Symantec Database Security and Audit 3100 Series Appliance. Getting Started Guide



Similar documents
Symantec LiveUpdate Administrator. Getting Started Guide

Symantec Security Information Manager - Best Practices for Selective Backup and Restore

Symantec Mobile Management for Configuration Manager

Symantec Integrated Enforcer for Microsoft DHCP Servers Getting Started Guide

Symantec Backup Exec System Recovery Exchange Retrieve Option User's Guide

Symantec Backup Exec 2010 R2. Quick Installation Guide

Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide

Symantec ApplicationHA agent for SharePoint Server 2010 Configuration Guide

Symantec Backup Exec System Recovery Granular Restore Option User's Guide

Symantec Enterprise Vault Technical Note. Administering the Monitoring database. Windows

Symantec Enterprise Security Manager Oracle Database Modules Release Notes. Version: 5.4

Symantec Event Collector 4.3 for Microsoft Windows Quick Reference

NetBackup Backup, Archive, and Restore Getting Started Guide

Symantec ApplicationHA Agent for Microsoft Internet Information Services (IIS) Configuration Guide

Configuring Symantec AntiVirus for Hitachi High-performance NAS Platform, powered by BlueArc

Veritas Cluster Server Getting Started Guide

Symantec Backup Exec TM 11d for Windows Servers. Quick Installation Guide

Backup Exec 15. Quick Installation Guide

Symantec Security Information Manager 4.5 Installation Guide

Symantec Messaging Gateway 10.0 Installation Guide. powered by Brightmail

Veritas Operations Manager Package Anomaly Add-on User's Guide 4.1

Veritas Cluster Server Database Agent for Microsoft SQL Configuration Guide

Symantec Mobile Management 7.2 MR1Quick-start Guide

Veritas Cluster Server Database Agent for Microsoft SQL Configuration Guide

Symantec AntiVirus Corporate Edition Patch Update

Symantec Security Information Manager 4.8 Release Notes

Symantec ApplicationHA agent for Internet Information Services Configuration Guide

Symantec Enterprise Vault

Symantec Event Collector for Kiwi Syslog Daemon version 3.7 Quick Reference

Configuring Symantec AntiVirus for NetApp Storage system

Veritas Storage Foundation and High Availability Solutions HA and Disaster Recovery Solutions Guide for Enterprise Vault

Symantec Critical System Protection Agent Event Viewer Guide

RealPresence Platform Director

Symantec Critical System Protection Configuration Monitoring Edition Release Notes

Symantec NetBackup Backup, Archive, and Restore Getting Started Guide. Release 7.5

Backup Exec Cloud Storage for Nirvanix Installation Guide. Release 2.0

Symantec Critical System Protection Agent Event Viewer Guide

Veritas Cluster Server Application Note: Disaster Recovery for Microsoft SharePoint Server

Encryption. Administrator Guide

Symantec NetBackup Appliance Getting Started Guide

Altiris IT Analytics Solution 7.1 SP1 from Symantec User Guide

Symantec Enterprise Vault

Symantec NetBackup for Microsoft SharePoint Server Administrator s Guide

Symantec Protection for SharePoint Servers Implementation Guide

Enterprise Vault Installing and Configuring

Barracuda Link Balancer Administrator s Guide

Gigabyte Management Console User s Guide (For ASPEED AST 2400 Chipset)

Symantec Response Assessment module Installation Guide. Version 9.0

PHD Virtual Backup for Hyper-V

Getting Started Guide for Symantec On-Demand Protection for Outlook Web Access 3.0

Foglight Experience Monitor and Foglight Experience Viewer

Gigabyte Content Management System Console User s Guide. Version: 0.1

Symantec ApplicationHA agent for Microsoft Exchange 2010 Configuration Guide

Symantec NetBackup for Microsoft SharePoint Server Administrator s Guide

Cisco TelePresence VCR MSE 8220

Veritas Operations Manager LDom Capacity Management Add-on User's Guide 4.1

Symantec Security Information Manager Release Notes

Symantec NetBackup OpenStorage Solutions Guide for Disk

Veritas CommandCentral Disaster Recovery Advisor Release Notes 5.1

Using Backup Exec System Recovery's Offsite Copy for disaster recovery

Symantec Security Information Manager 4.5 Administrator's Guide

Virtual Appliance Setup Guide

and Symantec Network Access Control

Symantec Enterprise Security Manager Modules for Sybase Adaptive Server Enterprise Release Notes 3.1.0

Symantec Event Collector for Cisco NetFlow version 3.7 Quick Reference

Symantec NetBackup Desktop and Laptop Option README. Release 6.1 MP7

Dell Statistica Statistica Enterprise Installation Instructions

QUICK START GUIDE. Cisco S170 Web Security Appliance. Web Security Appliance

Altor Virtual Network Security Analyzer v1.0 Installation Guide

Unified Threat Management

Symantec NetBackup Clustered Master Server Administrator's Guide

Use QNAP NAS for Backup

SOFTWARE LICENSE LIMITED WARRANTY

Symantec Protection Center Enterprise 3.0. Release Notes

QUICK START GUIDE. Cisco C170 Security Appliance

RSA Authentication Manager 8.1 Setup and Configuration Guide. Revision 2

Symantec Security Information Manager 4.6 Administrator's Guide

Symantec Virtual Machine Management 7.1 User Guide

PGP CAPS Activation Package

Veritas Operations Manager Release Notes. 3.0 Rolling Patch 1

VERITAS Backup Exec TM 10.0 for Windows Servers

Symantec Protection Engine for Cloud Services 7.0 Release Notes

Symantec Client Firewall Policy Migration Guide

Privileged Access Management Upgrade Guide

Getting Started with Symantec Endpoint Protection

Symantec Enterprise Vault

Symantec System Recovery 2013 Management Solution Administrator's Guide

Symantec Enterprise Vault. Upgrading to Enterprise Vault

Symantec Indepth for. Technical Note

Symantec Backup Exec Management Plug-in for VMware User's Guide

Savvius Insight Initial Configuration

Symantec Data Center Security: Server Advanced v6.0. Agent Guide

Dell One Identity Cloud Access Manager Installation Guide

How To Set Up A Thermal Cycler With Veritilink Remote Management Software

Symantec ApplicationHA Agent for Microsoft Internet Information Services (IIS) Configuration Guide

OfficeConnect Internet Firewall 25 Internet Firewall DMZ. QuickStart Guide (3C16770, 3C16771)

Symantec NetBackup Vault Operator's Guide

CA Nimsoft Monitor Snap

McAfee Firewall Enterprise

Transcription:

Symantec Database Security and Audit 3100 Series Appliance Getting Started Guide

Symantec Database Security and Audit 3100 Series Getting Started Guide The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement. Documentation version 1.0 PN: 10577170 Legal Notice Copyright 2006 Symantec Corporation. All rights reserved. Federal acquisitions: Commercial Software - Government Users Subject to Standard License Terms and Conditions. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. The Licensed Software and Documentation are deemed to be "commercial computer software" and "commercial computer software documentation" as defined in FAR Sections 12.212 and DFARS Section 227.7202. Symantec Corporation 20330 Stevens Creek Blvd. Cupertino, CA 95014 USA http://www.symantec.com Printed in the United States of America. 10 9 8 7 6 5 4 3 2 1

Contacting Technical Support Customers with a current maintenance agreement may access Technical Support information at the following URL: www.symantec.com/techsupp/ent/enterprise.html Select your region or language under Global Support. Before contacting Technical Support, make sure you have satisfied the system requirements that are listed in your product documentation. Also, you should be at the computer on which the problem occurred, in case it is necessary to recreate the problem. When you contact Technical Support, please have the following information available: Product release level Hardware information Available memory, disk space, and NIC information Operating system Version and patch level Network topology Router, gateway, and IP address information Problem description: Error messages and log files Troubleshooting that was performed before contacting Symantec Recent software configuration changes and network changes

Getting started with Symantec Database Security and Audit This document includes the following topics: About Symantec Database Security and Audit Overview of setup tasks Prerequisites for installation Installing the appliance Setting up the software on the appliance Launching the Symantec Database Security and Audit console Licensing the product after installation Initial configuration Where to get more information About Symantec Database Security and Audit Symantec Database Security and Audit is a stand-alone appliance that passively monitors and analyzes the database traffic on a network. It detects anomalous SQL queries to a database, both from outside sources and from authorized users within an organization. It can perform extrusion detection of the sensitive information that leaves the organization. For example, it can alert you whenever a SQL response includes multiple credit card numbers. Symantec Database Security

6 Getting started with Symantec Database Security and Audit Overview of setup tasks and Audit can also be used to record all database activity for regulatory compliance or to meet other audit requirements. Symantec Database Security and Audit analyzes the SQL statements that it detects against a known set of SQL patterns that represent normal database activity. Any deviations from the norm are flagged as potential attacks on the database. The appliance develops the SQL patterns by generalizing the SQL traffic that is observed during an initial period of training. After training, an administrator can define and activate the policies that govern what types of SQL data are logged or trigger an incident. An administrator can configure alert messages to be sent whenever an incident or other specified activity occurs. Symantec Database Security and Audit is configured and managed from a remote computer by using a Web browser to access the Web-based console interface on the appliance. Overview of setup tasks To prepare the Symantec Database Security and Audit appliance for full operation, you need to do the following: Ensure that all prerequisites are met. See Prerequisites for installation on page 7. Rack mount the appliance and connect the necessary cables. See Installing the appliance on page 8. Set up the software on the appliance. See Setting up the software on the appliance on page 9. Once the appliance has been installed and the software has been configured with the network information, you need to perform the following post-installation tasks: Update the software, if any updates are available. For more information, see the Symantec Database Security and Audit Implementation Guide or the online Help system in the Symantec Database Security and Audit console. License the software. See Licensing the product after installation on page 12. Configure and train the system. See Initial configuration on page 13.

Getting started with Symantec Database Security and Audit Prerequisites for installation 7 Prerequisites for installation To install the Symantec Database Security and Audit appliance and set up the software, ensure that the following prerequisites are met: A static IP address is available to assign to the appliance. Your rack system has a slot available for the appliance. The SPAN port is available on the network switch that handles all incoming and outgoing traffic on the database to be monitored. See Figure 1-1 on page 8. Note: As an alternative to using the SPAN port on the switch, you can connect the database monitor port to a network tap. Use a passive tap so that Symantec Database Security and Audit monitoring does not interfere with database access to the network. If the tap ever fails to operate, Symantec Database Security and Audit is unable to monitor the database, but database traffic continues to flow. See Figure 1-2 on page 8. The appliance can be connected to the same network as one or more remote computers that are used to manage Symantec Database Security and Audit. A browser is installed on any remote computers that are used to manage Symantec Database Security and Audit. The Symantec Database Security and Audit console was tested with Firefox 1.x and Microsoft Internet Explorer 6.0. However, the console should run well in most browsers. The console does not use advanced DHTML or require browser extensions such as ActiveX, Flash, or Java. The appliance has access to an SMTP or SNMP server so that the appliance can send alert notifications. You have any necessary cables that are not included with the appliance. The appliance comes with two power cords and one ethernet port extender. If you have a fiber optic network, you need two copper-to-fiber adapters for the ethernet ports on the appliance. The appliance uses copper NICs. Figure 1-1 shows an example of how the appliance can be deployed in a corporate environment.

8 Getting started with Symantec Database Security and Audit Installing the appliance Figure 1-1 Example of Symantec Database Security and Audit appliance deployment Figure 1-2 shows an example of how to place a network tap to ensure that all database traffic on the network is monitored. Figure 1-2 Example of network tap placement Installing the appliance Hardware installation consists of unpacking the box, rack-mounting the appliance, and connecting the cables.

Getting started with Symantec Database Security and Audit Setting up the software on the appliance 9 Figure 1-3 shows the back panel of the appliance, where the necessary ethernet connections are made. Figure 1-3 Ethernet ports on the back panel of the 3100 series appliance Note: Before you connect the appliance, read the safety instructions and important regulatory information in your Product Information Guide. To install the appliance 1 Install the mounting rails in an available slot in the rack. 2 Insert the appliance into the rack. 3 On the back of the appliance, connect the keyboard, video, and mouse ports to the KVM device for the rack. If a KVM device is not available, a serial console can be used to administer the appliance. 4 Connect the ethernet ports as follows: Connect the database monitor port (eth1) to the SPAN port on the network switch that handles the database traffic. Connect the administration port (eth0) to the same network as the remote computers that are used to manage the appliance. 5 Connect the power cable(s). 6 To start the appliance, on the front of the appliance, press the power button. Setting up the software on the appliance The software is pre-installed on the appliance. Software setup on the appliance consists of the following configuration tasks: Changing the default password that is used for the administrative accounts on the appliance. Configuring the IP address of the appliance, along with the related network information, such as the IP addresses of the gateway and the DNS server.

10 Getting started with Symantec Database Security and Audit Setting up the software on the appliance Configuring the time and date on the appliance. A setup program on the appliance lets you configure these settings. Note: The setup program also provides other settings that can be configured. In most cases, however, you do not need to configure any other settings. For more information about the setup program, see the Symantec Database Security and Audit Implementation Guide. To set up the software on the appliance 1 At the prompt, log in as the setup account: Account name: Default password: setup ChangeIT! 2 Read and accept the End User License Agreement (EULA). 3 When you are prompted, reset the password. The passwords for the setup, support, and root accounts on the appliance are all reset to the new password. 4 When you are presented with the main menu options for the setup program, to configure the network settings, type 2. 5 When you are presented with the Configure Network menu, configure the following options as applicable: Appliance IP address Netmask Gateway IP address Primary DNS server Secondary DNS server, if any 6 To commit your changes, type 6. 7 To return to the main menu, type 8. 8 To test the network configuration settings, at the main menu, type 3. When you are presented with the Network Tools menu, do either or both of the following: To ping an IP address, type 1, and then type the IP address when prompted. To check a domain name, type 2, and then type the name when prompted.

Getting started with Symantec Database Security and Audit Launching the Symantec Database Security and Audit console 11 To return to the main menu, type 3. 9 At the main menu, to configure the locale-related settings, type 4. 10 When you are presented with the Configure Time menu, configure the following options as applicable: Local time zone Current date and time NTP server If possible, configure access to an NTP (Network Time Protocol) server to maintain the accuracy of the system clock on the appliance. To ensure accurate reporting and logging, the appliance clock should not be arbitrarily reset. 11 To return to the main menu, type 4. 12 At the main menu, to restart the appliance, type 8. Launching the Symantec Database Security and Audit console You can launch the Symantec Database Security and Audit console in a compatible Web browser on any computer that has access to the Symantec Database Security and Audit appliance. You use an operator account to log into the Symantec Database Security and Audit console. Symantec Database Security and Audit comes with the following operator account: Account name: Default password: admin ChangeIT! The default password of the admin operator account should be changed immediately after installation. To launch the Symantec Database Security and Audit console 1 Open a Web browser, and type the following URL: https://<appliance-ip-address> where <appliance-ip-address> is replaced by the actual IP address with which the Symantec Database Security and Audit appliance is configured. 2 On the console login page, type the name and password of a valid Symantec Database Security and Audit operator account.

12 Getting started with Symantec Database Security and Audit Licensing the product after installation Licensing the product after installation To be fully operational, Symantec Database Security and Audit requires a valid license key for each type of database to be monitored. You can use one license to monitor an unlimited number of databases as long as all of the databases match the type that is specified in the license. However, a separate license is required for each type of database that you need to monitor. For example, to monitor two Oracle database servers and three Microsoft SQL Servers, you need two licenses: one for Oracle and one for SQL Server. Note: A single license file may contain multiple licenses, depending on how the licenses are generated. To license Symantec Database Security and Audit after installation, you need to do the following: Log into the Symantec Database Security and Audit console and record the host ID of the appliance. Provide Symantec with the host ID and the serial number or numbers printed on the certificate that comes with the appliance. Symantec will then generate the necessary license keys and email them to you. Import the license keys into Symantec Database Security and Audit. Note: Be sure to save the license keys that you receive from Symantec in case you need to reinstall the system. To license Symantec Database Security and Audit after installation 1 In the Symantec Database Security and Audit console, on the Configuration tab, click License. 2 Record the Host ID number that is displayed. 3 Open a new browser window, and type the following URL: https://licensing.symantec.com/ 4 Follow the instructions on the Symantec Licensing and Registration page. You will be asked to supply the following: Serial number If you intend to monitor multiple types of databases, supply the serial number for each type of database. Email address

Getting started with Symantec Database Security and Audit Initial configuration 13 This is the address to which the license keys will be sent. The license files are sent in a compressed format (zip). Be sure to provide an email address that can accept zipped file attachments. Symantec system ID This is the host ID number that you recorded in the Symantec Database Security and Audit console. 5 After you receive the license from Symantec, unzip the compressed file. 6 In the Symantec Database Security and Audit console, on the Configuration tab, click License. 7 In the Import New License File section, do the following: Click Browse to select a license file. Click Import License. The view refreshes to show the new license information. 8 Repeat the previous step, if necessary, for each license file that you received. Initial configuration After installation and licensing, you should complete additional configuration tasks to prepare Symantec Database Security and Audit for full operation. Table 1-1 describes these tasks. Table 1-1 Task Post-installation checklist Description Create additional operator accounts Symantec Database Security and Audit is pre-installed with one operator account. For security reasons, you cannot log in more than once simultaneously. If you attempt to log into a new browser session using an operator account that is already logged in, Symantec Database Security and Audit automatically logs out the first session. You can add additional operator accounts to do the following: Enable more than one person to use Symantec Database Security and Audit simultaneously. Create operators with different privileges. Track operator activity. All operator actions on Symantec Database Security and Audit are recorded in the audit log file.

14 Getting started with Symantec Database Security and Audit Initial configuration Table 1-1 Task Post-installation checklist (continued) Description Review the default settings for general configuration options Review the list of detected databases Enable training mode Review SQL patterns after training Define the time periods that can be applied to policies Review and activate policies These parameters affect the overall operation of Symantec Database Security and Audit, such as when to log out an idle user or what to do with malformed SQL statements. By default, Symantec Database Security and Audit monitors all of the databases that it detects. However, you can change the database monitoring mode to manual, and choose one or more detected databases to monitor. In order to identify anomalous SQL traffic, Symantec Database Security and Audit must first be trained to recognize normal SQL queries. Training is an automatic process in which Symantec Database Security and Audit observes SQL traffic on the network and generates the SQL patterns that represent normal behavior. All SQL queries observed during the training period are assumed to be normal operations and used to generate the SQL patterns. You should review these patterns and deactivate any that represent anomalous behavior. When you define operator policies, you can configure those policies to operate only inside or outside of a pre-configured time period. You should review and adjust the default time periods before you add or modify policies. Symantec Database Security and Audit compares the SQL queries that it detects to the policies that have been defined. The actions that Symantec Database Security and Audit takes when a query matches policy criteria are defined as part of the policy. Symantec Database Security and Audit comes with pre-defined policies, which you must activate if you want to use them. You can also define your own policies. Configure Symantec Database Security and Audit for alert notifications When Symantec Database Security and Audit generates an incident to indicate potential malicious activity, you can configure it to send alert information by SMTP email and SNMP traps. By default, no external alerts are generated.

Getting started with Symantec Database Security and Audit Where to get more information 15 Table 1-1 Task Post-installation checklist (continued) Description Create a data maintenance plan In the Symantec Database Security and Audit console, you can export configuration data from the appliance manually to create a backup to which the system configuration can be restored. After installing the Symantec Database Security and Audit Archive Tool on a Windows computer, you can schedule regular backups of event data. You can enable regular, automatic purges of closed incidents from the appliance. Note: For detailed information about configuring and managing Symantec Database Security and Audit, see the Symantec Database Security and Audit Implementation Guide or the online Help. Where to get more information To download a PDF file of the Symantec Database Security and Audit Implementation Guide, go to the following Web page: http://www.symantec.com/techsupp/enterprise/select_product_manuals.html To access the online Help system, in the Symantec Database Security and Audit console, click Help.

16 Getting started with Symantec Database Security and Audit Where to get more information

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information