Nortel 2070 Quick guide

Nortel TPS Remediation Module

for NVG—Installation and

Configuration

Nortel TPS Remediation Module for Nortel VPN

Gateway—Installation and Configuration

Release 4.7.0.2

Part No. NN47240-103

(324602-A)

This document is protected by copyright and distributed under licenses restricting its use, copying,

distribution, and decompilation. No part of this document may be reproduced in any form by any means

without prior written authorization of Nortel Networks, Inc. Documentation is provided “as is” without

warranty of any kind, either express or implied, including any kind of implied or express warranty of

infringement or the implied warranties of merchantability or fitness for a particular purpose.

U.S. Government End Users

This document is provided with a “commercial item” as defined by FAR 2.101 (Oct 1995) and contains

“commercial technical data” and “commercial software documentation” as those terms are used in FAR

12.211-12.212 (Oct 1995). Government End Users are authorized to use this documentation only in

accordance with those rights and restrictions set forth herein, consistent with FAR 12.211- 12.212 (Oct

1995), DFARS 227.7202 (Jun 1995) and DFARS 252.227-7015 (Nov 1995).

Nortel Networks, Inc. reserves the right to change any products described herein at any time, and without

notice. Nortel Networks, Inc. assumes no responsibility or liability arising from the use of products

described herein, except as expressly agreed to in writing by Nortel Networks, Inc. The use and purchase

of this product does not convey a license under any patent rights, trademark rights, or any other intellectual

property rights of Nortel Networks, Inc.

appearing in this manual are owned by their respective companies.

Export

This product, software and related technology is subject to U.S. export control and may be subject to

export or import regulations in other countries. Purchaser must strictly comply with all such laws and

regulations. A license to export or reexport may be required by the U.S. Department of Commerce.

840712031433

NORTEL TPS REMEDIATION MODULE FOR NVG—INSTALLATION AND CONFIGURATION RELEASE 4.7.0.2 PAGE 3

TABLE OF CONTENTS

Chapter 1: Overview ........................................................................ 4

TPS and the Remediation Module............................................................ 4

Defense Center............................................................................. 5

3D Sensor..................................................................................... 5

TPS Remediation Module for NVG........................................................... 5

Overall function............................................................................. 6

Interface between the DC and Perl script..................................... 7

Perl script functionality.................................................................. 7

Chapter 2: Installation ..................................................................... 8

Installing the remediation module............................................................. 9

Chapter 3: Configuration................................................................ 11

NVG configuration for TPS remediation.................................................. 11

Defense Center and 3D Sensor configuration........................................ 12

Creating remediations for the Defense Center and 3D Sensors 13

Instances on the Defense Center and 3D Sensors .................... 13

....................................................Kick the Client–IP remediation 14

......................................Adding a Kick the Client-IP remediation 14

Delete session remediation ........................................................ 14

Adding a delete session remediation.......................................... 14

Appendix A: Configuration Examples............................................. 16

................................NVG TPS module configuration with NVG-TPS 1.4 16

NORTEL TPS REMEDIATION MODULE FOR NVG—INSTALLATION AND CONFIGURATION RELEASE 4.7.0.2 PAGE 4

CHAPTER 1

OVERVIEW

This chapter describes the Nortel Threat Protection System (TPS) Remediation

Module for Nortel VPN Gateway (NVG) and the products in the Nortel TPS that

use it.

TPS and the Remediation Module

The Nortel TPS is a fully integrated security monitoring system that identifies

network threats, network assets, and known vulnerabilities in those assets.

IMPORTANT! Beginning with Release 4.7 software, 3D Sensors refer to both

Intrusion Sensors and RTI Sensors. A 3D Sensor is able to have Intrusion

Sensing (IPS/IDS) and/or RTI capabilities.

The TPS Remediation Module for Nortel VPN Gateway (NVG) is an interface

module supported on the TPS Defense Center and TPS 3D Sensors. It is

available through the Policy and Response feature.

The Policy and Response feature can be used to build compliance policies.

Compliance policies describe the type of activity that constitutes a policy violation.

The TPS Remediation Module for NVG allows creation and uploading of custom

remediation modules to respond to policy violations.

When a rule within a compliance policy is violated, the Defense Center or 3D

Sensor can launch remediations, such as blocking a host at the firewall or router

when it violates a policy, or send any combination of the following responses: e-

mail alerts, SNMP alerts, or syslog alerts.

NORTEL TPS REMEDIATION MODULE FOR NVG—INSTALLATION AND CONFIGURATION RELEASE 4.7.0.2 PAGE 5

Chapter 1: Overview

TPS Remediation Module for NVG

Defense Center

The Nortel TPS 2070 DC, the Defense Center, is the central management point of

the TPS. The Defense Center provides management of 3D Sensors remotely and

also allows the following:

•reviewing and evaluating of the data from the sensors

•configuring of settings on the sensors

•distributing of software and rules updates to the sensors

•responding to policy violations by launching remediations

3D Sensor

Nortel Real-time Threat Intelligence Sensors provide understanding of network

topology in the following ways by:

•providing an up-to-the-minute mapping of network infrastructure

•generating events when changes are observed

•responding to suspicious activity by sending alerts and launching

remediations

3D Sensors passively discover network hosts by continuously monitoring network

traffic to identify the operating system, protocols, and services running on each

host on the network. The process of continuous network discovery maps each

monitored network segment without interacting with any hosts. Information

gathered by 3D Sensors is provided in a network map and table views.

TPS Remediation Module for NVG

The Nortel TPS Remediation Module for NVG is an interface software module

included on the Defense Center and 3D Sensors to communicate with the NVG. It

is the interface between the TPS System and the NVG.

Administrators can configure responses, in the form of remediations, on the

Defense Center and on the 3D Sensor.

Remediations are programs that the Defense Center or 3DSensor run when a

compliance policy is violated. Remediations use information provided in the event

that triggered the violation to perform a specific action.The Policy and Response

Remediation feature can be configured by administrators to pass specific event

information to the NVG.

When creating each instance, specify the configuration information necessary for

the Defense Center to establish a connection with the NVG.

For each configured instance, add remediations that describe the actions required

for the appliance to perform when a policy is violated.

After they are configured, remediations can be added to response groups or

assigned specifically to rules within compliance policies.

NORTEL TPS REMEDIATION MODULE FOR NVG—INSTALLATION AND CONFIGURATION RELEASE 4.7.0.2 PAGE 6

Chapter 1: Overview

TPS Remediation Module for NVG

When the system executes these remediations, it logs events to the remediation

event view and provides details about the remediation name, the policy and rule

that triggered it, and the exit status message. The following figure describes the

model setup for TPS Remediation module for NVG.

Figure 1: Model setup for TPS Remediation module for NVG

Overall function

Whenever a Netdirect client connected to NVG server creates unwanted traffic to

the back end (clean side), TPS initiates to kick out (forcefully logout) the user. To

log out the user from the session, there is a "kick" command available in the NVG

CLI.

The kick command requires the following two inputs:

•vpnid

•username

The Perl script installed in the DC opens a CLI session in NVG and executes the

kick command. Since DC is connected to Mapped IP (MIP), the perl script can

establish a telnet or SSH connection to the NVG. The choice of session—telnet or

SSH can be configured while installing the perl script in the DC.

If any unwanted traffic, according to the compliance policy, is sensed by the 3D

sensor, then 3D sends the tunnel IP to DC. DC in turn triggers the perl script for

kicking the tunnel IP. Whenever the policy non-compliance occurs, either tunnel IP

or local IP, the script is triggered.

NORTEL TPS REMEDIATION MODULE FOR NVG—INSTALLATION AND CONFIGURATION RELEASE 4.7.0.2 PAGE 7

Chapter 1: Overview

TPS Remediation Module for NVG

Snooze time is the time interval between two consecutive executions of perl

script. This can be configured in DC.

Interface between the DC and Perl script

The DC creates a file named as instance.conf before executing the script that

includes the following:

•NVG MIP

•login name

•password

•communicating protocol information

The XML parser file module.template is used to get the preceding information

from the file instance.conf and store that into variables. These variables can be

used by the perl script by including the module.template file.

Perl script functionality

This script uses Perl-Expect module for establishing the telnet or SSH connection

to the NVG. Using the information given by the module.template script to

establish a connection with the NVG. Provide the login name and the password.

The vpnid and username for the corresponding Netdirect client receives the /info/

users command. Use this information to execute the kick command. View the log

messages according to the action performed by the script at the /tmp directory in

the DC.

NORTEL TPS REMEDIATION MODULE FOR NVG—INSTALLATION AND CONFIGURATION RELEASE 4.7.0.2 PAGE 8

CHAPTER 2

INSTALLATION

This chapter describes the Nortel TPS Remediation Module for NVG remediation

file installation process for the Nortel TPS 2070 DC (Defense Center) and the

Nortel 3D sensors.

The Nortel TPS Remediation Modules for NVG are available for download at

www.nortel.com/support.

Use the following procedure to locate the files on the Nortel Technical Support

page.

1. In your Web browser, navigate to the Nortel Support Web site:

www.nortel.com/support

2. Navigate to the software downloads Web page for the Threat Protection

System 2070 Defense Center.

3. Locate the script file that supports NVG: nvg_tps-1.4.tgz.

4. Follow the instructions on the software downloads Web page to download the

selected file.

Use the following procedure to install the TPS Remediation module for the NVG.

1. Get the latest Release of the TPS remediation module, for example:

nvg_tps-1.4.tgz

from the Nortel Technical Support using the preceding instructions.

2. Check the compatibility of the module with the NVG.

3. Install the file as mentioned in the section “Installing the remediation module”.

NORTEL TPS REMEDIATION MODULE FOR NVG—INSTALLATION AND CONFIGURATION RELEASE 4.7.0.2 PAGE 9

Chapter 2: Installation

Installing the remediation module

Use the following procedure to install a Nortel TPS Remediation Module for

Application Switch on a Defense Center or RTI Sensor.

1. From the TPS GUI main page for the appliance, open the Policy and

Response page.

2. Select Responses.

3. Select Remediations.

4. Select Modules. The remediation module list page for the Defense Center

appears as shown in the following figure:

5. Click Browse to navigate to the location where you saved the file containing

the remediation module.

6. Click Install. The remediation module installation begins. The following figure

describes the module list page after the NVG TPS module is installed.

NORTEL TPS REMEDIATION MODULE FOR NVG—INSTALLATION AND CONFIGURATION RELEASE 4.7.0.2 PAGE 10

Chapter 2: Installation

Installing the remediation module

Figure 2: Module List page after the NVG TPS module installed

NORTEL TPS REMEDIATION MODULE FOR NVG—INSTALLATION AND CONFIGURATION RELEASE 4.7.0.2 PAGE 11

CHAPTER 3

CONFIGURATION

This chapter describes configuration of the Nortel TPS Remediation Module for

the Nortel VPN Gateway (NVG).

NVG configuration for TPS remediation

Configuration on the NVG is done through the command line interface (CLI)

allowing the interaction with the TPS remediation module to occur. TPS can be

configured to use either telnet or secure shell (SSH) to communicate with the

NVG.

If telnet is used as the communication protocol, run the following CLI commands

for NVG Configuration.

1. Enable the Telnet option in the NVG CLI (see Figure 3)

2. At the main command line prompt, enter the following command:

/cfg/sys/adm/telnet on

3. At the administrative applications prompt, enter the following command:

apply

The system responds with the message Changes applied successfully.

4. The control then returns to the administrative applications prompt.

If SSH is used as the communication protocol, run the following CLI commands

for NVG Configuration.

1. Enable the SSH option in the NVG CLI.

2. At the main command line prompt, enter the following command:

/cfg/sys/adm/ssh on

NORTEL TPS REMEDIATION MODULE FOR NVG—INSTALLATION AND CONFIGURATION RELEASE 4.7.0.2 PAGE 12

Chapter 3: Configuration

Defense Center and 3D Sensor configuration

3. At the administrative applications prompt, enter the following command:

apply

The system responds with the message Changes applied successfully.

4. The control then returns to the administrative applications prompt.

IMPORTANT! The NVG TPS module WILL NOT fire if the Telnet/SSH option is

not enabled in the NVG CLI.

Figure 3: NVG CLI Configurations

Defense Center and 3D Sensor configuration

Nortel provides the following remediation module for the Nortel VPN Gateway

(NVG):

While configuring the remediations for the TPS NVG module, do not provide any

specific IP entries to the remediation. This is because the DC and 3D sensor

policy detects the policy-violating Client's IP address and this IP is passed onto

the TPS module. The TPS module logs into the NVG and "Kicks-Out" the IP if the

IP has a valid Netdirect session in NVG.

NORTEL TPS REMEDIATION MODULE FOR NVG—INSTALLATION AND CONFIGURATION RELEASE 4.7.0.2 PAGE 13

Chapter 3: Configuration

Defense Center and 3D Sensor configuration

The NVG can have a Client machine without Netdirect features (Clientless and

Enhanced clientless). If a policy-violating IP traffic situation occurs from this IP, the

TPS module will not kick out the machine even if the NVG has a session

corresponding to this IP in its session table.

Creating remediations for the Defense Center and 3D Sensors

Use the following procedure to create remediations for the Defense Center and

the 3D sensors.

•On the DC, add a remediation instance for each NVG used with the DC.

•Create specific remediations for each instance, based on the type of

response required on the NVG when compliance policies are violated.

•Once remediations have been created, assign them to specific compliance

policy rules.

Instances on the Defense Center and 3D Sensors

After installing NVG-TPS Module in the DC, add an instance.

If there are multiple NVGs requiring remediations, a separate instance must be

created for each NVG.

Adding a NVG instance

Use the following procedure to add an NVG instance:

1. From the TPS main page, open the Policy & Response menu.

2. Select Response.

3. Select Remediations.

4. Select Instances. The Remediation Instance List page appears.

5. Click Add. The Edit Remediation Instance page appears.

6. Enter a name for the instance in the Instance Name field.

TIP: The name should contain no spaces or special characters and should be

descriptive.

7. Enter the description in the Description field (optional).

8. Enter the NVG Management IP address of the NVG used for the remediation

in the NVG Mapped IP (MIP) field.

9. Enter the administrator username for the NVG in the Username field.

10. Enter the administrator password in the Password entry field and retype to

confirm the password.

TIP: The password entered in both fields must match.

11. Enter the default time out value in seconds for establishing a connection to

the NVG MIP. The default value is 10seconds

NORTEL TPS REMEDIATION MODULE FOR NVG—INSTALLATION AND CONFIGURATION RELEASE 4.7.0.2 PAGE 14

Chapter 3: Configuration

Defense Center and 3D Sensor configuration

12. Click Create. The instance is created and remediations appear in the

Configured Remediations section of the page.

Kick the Client–IP remediation

A Kick IP remediation kicks a Client–IP address from NVG, if any traffic sent to the

destination host that is included in the compliance policy violation event.

Adding a Kick the Client-IP remediation

Use the following procedure to add a kick the client–IP remediation.

1. From the TPS main page, open the Policy & Response menu.

2. Select Responses.

3. Select Remediations.

4. Select Instances.

5. Select an instance from the Configured Instances list.

6. To view the selected instance, under Actions, click View. The Edit

Remediation Instance page appears.

7. In the Configured Remediations section of the page, select click the client IP

in the Add a new remediation of type box.

8. In the Add a New Instance section, click Add. The Edit instance page

appears.

9. Type a name for the remediation in the Remediation Name field. Optionally,

enter a description of the remediation in the Description field.

10. Click Done to return to the Edit Remediation Instance page

11. Click Create. The remediation is created.

12. Click Save. The remediation is saved.

13. Click Done to return to the Edit Remediation Instance page.

Delete session remediation

A delete session remediation issues an operations delete session table entry on

the NVG to delete the existing session. The deletion is based on the combination

of protocol, source IP, source port, destination IP, and destination port parameters

listed in the compliance policy violation event.

Adding a delete session remediation

Use the following procedure to add a delete session remediation.

1. From the TPS main page, open the Policy & Response menu.

2. Select Responses.

NORTEL TPS REMEDIATION MODULE FOR NVG—INSTALLATION AND CONFIGURATION RELEASE 4.7.0.2 PAGE 15

Chapter 3: Configuration

Defense Center and 3D Sensor configuration

3. Select Remediations.

4. Select Instances. The Remediation Instance List page appears.

5. Select an instance from the Configured Instances list.

6. To view the selected instance, under Actions, click View. The Edit

Remediation Instance page appears.

7. In the Configured Remediations section of the page, select Delete Session in

the Add a new remediation of type box.

8. In the Add a New Instance section, click Add. The Edit Remediation page

appears.

9. Type a name for the remediation in the Remediation Name field.

As an option, enter a description of the remediation in the Description field.

10. Click Create. The remediation is created.

11. Click Save. The remediation is saved.

12. Click Done to return to the Edit Remediation Instance page.

NORTEL TPS REMEDIATION MODULE FOR NVG—INSTALLATION AND CONFIGURATION RELEASE 4.7.0.2 PAGE 16

APPENDIX A

CONFIGURATION EXAMPLES

This appendix provides an example of configuration for the Nortel TPS

remediation Module for Nortel VPN Gateway (NVG).

NVG TPS module configuration with NVG-TPS 1.4

The following section describes a configuration example on a Defense Center for

remediation module NVG-TPS 1.4

After installation is complete, use the following procedure to add a Nortel VPN

Gateway (NVG) instance to kick a Client IP if a non-compliant traffic is generated.

1. Open the Policy & Response page.

2. Select Responses.

3. Select Remediations.

4. The Remediation list page appears as shown in the following figure.

NORTEL TPS REMEDIATION MODULE FOR NVG—INSTALLATION AND CONFIGURATION RELEASE 4.7.0.2 PAGE 17

Appendix A: Configuration Examples

NVG TPS module configuration with NVG-TPS 1.4

Figure 4: Remediation List Page

5. Select view NVG Remediation from the Actions list as shown in the

following figure:

Figure 5: NVG TPS Module Details

NORTEL TPS REMEDIATION MODULE FOR NVG—INSTALLATION AND CONFIGURATION RELEASE 4.7.0.2 PAGE 18

Appendix A: Configuration Examples

NVG TPS module configuration with NVG-TPS 1.4

6. Click Add. The Edit Instances page appears as shown in the following figure.

Figure 6: Edit Instances Page

7. In the Instance Name entry field, enter the name of the instance to add.

8. In the NVG MIP field, enter the IP address of the NVG Management IP.

9. In the Username field, enter the username for the NVG CLI login.

10. In the Password field, enter the user’s password.

11. Enter the password again in the Retype to confirm field.

12. Enter the required Timeout value for establishing the connection. View a

sample filled Instances page as shown in the following figure:

NORTEL TPS REMEDIATION MODULE FOR NVG—INSTALLATION AND CONFIGURATION RELEASE 4.7.0.2 PAGE 19

Appendix A: Configuration Examples

NVG TPS module configuration with NVG-TPS 1.4

Figure 7: Sample of Filling Up Instances Page

13. Click Create. The Edit Instances/Configured Remediations page appears as

shown in the figure below:

NORTEL TPS REMEDIATION MODULE FOR NVG—INSTALLATION AND CONFIGURATION RELEASE 4.7.0.2 PAGE 20

Appendix A: Configuration Examples

NVG TPS module configuration with NVG-TPS 1.4

Figure 8: Creating an Instance—NVG Remediation

14. From the Add a new remediation of type list, select Kick the Client IP.

15. Click Add. The Edit Remediation Page appears as shown in the following

figure. In the Remediation Name field, type the remediation name, for

example: NVG_remediation.

Other manuals for 2070

Table of contents

Other Nortel Software manuals

Nortel

Nortel Quality Monitoring Instruction Manual

Nortel

Nortel Archive User manual

Nortel

Nortel Viewer User manual

Nortel

Nortel Voice Mail Quick start guide

Nortel

Nortel Application Server 53r 53 User manual

Nortel

Nortel BCM 4.0 User manual

Nortel

Nortel Express Call Center User manual

Nortel

Nortel TAPI User manual

Nortel

Nortel CTI ToolKit User manual

Nortel

Nortel Observe User manual

Nortel

Nortel ALTEON OS BMD00009 User manual

Nortel

Nortel Contact Recording User manual

Nortel

Nortel VPN Client Instruction Manual

Nortel

Nortel BCM200/400 User manual

Nortel

Nortel ALTEON OS BMD00007 Installation manual

Nortel

Nortel 2350 Instruction sheet

Nortel

Nortel Agent Manual

Nortel

Nortel Attendant PC User manual

Nortel

Nortel Host Tools Owner's manual

Nortel

Nortel Configuration Manager Quick guide

Nortel

Nortel NN42030-110 User manual

Nortel

Nortel 5100 Series Release 2.3.3 User manual

Nortel

Nortel 1000 Con?guration guide Operating and maintenance instructions

Nortel

Nortel Passport 4400 Guide

Popular Software manuals by other brands

ADC

ADC AVIDIA SWD4573I1 user manual

Hitachi

Hitachi HPE XP P9500 user guide

Pioneer

Pioneer CNDV-800HD Upgrade instructions and operation manual addendum

Macgo

Macgo Mac Blu-ray Player user guide

Alcatel-Lucent

Alcatel-Lucent CAR2888080520 brochure

Compuprint

Compuprint 4247 Serial Management guide

Sony

Sony MEX-1HD - Audio Library System operating instructions

Apricorn

Apricorn EZ Gig IV user guide

Canon

Canon Elura 60 - Elura 60 MiniDV Camcorder instruction manual

Telex

Telex Azedit Software guide

Hasselblad

Hasselblad FLEXCOLOR V4.5 - Software guide

FARONICS

FARONICS DEEP FREEZE - datasheet

Novell

Novell EDIRECTORY 8.8 SP2 manual

HP NC320m - PCI Express Gigabit Server Adapter user guide

Brady

Brady BMP 41 user manual

Epson

Epson PowerLite 1760W Operation guide

Fostex

Fostex VF-160 Supplement owner's manual

Snom

Snom phones Frequently asked questions