Deployment Guide Riverbed Technical Marketing

MVM ON RSP DEPLOYMENT GUIDE Introduction McAfee Vulnerability Manager (MVM) provides fast, precise, and complete insights into vulnerabilities on all of your networked assets. Easy-to-implement, Vulnerability Manager readily scales to suit networks from hundreds to millions of nodes. Nonstop global research helps you stay ahead of evolving threats and new vulnerabilities. The MVM architecture consists of a backend server that resides in the data center along with scan engines residing at each branch office. Vulnerability scans are kicked off at the backend server but are performed by the scan engines. The scan engines will then scan a list of target machines for potential vulnerabilities and report the results to the backend server. With Steelhead the communication between the scan engines and the backend server will be fully optimized, and with RSP a scan engine can be added to any branch office without adding any additional hardware. This deployment guide details the steps to deploy a MVM solution with a scan engine running on RSP. Required Software and Hardware McAfee Vulnerability Manager software. A free trial is available. Windows Server 2003 (Windows Server 2008 is not supported) RiOS 5.5 or later RSP 5.5 or later 2 GB of available RSP memory 20 GB of available RSP disk space Topology Details MVM Scan Engine on RSP Data Center WAN Branch Office MVM Backend Server Creating the Virtual Machine The RSP Package Creation Guide details the steps necessary to create a virtual machine. Create the virtual machine with these properties: 2 network cards 2 GB of memory 20 GB of pre-allocated hard disk space After creating the Virtual Machine install Windows Server 2003 on it using the normal installation procedures. MVM requires Windows 2003 SP2 so after installation run Windows Update and make sure SP2 is installed. Once Windows Server 2003 is installed and fully updated, follow the instructions below to install the MVM scan engine on this new virtual machine. 2011 Riverbed Technology. All rights reserved. 1

1. After starting up the MVM install wizard and stepping through the initial screens, select Advanced 2. Under Architecture select Custom/Upgrade 2011 Riverbed Technology. All rights reserved. 2

3. Select Scan Engine 4. Enter the IP Address of the MVM Backend Server which has the Configuration Manager component. Click Next completes the installation of MVM. 2011 Riverbed Technology. All rights reserved. 3

Creating the RSP Package Now that we ve complete installation of the MVM Scan Engine, we can create the RSP Package. The steps to create the RSP Package are detailed in the RSP Package Creation Guide but are reproduced here for clarity. 1. After opening the RSP Package Creator select the appropriate folder housing the Virtual Machine created earlier. 2. Appropriately fill in the Name, Description, Package Version, and Slot Name. 2011 Riverbed Technology. All rights reserved. 4

3. Optionally enable watchdog functionality. 4. In Network Interface Preferences page click Add under Management Interfaces 2011 Riverbed Technology. All rights reserved. 5

5. Fill in an Interface Name and select either Primary or Aux depending on which is currently used in your environment 6. Back in the Network Interface Preferences page click Add under Optimization Interfaces 2011 Riverbed Technology. All rights reserved. 6

7. Select Virtual In-Path as the Interface Type and L2 Switch under Packet Policies. 8. The completed Network Interface Preferences page should now look like this. 2011 Riverbed Technology. All rights reserved. 7

9. Name the package and click Create Package to create the package. Installing the RSP Package Now that we have a McAfee Vulnerability Manager RSP Package, we can install and enable it on a Steelhead. 1. Navigate to Configure Branch Services RSP Packages. 2011 Riverbed Technology. All rights reserved. 8

2. Click Add a Package. 3. As the package will be too big to be loaded from a local file, it will have to be loaded from an URL. 2011 Riverbed Technology. All rights reserved. 9

4. Navigate to Configure Branch Services RSP Slots and install the package into an empty slot. 5. Enable the slot. 2011 Riverbed Technology. All rights reserved. 10

6. Navigate to Configure Branch Services RSP Data Flow 7. Click Add a VNI and select the Virtual In-Path interface corresponding to MVM. Leave the Data Flow Position as Start to ensure that the Interface is on the LAN side of RiOS. Click Add to add the VNI to the data flow. 2011 Riverbed Technology. All rights reserved. 11

8. The finalized RSP Data Flow. Optimizing SSL Communication The MVM backend server has a web interface (called Enterprise Manager) that is used to manage MVM. The MVM Enterprise Manager uses SSL for its communication. In order for the Steelheads to be able to optimize this communication, a certificate generated by the MVM 7.0 Open API SDK needs to be imported into the Data Center Steelhead. This SDK is provided upon request from McAfee Support. Generating the Certificate This section details the steps to generate a certificate that the Data Center Steelhead can use to optimize the SSL connection between the MBM backend server and MVM scan engine. 1. Upon receiving the SDK from McAfee Support, unzip it and open up MVM Open API\Tools\Foundstone Certificate Manager.exe. Navigate to the Create SSL Certificates tab. 2011 Riverbed Technology. All rights reserved. 12

2. Enter the IP address of the MVM backend server (192.168.4.70 in this case) in the Host Address field and click Resolve. This will replace the IP Address with the Host Name of the MVM backend server. 3. Create Certificate using Host Address to create the certificate. This will save the certificates into a zip file. Make sure to save the Passphrase as this will be used later. 4. Unzipping the file saved in the previous step revels four files. The ones that will be of use to us are FoundstoneCAPublicCertificate.pem (certificate of the MVM CA) and FoundstoneClientCertificate.p12 (certificate the Steelhead will be using). 2011 Riverbed Technology. All rights reserved. 13

Enabling SSL Optimization on the Steelheads Having generated the appropriate certificates, we need to enable SSL optimization on both Steelheads and import the certificates into the Data Center Steelhead. 1. On the Branch Office Steelheads, navigate to Configure Networking Port Labels and remove port 443 from the list of Secure ports. 2. On the Branch Office Steelhead, navigate to Configure Optimizaiton SSL Main Settings and Enable SSL Optimization. This will require a restart of the optmization service. 2011 Riverbed Technology. All rights reserved. 14

1. On the Data Center Steelhead, the first step is to add the MVM CA to the Steelhead s list of CA s. Navigate to Configure Optimization Certificate Authorities and select the FoundstoneCAPublicCertificate.pem generated in the previous steps. Optionally specify a name for this CA. 2011 Riverbed Technology. All rights reserved. 15

2. On the Data Center Steelhead, the next step is to add the certificate the Steelhead will be using to its database. Navigate to Configure Optimization SSL Main Settings. a. Check Enable SSL Optimization b. Click Add a New SSL Certificate c. Select the One File in PEM or PKCS12 formats option d. Under Import Single File select Local File and Browse to the FoundstoneClientCertificate.p12 file created in the previous steps e. Under Decryption Password fill in the passphrase saved in the previous steps f. Click Add to save the changes g. Restart the optmization service. 2011 Riverbed Technology. All rights reserved. 16

3. Open up a connection the MVM Enterprise Manger from a client pc in the Branch Office. On both Steelheads navigate to Configure Optimization Secure Peering (SSL) on the Steelhead Mangement Console. Scroll down to Self-Signed Peer Gray List and select Trust for the peer Steelead appliance. 4. Close off the previous connection and initiate a new connection. The new connection will now be optimized. Verification of the Deployment To verify the deployment we will initiate an Asset Discovery Scan using the MVM Enterprise Manager. In the Web interface first navigate to Scans New Scan. 1. In the Scan Details page select Use a McAfee Vulnerability Manager template and then the Asset Discovery Scan template 2011 Riverbed Technology. All rights reserved. 17

2. Fill in a Name and IP address range to scan. 3. Navigate to the Scheduler tab. Select Active to activate the scan and the MVM scan engine on RSP in the Select Engine drop down menu 4. Navigate to Scans Scan Status. After some time the scan should Complete. In this case 5 Hosts were found. 2011 Riverbed Technology. All rights reserved. 18

About Riverbed Riverbed delivers performance for the globally connected enterprise. With Riverbed, enterprises can successfully and intelligently implement strategic initiatives such as virtualization, consolidation, cloud computing, and disaster recovery without fear of compromising performance. By giving enterprises the platform they need to understand, optimize and consolidate their IT, Riverbed helps enterprises to build a fast, fluid and dynamic IT architecture that aligns with the business needs of the organization. Additional information about Riverbed (NASDAQ: RVBD) is available at www.riverbed.com. About McAfee McAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC), is the world's largest dedicated security technology company. McAfee delivers proactive and proven solutions and services that help secure systems, networks, and mobile devices around the world, allowing users to safely connect to the Internet, browse and shop the Web more securely. Backed by its unrivaled Global Threat Intelligence, McAfee creates innovative products that empower home users, businesses, the public sector and service providers by enabling them to prove compliance with regulations, protect data, prevent disruptions, identify vulnerabilities, and continuously monitor and improve their security. McAfee is relentlessly focused on constantly finding new ways to keep our customers safe. http://www.mcafee.com Riverbed Technology, Inc. 199 Fremont Street San Francisco, CA 94105 Tel: (415) 247-8800 www.riverbed.com Riverbed Technology Ltd. Farley Hall, London Road, Level 2 Binfield, Bracknell Berks RG42 4EU Tel: +44 1344 401900 Riverbed Technology Pte. Ltd. 391A Orchard Road #22-06/10 Ngee Ann City Tower A Singapore 238873 Tel: +65 6508-7400 Riverbed Technology K.K. Shiba-Koen Plaza Building 9F 3-6-9, Shiba, Minato-ku Tokyo, Japan 105-0014 Tel: +81 3 5419 1990 2011 Riverbed Technology. All rights reserved. 19