204 Network Intrusion Prevention Design Guide: Using IBM Security Network IPS
This policy is deployed to the Intranet group. All GX4004-v2 appliances will
inherit this setting.
The administrator for the cardio healthcare company creates a comprehensive
DLP policy that blocks any PII from being transmitted over the Internet
connections for the medical clinics. The IBM Security Network IPS is configured
to block DLP on all outbound connections.
As the administrator for the cardio healthcare company, configure the Data Loss
Prevention policy in the network by using the following steps:
1. From the policy repository, select and right-click the Data Loss Prevention
policy. Then select New Policy (Figure 6-20 on page 189).
2. On the Data Loss Prevention policy page, complete the following steps on the
Signatures tab (Figure 6-21):
a. Select the Content Analysis Enabled option.
b. In the Predefined Events table, select
3. Click the Edit icon.
4. Click the Add new row icon.
5. In the Protection Domain field, select XYZC-Production-CustDB. Then click
6. In the Edit Predefined Events dialog box, click OK.
7. Verify that the Content_Analzyer_Credit_Card_Num event is Enabled and is
assigned to the XYZC-Production-CustDB protection domain.
8. Repeat these steps for all other PII types.
The basic configuration of the GX4004 appliance in the medical centers is now
6.2.5 Registration with IBM Security SiteProtector
This section explains what you, as the administrator for the cardio healthcare
company, must do to register the appliances with the central IBM Security
SiteProtector management console. First you see how to access the LMIs on the
Chapter 6. Phase 1: Design and implementation of IBM Security Network IPS 205
Accessing the local management interface
Each IBM Security Network IPS appliance has a web-based LMI that is used to
configure individual appliance settings. To access the LMI, perform the following
1. From the desktop, open a web browser.
2. In the Address field, type the following address, which represents the IP
address of the appliance:
3. On the page that opens, complete the following actions:
a. In the User name field, type admin.
b. In the Password field, type the password for that particular appliance.
c. Click OK.
The cardio healthcare company manages individual appliances by using IBM
Security SiteProtector as the preferred solution for centralized administration of
Configuring client authentication on the Agent Manager
The Agent Manager facilitates command and control between the SiteProtector
console and the IBM Security Network IPS appliance. The appliance submits
heartbeats to the Agent Manager on a configurable schedule to obtain policy and
configuration changes. By default, communication between the appliance and
the Agent Manager is encrypted by using SSL. The administrator for the cardio
healthcare company creates a user account and password combination that is
shared with the IBM Security Network IPS agents and the Agent Managers.
LMI required: Some appliance settings, including the following settings, are
exclusive to the LMI:
Assign or revoke management of the appliance to SiteProtector
Use the appliance diagnostic tools
View and interact with appliance event logs
View the quarantine rules and intrusions
Manage and change the appliance passwords
Test appliance connectivity to SiteProtector
Manage network interfaces