Sunday, 1 February 2015

intrusion software Installation IDS Sensor Server 7.0 SR4.3

 

Intrusion Detection Software (IDS) RealSecure Server Sensor provides automated, real-time intrusion monitoring, detection, and protection by analysing events, host logs, and inbound and outbound network activity on critical enterprise servers to block malicious activity. It communicates via an agent locally installed on an appliance. The agent talks back to a central repository in North America & is supported by the global AVZ Security Team.  This product should be installed on all systems within a geographical site/office of mytestlab that has a DMZ environment.

 

http://www.iss.net/products/RealSecure_ServerSensor/product_main_page.html

In most cases the firewall in the local site will need configuring to allow the sensors to communicate with the two repository servers in North America.

Ports

TCP/IP Ports 902 & 2998

  • Inside of the source folder select the SETUP.EXE file to launch the application.

image

 

  • On the “Welcome” screen click – NEXT.
  • On the “License Agreement screen click – I ACCEPT.
  • On the “Readme” screen click – NEXT.
  • On the “Setup Types” screen click – CUSTOM
  • clip_image004

 

  • On the “Select Components” screen leave default with – “Server Sensor with Network Monitoring” option selected then click - NEXT.
  • clip_image006 

 

  • On the “Enforce Audit and Blocking” screen leave both selections – UNCHECKED, and click – NEXT.

 

  • clip_image008

 

  • On the “Choose a Sensor Name” screen add the computer name followed by _snsr for example your server’s pc name is Server1 . In the space given add Server 12_snsr – then click NEXT.

image

 

  • On the “Choose folder for the Server Sensor” screen select “BROWSE” to change the installation path for the installation. For Servers with a D:drive designated for a cd drive then choose the next available “physical” drive other than C unless there is no other “physical” drive. Then click – OK & NEXT.
  • clip_image012

 

  • For the “Choose Folder for ISSDaemon” screen follow the same rules as in the previous step #10.
  • clip_image014 

 

  • On the “Select Authentication Mode” leave the checkbox “UNCHECKED” then click- NEXT.

clip_image016 

 

  • On the “Automatic Key Import” screen ensure the allow import is selected – NEXT.
  • clip_image018

 

  • On the “Select Public Key Administrators” screen type the first entree Server Name 1 then click – ADD. Then type the second entrĂ©e Server Name 2 and click- ADD. Then click – NEXT.
  • image

 

  • On the “Server Sensor Cryptographic Setup” screen there should be two entrees  Microsoft Enhanced Cryptographic Provider v.1.0/RSA_KEYX (1536 bit)/3DES/SHA-1 & Microsoft Enhanced Cryptographic Provider v.1.0/RSA_KEYX (1024 bit)/RC4 (128 bit)SHA-1. Be sure that the one with (1536 bit) is first in the list. If not highlight that option and click the “Move Up” button. Then (1024 bit) option will be second. Delete any other options if they exist. Then click – NEXT.
  • clip_image022

 

  • On the “Start copying files” screen click – NEXT.
  • clip_image024

 

  • untick the box for archiving realsecure sensor cryptographic private keys. NEXT
  • clip_image026

 

  • Click – FINISH on the last screen and you are done

 

  • Stop & Disable the ISS Buffer Overflow service in Computer Manager

 

  • clip_image028

 

  • Reboot Server.

 

  • Inform #ITSECURITY of the installation & confirm the agents are communicating.

 

By -
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)