Copyright © 2002-2006 AirDefense Proprietary and Confidential. Deploying AirDefense Enterprise

Copyright © 2002-2006 AirDefense Proprietary and Confidential.

Deploying AirDefense Enterprise


Deploying AirDefense Enterprise

Needs Assessment Installation Requirements Network Connections & User Interfaces Users & Roles Setting up AirDefense Enterprise Sensor Setup Sensor Deployment Enterprise UI


Needs Assessment

What is at Risk ?

Which Locations are at Risk ?

Intended System Use

Sensor Needs

Server Needs

Employee Educational Needs


What Devices are a Possible Threat

ASSETS

What WLAN devices are in my air space?

Which devices are mine?


Setup Checklist Physical Resources

Standard, grounded 120/240 VAC connection

Keyboard and monitor (for local access to the Server)

Standard 19-inch rack (1U height) with mounting rails

Network Information

IP address (supports DHCP)

Subnet Mask

Default Gateway

DNS Servers

Mail Relay Server

IP Address (of the System the Admin uses)


Interfaces Server

GUI – Web Browser Connection Perform most administrative and operational

tasks Four roles: admin, manager, guest and network

op

Command Line Interface or SSH Initial setup and configuration; as well as backup

Sensor GUI – Web Browser Connection

Initially configure sensor settings

Console (serial port connection – M400 only) Sensor maintenance


Network Connectivity

8543

22

SSH Client

Console Client

Enterprise Appliance510 Sensor

Browser Client

443 or 80*

443 or 80*

https: 443

* Use port 443 if Encrypted (default) or port 80 if Unencrypted

520 Sensor


Server Communication: Backup Server Sensors can be configured to support a backup server for

failover purposes.

Install a separate AirDefense server at same or an alternate location

Configure sensors with the address of the backup server

Periodically restore backup of primary server onto failover server

If a primary server failure occurs, or if the network for the primary server fails, sensors will connect to the backup server


Server GUI Roles Admin User

Only Admin users have full read and write privileges, enabling them to make changes in all of AirDefense, including deleting users, and changing policy.

Can add new users to AirDefense and can assign them to a role, including as another admin user.

Manager Same as admin, but can’t create new users, manage the appliance or clear edit log

Guest User Guest users have read-only access to the following GUI program areas:

Dashboard, Alarm Manager, Sensor Manager, Policy Manager, Notification Manager

In addition, Guests have privileges to Set their own user preferences and passwords in the Admin program area Create and save alarm filters in Alarm Manager

Network Operator Network operators have the same read-only access as Guest users But, they can acknowledge, clear, and purge alarms in the Alarm Manager program

area.


ADDadmin

Set of utilities for setup, basic configuration, and backup

Default server IP address 192.168.100.2

Important! AirDefense reboots on exit from the Command Line Interface on execution of some programs. AirDefense will automatically reboot and the new settings will take effect.


Accessing ADDadmin: Direct Access Via Keyboard / Monitor

Connect monitor / keyboard to AD server

Wait for login prompt and type credentials

Type ADDadmin

Via SSH Launch SSH client (version 2+)

Enter username / password

Type ADDadmin

Remember command line username / password different then web browser


Launching ADDadmin


Changing Passwords Log in to the Command Line Interface.

Type m, press <Enter> at the command prompt.


Changing Passwords: Command Line Type the line number of the user whose password you

want to change (smxmgr or smxarchive). Press <Enter>. If you are the Command Line User smxmgr and you

pressed “1,” AirDefense prompts you for your current UNIX password. Type in your password now. AirDefense then prompts you for a new password.

If you are the Command Line User smxarchive and you pressed “2,” AirDefense prompts you for a new password.

Type the new password. Press <Enter>. Type the new password again. Press <Enter>.


Add a User Type WEBU, press <Enter>.

Select Change a Password.

Type the name of the Web User for the password change, press <Enter>.

Type the current Web User password, press <Enter>.

Type the new Web User password, press <Enter>.

Type the new Web User password again, press <Enter>.

AirDefense asks you if you would like to change the password for this user.

Type yes or no, press <Enter>.


Entering Configuration

Type “c” then press enter for configuration


Configuring Initial Settings

For each required setting, type the name of the ADDadmin utility at the prompt and provide the required information for each setting. Type “Yes” to save the input.

IP—to set the IP address, subnet mask, and default gateway of the AirDefense Server

DNS—to define DNS servers

HNAME—to set the Host Name

DNAME—to set the Domain Name

HALLOW—to set Allowed Hosts (for SSH access)

MRELAY—to configure the AirDefense Server to point to a mail relay host

TIME—to set the AirDefense Server’s operating time and date (alternative: enable NTP)

TZ—to set the AirDefense Server’s time zone (alternative: enable NTP)

NTP—enable a specific network time server (NTP) instead of setting TIME and TZ Type q, press <Enter> to return to the ADDadmin main menu.

Type q, press <Enter> again to quit the Command Line Interface—The system automatically reboots.


Sensor Setup

Checklist

AirDefense Sensor

IP Address of the Primary AirDefense Server

IP Address of Secondary server for Failover.

IP Address of Sensor (DHCP default)


Sensor Setup Four Options:

Cross-over cable via Default IP Address Use Crossover RED cable in the box Setup Laptop to 192.168.100.x IP Range Connect to sensor : https://192.168.100.100

DHCP/Static IP connected via Hub/Switch Connect Sensor to network. Determine IP Address (e.g. Kiwi Syslog) Connect to sensor via web UI : https://<IP-of-Sensor>

Console access via Serial Cable and Hyperterm (M400 only) Connection setup : Port-COM1, Speed-1152000bps, Flow-None, Data

bits-8, Parity-None, Stop bits-1 Login - admin/airdefense

Zero-Config Option – DHCP server provides IP, ServerIP “043 Vendor Specific Option” in your DHCP Server Use gendhcp.exe to generate value string.


Sensor Communication: Overview

Sensors connect to server only through wired network

Sensors use PKI authentication

Communicate in Clear text or Encrypted (default)

Communication over TCP/IP (Layer 3)

Sensors Initiate communication (no Network Address Translation needed)

3 Missed Heartbeats result in Sensor Failover to secondary server


Sensor UI


Sensor Deployment

Use Sensor deployment guide PDF for planning

Use AirDefense Architect to predict sensor placements

Determine if Power-over-Ethernet will be used or not

Model 400 : custom AirDefense POE

Model 510 / Model 520: Standard 802.3af compatible POE

Determine if ZeroCabling option can be used

Note down Sensor Info (IP, MAC etc) and location on Map

Order cabling (if needed)

Install Sensor at the specified location.


Enterprise-Class Scalability with Lowest TCO

Easy to use dashboards and wizards Automatic classification of network devices Role-based & domain-based views Events prioritized by threat level Actionable alarms allow administrators to

efficiently solve problems

Simple Daily Administration

Hundreds of locations can report back to a centralized server

Supports up to 100,000 devices & hundreds of sensors per server

Start-up wizard to simplify initial system setup & configuration

Low bandwidth requirements (< 3 Kbps per sensor)

Appliance-based solution Zero-config sensors

Scalable & Easily Managed Platform

23

View by Locations/Groups/

Sensors

Easy to understand alarm explanations &

recommendations


Sensor Density Recommendations


AirDefense ZeroCabling solutionPOE Switch with

power on data pair

802.3af compliant Access Point

Y-cable

Y-cable

802.3af compliant AirDefense Sensor

Up to 300 ft. Cat5

Obviates the need for Sensor Cabling

Piggy-backs on the existing AP cabling

Substantial cost and time reduction for sensor deployment

Uses 2 Switch ports and provides full 12.95W – 15.4W to each device

Sensor is not inline: hence sensor failure does not impact AP


Sensor Troubleshooting Solving Orphaned Sensor Problem

Cross-over cable via Default IP Address

Use Crossover RED cable in the box

Setup Laptop to 192.168.100.x IP Range

Connect to sensor : https://192.168.100.100

Network Sniffing for ARP requests

Either connect to sensor via Crossover or on network

Using Ethereal, sniff ARP requests from Sensor MAC address

Console access via Serial Cable and Hyperterm

Connection setup : Port-COM1, Speed-1152000bps, Flow-None, Data bits-8, Parity-None, Stop bits-1

Login - admin/airdefense

Note down Sensor Configuration from the status screen


Sensor Troubleshooting

Solving Connectivity Problems Check light on the Sensor for network connectivity

On Console, verify the Sensor boot up process

Check Switch Port for Sensor MAC

Check Link Speed (default Auto : 100Mbps Full Duplex)

Ensure Port 443 can connect from sensor to server (No firewalls blocking that port)

View Sensor Status (Web UI – status)

View Sensor Syslog (Web UI - status)

Run Netstat command on the Server to check Sensor connection with Server

Check Server UI for Sensor Online/Offline status


AirDefense Enterprise GUI Downloadable Application

Certain prerequisites


Enterprise GUI Use Before you access the GUI for the first time, you

must download and run the installer from the thin client web page at one of the following locations:

• https://<server_ip_address>:8543

• https://<server_name>:8543

After you finish the GUI installation, you can log in remotely from a browser.

The GUI is not accessible directly from the AirDefense Server.


Logging Into the Enterprise GUI

1. Accept the Security Certificate2. Download the correct

application for your OS3. Supports both Linux and

Windows Platforms


GUI Prerequisites

The AirDefense GUI requires

a minimal resolution setting of: 1024 x

768, which you set on your computer.


Summary

Basic Needs and Requirements

Network Connections & User Interfaces

Enterprise Setup

Sensor Setup


Summary

33

Documents

Copyright © 2002-2006 AirDefense Proprietary and Confidential. Deploying AirDefense Enterprise