Manager Installation Guide revision 7.0 McAfee® Network Security Platform Network Security Manager version 5.1 McAfee® Network Protection Industry-leading network security solutions COPYRIGHT Copyright ® 2001 - 2010 McAfee, Inc All Rights Reserved No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies TRADEMARKS ACTIVE FIREWALL, ACTIVE SECURITY, ACTIVESECURITY (AND IN KATAKANA), ACTIVESHIELD, CLEAN-UP, DESIGN (STYLIZED E), DESIGN (STYLIZED N), ENTERCEPT, EPOLICY ORCHESTRATOR, FIRST AID, FOUNDSTONE, GROUPSHIELD, GROUPSHIELD (AND IN KATAKANA), INTRUSHIELD, INTRUSION PREVENTION THROUGH INNOVATION, McAfee, McAfee (AND IN KATAKANA), McAfee AND DESIGN, McAfee.COM, McAfee VIRUSSCAN, NET TOOLS, NET TOOLS (AND IN KATAKANA), NETSCAN, NETSHIELD, NUTS & BOLTS, OIL CHANGE, PRIMESUPPORT, SPAMKILLER, THREATSCAN, TOTAL VIRUS DEFENSE, VIREX, VIRUS FORUM, VIRUSCAN, VIRUSSCAN, VIRUSSCAN (AND IN KATAKANA), WEBSCAN, WEBSHIELD, WEBSHIELD (AND IN KATAKANA) are registered trademarks or trademarks of McAfee, Inc and/or its affiliates in the US and/or other countries The color red in connection with security is distinctive of McAfee brand products All other registered and unregistered trademarks herein are the sole property of their respective owners LICENSE AND PATENT INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANIES YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEB SITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE) IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO McAfee OR THE PLACE OF PURCHASE FOR A FULL REFUND License Attributions This product includes or may include: * Software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/) * Cryptographic software written by Eric A Young and software written by Tim J Hudson * Some software programs that are licensed (or sublicensed) to the user under the GNU General Public License (GPL) or other similar Free Software licenses which, among other rights, permit the user to copy, modify and redistribute certain programs, or portions thereof, and have access to the source code The GPL requires that for any software covered under the GPL, which is distributed to someone in an executable binary format, that the source code also be made available to those users For any such software covered under the GPL, the source code is made available on this CD If any Free Software licenses require that McAfee provide rights to use, copy or modify a software program that are broader than the rights granted in this agreement, then such rights shall take precedence over the rights and restrictions herein * Software originally written by Henry Spencer, Copyright 1992, 1993, 1994, 1997 Henry Spencer * Software originally written by Robert Nordier, Copyright (C) 1996-7 Robert Nordier * Software written by Douglas W Sauder * Software developed by the Apache Software Foundation (http://www.apache.org/) A copy of the license agreement for this software can be found at www.apache.org/licenses/LICENSE-2.0.txt * International Components for Unicode ("ICU") Copyright (C) 1995-2002 International Business Machines Corporation and others * Software developed by CrystalClear Software, Inc., Copyright (C) 2000 CrystalClear Software, Inc * FEAD(R) Optimizer(R) technology, Copyright Netopsystems AG, Berlin, Germany * Outside In(R) Viewer Technology (C) 1992-2001 Stellent Chicago, Inc and/or Outside In(R) HTML Export, (C) 2001 Stellent Chicago, Inc * Software copyrighted by Thai Open Source Software Center Ltd and Clark Cooper, (C) 1998, 1999, 2000 * Software copyrighted by Expat maintainers * Software copyrighted by The Regents of the University of California, (C) 1996, 1989, 1998-2000 * Software copyrighted by Gunnar Ritter * Software copyrighted by Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, U.S.A., (C) 2003 * Software copyrighted by Gisle Aas (C) 1995-2003 * Software copyrighted by Michael A Chase, (C) 1999-2000 * Software copyrighted by Neil Winton, (C) 1995-1996 * Software copyrighted by RSA Data Security, Inc., (C) 1990-1992 * Software copyrighted by Sean M Burke, (C) 1999, 2000 * Software copyrighted by Martijn Koster, (C) 1995 * Software copyrighted by Brad Appleton, (C) 1996-1999 * Software copyrighted by Michael G Schwern, (C) 2001 * Software copyrighted by Graham Barr, (C) 1998 * Software copyrighted by Larry Wall and Clark Cooper, (C) 1998-2000 * Software copyrighted by Frodo Looijaard, (C) 1997 * Software copyrighted by the Python Software Foundation, Copyright (C) 2001, 2002, 2003 A copy of the license agreement for this software can be found at www.python.org * Software copyrighted by Beman Dawes, (C) 1994-1999, 2002 * Software written by Andrew Lumsdaine, Lie-Quan Lee, Jeremy G Siek (C) 1997-2000 University of Notre Dame * Software copyrighted by Simone Bordet & Marco Cravero, (C) 2002 * Software copyrighted by Stephen Purcell, (C) 2001 * Software developed by the Indiana University Extreme! Lab (http://www.extreme.indiana.edu/) * Software copyrighted by International Business Machines Corporation and others, (C) 1995-2003 * Software developed by the University of California, Berkeley and its contributors * Software developed by Ralf S Engelschall for use in the mod_ssl project (http:// www.modssl.org/) * Software copyrighted by Kevlin Henney, (C) 2000-2002 * Software copyrighted by Peter Dimov and Multi Media Ltd (C) 2001, 2002 * Software copyrighted by David Abrahams, (C) 2001, 2002 See http://www.boost.org/libs/bind/bind.html for documentation * Software copyrighted by Steve Cleary, Beman Dawes, Howard Hinnant & John Maddock, (C) 2000 * Software copyrighted by Boost.org, (C) 1999-2002 * Software copyrighted by Nicolai M Josuttis, (C) 1999 * Software copyrighted by Jeremy Siek, (C) 1999-2001 * Software copyrighted by Daryle Walker, (C) 2001 * Software copyrighted by Chuck Allison and Jeremy Siek, (C) 2001, 2002 * Software copyrighted by Samuel Krempp, (C) 2001 See http://www.boost.org for updates, documentation, and revision history * Software copyrighted by Doug Gregor (gregod@cs.rpi.edu), (C) 2001, 2002 * Software copyrighted by Cadenza New Zealand Ltd., (C) 2000 * Software copyrighted by Jens Maurer, (C) 2000, 2001 * Software copyrighted by Jaakko Järvi (jaakko.jarvi@cs.utu.fi), (C) 1999, 2000 * Software copyrighted by Ronald Garcia, (C) 2002 * Software copyrighted by David Abrahams, Jeremy Siek, and Daryle Walker, (C) 1999-2001 * Software copyrighted by Stephen Cleary (shammah@voyager.net), (C) 2000 * Software copyrighted by Housemarque Oy , (C) 2001 * Software copyrighted by Paul Moore, (C) 1999 * Software copyrighted by Dr John Maddock, (C) 1998-2002 * Software copyrighted by Greg Colvin and Beman Dawes, (C) 1998, 1999 * Software copyrighted by Peter Dimov, (C) 2001, 2002 * Software copyrighted by Jeremy Siek and John R Bandela, (C) 2001 * Software copyrighted by Joerg Walter and Mathias Koch, (C) 2000-2002 * Software copyrighted by Carnegie Mellon University (C) 1989, 1991, 1992 * Software copyrighted by Cambridge Broadband Ltd., (C) 2001-2003 * Software copyrighted by Sparta, Inc., (C) 2003-2004 * Software copyrighted by Cisco, Inc and Information Network Center of Beijing University of Posts and Telecommunications, (C) 2004 * Software copyrighted by Simon Josefsson, (C) 2003 * Software copyrighted by Thomas Jacob, (C) 2003-2004 * Software copyrighted by Advanced Software Engineering Limited, (C) 2004 * Software copyrighted by Todd C Miller, (C) 1998 * Software copyrighted by The Regents of the University of California, (C) 1990, 1993, with code derived from software contributed to Berkeley by Chris Torek Issued NOVEMBER 2010 / Manager Installation Guide 700-1801-00/ 7.0 - English Contents Preface v Introducing McAfee Network Security Platform v About this Guide v Audience v Conventions used in this guide v Related Documentation .vi Contacting Technical Support vii Chapter Introduction to McAfee Network Security Platform About the Network Security Manager Manager components Update Server Chapter About Network Security Central Manager Chapter Preparing for installation Pre-requisites General settings .6 Other third-party applications Browser display settings (Windows) Server requirements .7 Client system requirements 10 Java Runtime Environment (JRE) requirement 10 Database requirements 10 Pre-installation recommendations 11 Planning for installation 11 Functional requirements .12 Using anti-virus software with the Manager 12 User interface responsiveness 13 Chapter Installing and upgrading the Central Manager/Manager 14 Installing the Manager 14 Manager installation with Local Service account privileges 24 Installing the Central Manager 25 Sensor license types 25 Adding a Sensor license 26 Manually Assigning a Sensor License 27 Java installation for client systems 28 Updating or upgrading in Network Security Platform 28 Upgrading your software 29 Updating your signature set or Sensor software 29 Adding a Sensor 29 Chapter Working with Manager software 30 Starting Network Security Manager 30 Accessing Manager from a client machine 31 Logging onto Network Security Manager .31 Properly shutting down Network Security Manager services .32 iii Starting Network Security Central Manager 35 Logging onto Central Manager 36 Properly shutting down Central Manager 37 Chapter Authenticating Access to the Manager using CAC 40 Chapter Uninstalling the Manager 43 Uninstalling using Add/Remove Programs 43 Uninstalling via script 45 Index 46 iv Preface This preface provides a brief introduction to the product, discusses the information in this document, and explains how this document is organized It also provides information such as the supporting documents for this guide and how to contact McAfee Technical Support Introducing McAfee Network Security Platform McAfee® Network Security Platform [formerly McAfee® IntruShield®] delivers the most comprehensive, accurate, and scalable Network Access Control (NAC) and network Intrusion Prevention System (IPS) for mission-critical enterprise, carrier, and service provider networks, while providing unmatched protection against spyware and known, zero-day, and encrypted attacks McAfee Network Security Platform combines real-time detection and prevention to provide the most comprehensive and effective network IPS in the market About this Guide This guide provides step-by-step instructions for the successful installation of the McAfee® Network Security Manager [formerly McAfee® IntruShield® Security Manager] interface software When the McAfee Network Security Manager (Manager) software is installed on your target server, you can configure your security system by sending commands through the Manager to all installed McAfee® Network Security Sensors [formerly McAfee® IntruShield® Sensors] This guide is best followed by reading the Manager Configuration Basics Guide and then followed by the other Configuration Guides for implementation Note: If you are upgrading to this version of Network Security Platform, we recommend you first review the corresponding Network Security Platform Upgrade Guide Audience This guide is intended for use by network technicians and maintenance personnel responsible for installing, configuring, and maintaining the Manager and the McAfee Network Security Sensors (Sensors), but is not necessarily familiar with NAC or IPSrelated tasks, the relationship between tasks, or the commands necessary to perform particular tasks Conventions used in this guide This document uses the following typographical conventions: v McAfee® Network Security Platform 5.1 Preface Convention Example Terms that identify fields, buttons, tabs, options, selections, and commands on the User Interface (UI) are shown in Arial N3arrow bold font The Service field on the Properties tab specifies the name of the requested service Menu or action group selections are indicated using a right angle bracket Select My Company > Admin Domain > Summary Procedures are presented as a series of numbered steps On the Configuration tab, click Backup Names of keys on the keyboard are denoted using UPPER CASE Press ENTER Text such as syntax, keywords, and values that you must type exactly are denoted using Courier New font Type: setup and then press ENTER Variable information that you must type based on your specific situation or environment is shown in italics Type: sensor-IP-address and then press ENTER Parameters that you must supply are shown enclosed in angle brackets set Sensor ip Information that you must read before beginning a procedure or that you to negative consequences of certain actions, such as loss of data is denoted using this notation Caution: Information that you must read to prevent injury, accidents from contact with electricity, or other serious consequences is denoted using this notation Warning: Notes that provide related, but non-critical, information are denoted using this notation Note: Related Documentation            Quick Tour 4.1 to 5.1 Upgrade Guide Getting Started Guide IPS Deployment Guide Manager Configuration Basics Guide Administrative Domain Configuration Guide Manager Server Configuration Guide Sensor CLI Guide Sensor Configuration Guide IPS Configuration Guide NAC Configuration Guide vi McAfee® Network Security Platform 5.1                    Preface Integration Guide System Status Monitoring Guide Reports Guide User-Defined Signatures Guide Central Manager Administrator's Guide Best Practices Guide Troubleshooting Guide I-1200 Sensor Product Guide I-1400 Sensor Product Guide I-2700 Sensor Product Guide I-3000 Sensor Product Guide I-4000 Sensor Product Guide I-4010 Sensor Product Guide Gigabit Optical Fail-Open Bypass Kit Guide Gigabit Copper Fail-Open Bypass Kit Guide Special Topics Guide—In-line Sensor Deployment Special Topics Guide—Sensor High Availability Special Topics Guide—Virtualization Special Topics Guide—Denial-of-Service Contacting Technical Support If you have any questions, contact McAfee for assistance: Online Contact McAfee Technical Support http://mysupport.mcafee.com Registered customers can obtain up-to-date documentation, technical bulletins, and quick tips on McAfee's 24x7 comprehensive KnowledgeBase In addition, customers can also resolve technical issues with the online case submit, software downloads, and signature updates Phone Technical Support is available 7:00 A.M to 5:00 P.M PST Monday-Friday Extended 24x7 Technical Support is available for customers with Gold or Platinum service contracts Global phone contact numbers can be found at McAfee Contact Information http://www.mcafee.com/us/about/contact/index.html page Note: McAfee requires that you provide your GRANT ID and the serial number of your system when opening a ticket with Technical Support You will be provided with a user name and password for the online case submission vii CHAPTER Introduction to McAfee Network Security Platform This section provides a brief introduction to the components of the McAfee® Network Security Manager [formerly McAfee® IntruShield® Security Manager] and the part it plays in the overall McAfee® Network Security Platform [formerly McAfee® IntruShield®] The complete McAfee Network Security Platform is a combination of network appliances and software built for Network Access Control (NAC) as well as accurate detection and prevention of intrusions, denial of service (DoS) and distributed denial of service (DDoS) attacks, and network misuse Network Security Platform combines real-time detection and prevention for the most comprehensive and effective network security system Note: For a high-level overview of Network Security Platform IPS components and features, see the Getting Started Guide For details of the NAC Module of Network Security Platform, see the NAC Configuration Guide About the Network Security Manager McAfee Network Security Manager (Manager) consists of hardware and software resources that are used to configure and manage your Network Security Platform deployment Note: From version 5.1.17.2 or above, you not require a license file to use the Manager For more details on licenses, refer to the Chapter Licensing in the Best Practices Guide Manager components Manager is a term that represents the hardware and software resources that are used to configure and manage Network Security Platform The Manager consists of the following components:  One of the following hardware/OS server platform (on page 2):  Microsoft Windows Server 2003 - SP2, (32 or 64 bit) Standard Edition, English  Microsoft Windows Server 2003 - R2, (32 or 64 bit) Standard Edition, Japanese Microsoft Windows Server 2008 - R2, (64 bit) Standard Edition, English Note that this platform is supported only for fresh installations of Manager 5.1.11.22 or above the Manager software (on page 2) a back end database (on page 3) to persist data (MySQL version 5.0.91)    McAfee® Network Security Platform 5.1  Introduction to McAfee Network Security Platform a connection to the McAfee® Network Security Update Server [formerly IPS Update Server] (on page 3) Manager server platform The Manager server is a dedicated Windows Server hosting the Manager software You can remotely access the Network Security Platform user interface from a Windows XP or Windows system using Internet Explorer 6.0, 7.0, or 8.0 Sensors use a built-in 10/100 Management port to communicate with the Manager server You can connect a segment from a Sensor Management port directly to the Manager server; however, this means you can only receive information from one Sensor (typically, your server has only one 10/100 network port) During Sensor configuration, described in the Sensor CLI Guide, you will establish communication between your Sensor(s) and your Manager server Manager software The Manager software has a Web-based user interface for configuring and managing the Network Security Platform Network Security Platform users connect to the Manager server from a Windows XP or Windows system using the Internet Explorer browser program The Network Security Platform user interface runs with Internet Explorer versions 6.0, 7.0, and 8.0 The Manager functions are configured and managed through a GUI application, the Network Security Platform user interface, which includes complementary interfaces for system status, system configuration, report generation, and fault management All interfaces are logically parts of the Manager program Manager has five components:      Manager Home The Manager Home page is the first screen displayed after the user logs on to the system The Manager Home page displays Operational Status-that is, whether all components of the system are functioning properly, the number of unacknowledged alerts in the system, and the configuration options available to the current user Options available within the Manager Home page are determined by the current user's assigned role(s) The Manager Home page is refreshed every seconds by default Operational Status The Operational Status page displays the status of Manager, database, and any deployed Sensors; including all system faults Configuration The Configuration page provides all system configuration options, and facilitates the configuration of your Sensors, failover pairs of Sensors, administrative domains, users, roles, Network Access Control (NAC), attack policies and responses, user-created signatures, and system reports Access to various activities, such as user management, system configuration, or policy management is based on the current user's role(s) and privileges For more information on NAC configuration, see NAC Configuration Guide Threat Analyzer The Threat Analyzer page displays the hosts detected on your network as well as the detected security events that violate your configured security policies The Threat Analyzer provides powerful drill-down capabilities to enable you to see all of the details on a particular alert, including its type, source and destination addresses, and packet logs where applicable Reports Users can generate reports for the security events detected by the system and reports on system configuration Reports can be generated manually or automatically, saved for later viewing, and/or e-mailed to specific individuals McAfee® Network Security Platform 5.1 Introduction to McAfee Network Security Platform Other key features of Manager include:    The Incident Generator: The Incident Generator enables creation of attack incident conditions, which, when met, provide real-time correlative analysis of attacks Once incidents are generated, view them using the Incident Viewer, which is within the Threat Analyzer tool For more information on Manager components, see Manager Server Configuration Guide Integration with other McAfee products: You can integrate Network Security Platform with other McAfee products such as McAfee ePolicy Orchestrator (ePO), McAfee® Host Intrusion Prevention [formerly McAfee® Entercept] , and so on Then Network Security Platform collaborates with these products to provide you with a comprehensive network security solution For details, see Integration Guide Integration with third-party products: Network Security Platform enables the use of multiple third-party products for analyzing faults, alerts, and generated packet logs  Fault/Alert forwarding and viewing: You have the option to forward all fault management events and actions, as well as IPS alerts to a third-party application This enables you to integrate with third-party products that provide trouble ticketing, messaging, or any other response tools you may wish to incorporate Fault and/or alert forwarding can be sent to the following ways: - Syslog Server: forward IPS alerts and system faults - SNMP Server (NMS): forward IPS alerts and system faults - Java API: forward IPS alerts - Crystal Reports: view alert data from database via email, pager, or script  Packet log viewing: view logged packets/flows using third-party software, such as Ethereal Manager database The Manager server operates with an RDBMS (relational database management system) for storing persistent configuration information and event data The compatible database is MySQL (current version 5.0.91) The Manager server for Windows (only) includes a MySQL database that can be installed (embedded) on the target Windows server during Manager software installation Your MySQL database can be tuned on-demand or by a set schedule via Manager user interface configuration Tuning promotes optimum performance by defragmenting split tables, re-sorting and updating indexes, computing query optimizer statistics, and checking and repairing tables To graphically administrate and view your MySQL database, you can download the MySQL administrator from the MySQL Web site http://dev.mysql.com/downloads/gui-tools Update Server For your Network Security Platform to properly detect and protect against malicious activity, the Manager and Sensors must be frequently updated with the latest signatures and software patches available Thus, the Network Security Platform team constantly researches and develops performance-enhancing software and attack-detecting signatures that combat the latest in hacking, misuse, and denials of service (DoS) When a severe-impact attack happens that cannot be detected with the current signatures, a new McAfee® Network Security Platform 5.1   Working with Manager software Java runtime engine: You must install this plug-in to view objects in the Manager Home page and other areas of the Manager program, such as the Threat Analyzer You can opt to display your company's logo and accompanying text on the Manager Login page For details, see Adding a Log-on Banner, Manager Server Configuration Guide Properly shutting down Network Security Manager services Properly shutting down the Manager prevents data corruption by allowing data transfer and other processes to gracefully end prior to machine shutdown Proper shutdown of Manager services requires the following steps be performed: Close all client connections See Closing all client connections to the Manager (on page 32) Stop the McAfee Network Security Manager service Stop the McAfee Network Security Manager User Interface service Stop the McAfee Network Security Manager Watchdog service Stop the McAfee Network Security Manager MySQL service Note 1: You can complete steps through using the Network Security Platform system tray icon or the Windows Control Panel For step 5, you must use the Windows Control Panel Note 2: In a crash situation, the Manager will attempt to forcibly shut down all its services Closing all client connections to the Manager The following procedure details the recommended steps for determining which users are currently logged on to the Network Security Manager server All client-session configuration and data review should be gracefully closed prior to server shutdown Log on to the Network Security Manager server via a browser session Click Configure to open the Configuration page In the Resource Tree, click the Manager node The Manager Information page opens Check the Current Application Users section of the Manager Information table to determine which users are logged in Ask the users to close all Manager windows such as Threat Analyzer and Manager Home page and log out of all open browser sessions Follow the appropriate procedure from Stopping Manager services, including the database (on page 32) to properly turn off Manager services prior to server shutdown Stopping Manager services, including the database The following procedures each detail a proper way to shut down your Manager server 32 McAfee® Network Security Platform 5.1   Working with Manager software Using the Network Security Platform system tray icon to stop Manager services (on page 33) Using the Control Panel to stop Manager services (on page 34) Using the Network Security Platform system tray icon to stop Manager services Right-click the Network Security Manager icon in your System Tray The icon displays as an "M" enclosed in a shield Figure 21: Network Security Manager in the System Tray Select Stop Manager Once this service is completely stopped, continue to the next step From the right-click menu, select Stop User Interface Once this service is completely stopped, continue to the next step From the right-click menu, select Stop Watchdog Once this service is completely stopped, continue to the next step Go to Start > Settings > Control Panel Open Administrative Tools Open Services Find and select McAfee Network Security Manager Database in the services list under the “Name” column Click the Stop Service button Once this service is completely stopped, continue to the next step Figure 21: Stopping the MySQL Service 33 McAfee® Network Security Platform 5.1 Working with Manager software 10 You can now safely shut down/reboot your server Using the Control Panel to stop Network Security Manager services Go to Start > Settings > Control Panel Open Administrative Tools Open Services Select McAfee Network Security Manager Service in the services list under the “Name” column Click the Stop Service button Once this service is completely stopped, continue to the next step Figure 22: Services Find and select McAfee Network Security Manager Database in the services list under the “Name” column Click the Stop Service button Once this service is completely stopped, continue to the next step 34 McAfee® Network Security Platform 5.1 Working with Manager software Figure 23: Stopping the MySQL Service Find and select McAfee Network Security Manager User Interface in the services list under the “Name” column Click the Stop Service button Once this service is completely stopped, continue to the next step 10 Find and select McAfee Network Security Manager Watchdog in the services list under the “Name” column 11 Click the Stop Service button Once this service is completely stopped, continue to the next step 12 You can now safely shut down/reboot your server Starting Network Security Central Manager This section assumes you have permissions granting you access to the Central Manager software In Network Security Central Manager, this translates to a Super User role at the root admin domain Your actual view of the interface may differ, depending on the role you have been assigned within Network Security Platform For example, certain tasks may be unavailable to you if your role denies you access If you find you are unable to access a screen or perform a particular task, consult your Network Security Platform Super User Important: For testing purposes, you can access the Central Manager from the server For working with the Central Manager, McAfee recommends that you access the Central Manager from a client machine because running the Central Manager interface client session on the server can result in slower performance due to program dependencies, such as Java, which may consume a lot of memory To start the Central Manager, the following: Make sure the following services are running on the Central Manager server:  McAfee Network Security Central Manager  McAfee Network Security Central Manager Database  McAfee Network Security Central Manager User Interface 35 McAfee® Network Security Platform 5.1  Working with Manager software McAfee Network Security Central Manager Watchdog Open the Central Manager using the shortcut icon that you created during installation The interface opens in an Internet Explorer window in HTTPS mode for secure communication To log on to Central Manager, see Logging onto Central Manager (on page 36) To access Central Manager from a client machine: Start a browser that supports the Central Manager and then type the URL of the Central Manager server: https:// Make sure the Pop-up Blocker is turned off in the browser Log on to the Central Manager Logging onto Central Manager To log onto the Central Manager: Do one of the following: For initial logon after a new installation:  For Login ID, type nscmadmin  For Password, type admin123 Figure 24: The Central Manager Login Page Note: For upgrades from 4.1 to 5.1, the login ID is the same as it was in 4.1 Tip: McAfee strongly recommends that you change the default username and password as one of your first operations within the system If you are not the McAfee Network Security Platform System administrator/Super User:  Type the Login ID supplied to you by your administrator  Type the valid Password for the specified Login ID 36 McAfee® Network Security Platform 5.1 Working with Manager software Click Log In or press Enter The Central Manager Home page appears as shown in Accessing Central Manager Home page During initial logon (per client), Network Security Platform prompts you to install the following:  Security certificate granting the Central Manager program write access to your client Click Always  Java Runtime Engine: You must install this plug-in to view objects in the Central Manager Home page and other areas of the Central Manager program, such as the UDS You can opt to display your company's logo and accompanying text on the Central Manager Login page.For details, see Adding a Log-on Banner, Manager Server Configuration Guide Properly shutting down Central Manager Properly shutting down the Central Manager prevents data corruption by allowing data transfer and other processes to gracefully end prior to machine shutdown Proper shutdown of Central Manager services requires the following steps be performed: Close all client connections Stop the McAfee Network Security Central Manager service Stop the McAfee Network Security Central Manager User Interface service Stop the McAfee Network Security Central Manager Watchdog service Stop the McAfee Network Security Central Manager MySQL service Note: You can complete steps through using the Network Security Platform system tray icon or the Windows Control Panel For step 5, you must use the Windows Control Panel The following procedures each detail a proper way to shut down the Central Manager   Using the Network Security Central Manager system tray icon to stop Central Manager services (on page 37) Using the Control Panel to stop Central Manager services (on page 39) Using the Central Manager system tray icon Right-click the Central Manager Service icon in your System Tray The icon displays as an "M" Figure 25: System Tray Icon 37 McAfee® Network Security Platform 5.1 Working with Manager software Select Stop Central Manager Once this service is completely stopped, continue to the next step Figure 26: Stop Central Manger - Right-Click Menu From the right-click menu, select Stop User Interface Once this service is completely stopped, continue to the next step From the right-click menu, select Stop Watchdog Once this service is completely stopped, continue to the next step Go to Start > Settings > Control Panel Open Administrative Tools Open Services Find and select McAfee Network Security Central Manager Database in the services list under the “Name” column Figure 27: NSM Database Service Click the Stop Service button Once this service is completely stopped, continue to the next step 10 You can now safely shut down/reboot your server 38 McAfee® Network Security Platform 5.1 Working with Manager software Using the Control Panel Go to Start > Settings > Control Panel Open Administrative Tools Open Services Select McAfee Network Security Central Manager Service in the services list under the “Name” column Click the Stop Service button Once this service is completely stopped, continue to the next step Select McAfee Network Security Manager Database in the services list under the “Name” column Click the Stop Service button Once this service is completely stopped, continue to the next step Find and select McAfee Network Security Manager User Interface in the services list under the “Name” column Click the Stop Service button Once this service is completely stopped, continue to the next step 10 Find and select McAfee Network Security Manager Watchdog in the services list under the “Name” column 11 Click the Stop Service button Once this service is completely stopped, continue to the next step 12 You can now safely shut down/reboot your server 39 CHAPTER Authenticating Access to the Manager using CAC Common Access Card (CAC) is a smart card that is used for general identification as well as authentication of user access to secure networks CAC holds a unique digital certificate and user information such as photograph, personal identification number (PIN) and signature to identify each user Network Security Platform provides an option of authentication of users who tried to log onto the Manager based on their smart card verification When a smart card reader is connected to your Manager client, and a user swipes a smart card, the card reader authenticates if the digital certificate and the user information are trusted and valid If the user information is trusted, the client browser retrieves the certificate from CAC, with the help of the CAC software and sends it to the Manager The Manager receives the certificate, verifies if the certificate issued is from a trusted Certificate Authority (CA) If the certificate is from a trusted CA, a secure session is established and the user is permitted to log on At a high level, authenticating user access to the Manager through CAC can be brought about by a 4-step process:     Verify the CAC certificate format Set up user accounts Enable CAC authentication Log on to the Manager using CAC Verifying the CAC certificate format pem is the universal standard to read digital certificate files If your CA certificate is using other formats such as cer, you need to convert those to pem format To convert a cer certificate to pem format: Open the command prompt, locate the OpenSSL/bin folder, and execute the following command: openssl x509 -in -inform DER -out -outform PEM All the PEM-encoded certificate can be combined into one master CA file, and the SSLCACertificateFile must contain a list of Root CA’s and intermediary CA’s that are trusted by the Manager Setting up CAC users in the Manager Connect the smart card reader to your Manager client through a USB port The smart card reader can be connected to a Manager server, if the server doubles up as a Manager client a Refer the card reader manufacturer's recommendations for the necessary device drivers to be installed b Install the ActivIdentify and ActivClient CAC software on the Manager client These software are provided to you along with the card reader device and help validate the digital certificate and user information stored in the card 40 McAfee® Network Security Platform 5.1 Authenticating Access to the Manager using CAC Note: McAfee currently supports integration with smart card reader model SCR3310 from TxSystems Insert a card into the card reader Open the CAC Client software > Smart Card Info > User Name The user name is a combination of alphanumeric characters and a few special characters like "." or spaces For example, "BROWN.JOHN.MR 0123456789" Log onto the Manager and create a user with the exact same name that is, "BROWN.JOHN.MR 0123456789" Close the current browser session of the Manager Enabling CAC authentication The CAC authentication feature is disabled by default It is mandatory to setup the CAC user accounts, before enabling it To enable CAC, the following: Note: CAC Authentication can be enabled only through the MySQL command line Log onto the MySQL command line and enter: update iv_emsproperties set value='TRUE' where name='iv.access.control.authentication.requireClientCertificate BasedAuthentication' Perform the following tasks: a Change the corresponding Apache files to enable Client-Authentication: Apache/conf/iv_ssl.conf – b Uncomment the following lines: #RewriteRule ^(.*)$ - [E=RedirectPort=444] #Listen 0.0.0.0:444 c Set SSLCACertificateFile attribute to point to the file containing the trusted CA Certificates d In Apache/conf/iv_ssl_mapping.conf , uncomment the following line: #RewriteRule ^(.*)$ - [E=RedirectPort=444] Close all client connections Stop the McAfee Network Security Manager service Stop the McAfee Network Security Manager User Interface service Restart both the McAfee Network Security Manager service and the McAfee Network Security Manager User Interface service For details on how to close client connections, stop/ restart the Manager services etc., see Properly shutting down Network Security Manager services (on page 32) Logging onto the Manager using CAC authentication Insert a card into the card reader Start a fresh browser session for the Manager You are prompted to choose a CA certificate Select the certificate You are prompted to enter the PIN 41 McAfee® Network Security Platform 5.1 Authenticating Access to the Manager using CAC Enter the PIN A maximum of attempts is allowed while entering PIN, following which, the user will be locked out If the user name, certificate, and PIN match, you are directly given access to the Manager Home Page Troubleshooting Tips       If the card is not inserted in the card reader, the Manager will not be accessible in this setup When authenticating users through CAC, you not have to enter your Manager user name and password while logging on If you are locked out after entering invalid PIN, you can use the ActivClient CAC software to get a new PIN If you are unable to view the Manager Login page after CAC authentication has been enabled, it means that the CAC certificate was NOT signed by a trusted CA listed in the SSLCACertificateFile To remedy the problem, import the relevant CA into the SSLCACertificateFile trusted CA list You have imported the relevant CA into the SSLCACertificateFile trusted CA list, and yet you are unable to view the Manager Login page, then check whether a firewall is blocking your access to destination port 444 on the Manager server If you are able to view the Manager Login page but are unable to log onto the Manager, it means that the user name on the CAC card does not match the user name in the Manager database To remedy the problem, verify that the user name on the CAC card exactly matches the Manager user name 42 CHAPTER Uninstalling the Manager You uninstall McAfee® Network Security Manager (Manager) and McAfee® Network Security Central Manager (Central Manager) using the standard Windows Add/Remove Programs feature Uninstalling using Add/Remove Programs You must have Administrator privileges on your Windows server to uninstall Network Security Manager or Network Security Central Manager Follow the steps given below for uninstalling Central Manager and Manager ► To uninstall the Manager software: Note: McAfee recommends you stop the Manager service and applicable Java services before starting an uninstall If not, you will have to manually delete files from the Network Security Platform program folder Go to Start > Settings > Control Panel > Add/Remove Programs and select Network Security Platform Figure 28: Uninstalling the Manager 43 McAfee® Network Security Platform 5.1 Uninstalling the Manager Click Uninstall to start the uninstallation process After uninstallation, the message "All items were successfully uninstalled" message is displayed Figure 29: Uninstall Complete Note: Uninstallation of the Network Security Platform database (MySQL) is not part of this uninstallation Figure 30: Uninstall Complete 44 McAfee® Network Security Platform 5.1 Uninstalling the Manager Uninstalling via script You can also uninstall the Network Security Manager/Network Security Central Manager by executing a script from the Network Security Platform program folder ► To uninstall via script: Navigate to the directory containing the uninstallation script The default path is: