204 Network Intrusion Prevention Design Guide: Using IBM Security Network IPS
This policy is deployed to the Intranet group. All GX4004-v2 appliances will
inherit this setting.
DLP policy
The administrator for the cardio healthcare company creates a comprehensive
DLP policy that blocks any PII from being transmitted over the Internet
connections for the medical clinics. The IBM Security Network IPS is configured
to block DLP on all outbound connections.
As the administrator for the cardio healthcare company, configure the Data Loss
Prevention policy in the network by using the following steps:
1. From the policy repository, select and right-click the Data Loss Prevention
policy. Then select New Policy (Figure 6-20 on page 189).
2. On the Data Loss Prevention policy page, complete the following steps on the
Signatures tab (Figure 6-21):
a. Select the Content Analysis Enabled option.
b. In the Predefined Events table, select
Content_Analyzer_Credit_Card_Num.
3. Click the Edit icon.
4. Click the Add new row icon.
5. In the Protection Domain field, select XYZC-Production-CustDB. Then click
OK.
6. In the Edit Predefined Events dialog box, click OK.
7. Verify that the Content_Analzyer_Credit_Card_Num event is Enabled and is
assigned to the XYZC-Production-CustDB protection domain.
8. Repeat these steps for all other PII types.
The basic configuration of the GX4004 appliance in the medical centers is now
completed.
6.2.5 Registration with IBM Security SiteProtector
This section explains what you, as the administrator for the cardio healthcare
company, must do to register the appliances with the central IBM Security
SiteProtector management console. First you see how to access the LMIs on the
individual appliances.
Chapter 6. Phase 1: Design and implementation of IBM Security Network IPS 205
Accessing the local management interface
Each IBM Security Network IPS appliance has a web-based LMI that is used to
configure individual appliance settings. To access the LMI, perform the following
steps:
1. From the desktop, open a web browser.
2. In the Address field, type the following address, which represents the IP
address of the appliance:
https://IP_ADDRESS
3. On the page that opens, complete the following actions:
a. In the User name field, type admin.
b. In the Password field, type the password for that particular appliance.
c. Click OK.
The cardio healthcare company manages individual appliances by using IBM
Security SiteProtector as the preferred solution for centralized administration of
multiple appliances.
Configuring client authentication on the Agent Manager
The Agent Manager facilitates command and control between the SiteProtector
console and the IBM Security Network IPS appliance. The appliance submits
heartbeats to the Agent Manager on a configurable schedule to obtain policy and
configuration changes. By default, communication between the appliance and
the Agent Manager is encrypted by using SSL. The administrator for the cardio
healthcare company creates a user account and password combination that is
shared with the IBM Security Network IPS agents and the Agent Managers.
LMI required: Some appliance settings, including the following settings, are
exclusive to the LMI:
򐂰 Assign or revoke management of the appliance to SiteProtector
򐂰 Use the appliance diagnostic tools
򐂰 View and interact with appliance event logs
򐂰 View the quarantine rules and intrusions
򐂰 Manage and change the appliance passwords
򐂰 Test appliance connectivity to SiteProtector
򐂰 Manage network interfaces

Get Network Intrusion Prevention Design Guide: Using IBM Security Network IPS now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.