Source fire 500 User manual
3D Sensor
Installation Guide
Version 4.10.3
Terms of Use Applicable to the User Documentation
The legal notices, disclaimers, terms of use, and other information contained herein (the “terms”) apply only to
the information discussed in this documentation (the “Documentation”) and your use of it. These terms do not
apply to or govern the use of websites controlled by Sourcefire, Inc. or its subsidiaries (collectively,
“Sourcefire“) or any Sourcefire-provided products. Sourcefire products are available for purchase and subject
to a separate license agreement and/or terms of use containing very different terms and conditions.
Terms of Use and Copyright and Trademark Notices
The copyright in the Documentation is owned by Sourcefire and is protected by copyright and other intellectual
property laws of the United States and other countries. You may use, print out, save on a retrieval system, and
otherwise copy and distribute the Documentation solely for non-commercial use, provided that you (i) do not
modify the Documentation in any way and (ii) always include Sourcefire's copyright, trademark, and other
proprietary notices, as well as a link to, or print out of, the full contents of this page and its terms.
No part of the Documentation may be used in a compilation or otherwise incorporated into another work or with
or into any other documentation or user manuals, or be used to create derivative works, without the express
prior written permission of Sourcefire. Sourcefire reserves the right to change the terms at any time, and your
continued use of the Documentation shall be deemed an acceptance of those terms.
SOURCEFIRE®, SNORT®, CLAMAV®, SOURCEFIRE DEFENSE CENTER®, SOURCEFIRE 3D®, RNA®, RUA®,
SECURITY FOR THE REAL WORLD®, the Sourcefire logo, the Snort and Pig logo, the ClamAV logo, Sourcefire
IPS, RAZORBACK, Sourcefire Master Defense Center, DAEMONLOGGER, and certain other trademarks and
logos are trademarks or registered trademarks of Sourcefire, Inc. in the United States and other countries. Other
company, product and service names may be trademarks or service marks of others.
© 2004 - 2013 Cisco and/or its affiliates. All rights reserved.
Disclaimers
THE DOCUMENTATION AND ANY INFORMATION AVAILABLE FROM IT MAY INCLUDE INACCURACIES OR
TYPOGRAPHICAL ERRORS. SOURCEFIRE MAY CHANGE THE DOCUMENTATION FROM TIME TO TIME.
SOURCEFIRE MAKES NO REPRESENTATIONS OR WARRANTIES ABOUT THE ACCURACY OR SUITABILITY OF
ANY SOURCEFIRE-CONTROLLED WEBSITE, THE DOCUMENTATION AND/OR ANY PRODUCT INFORMATION.
SOURCEFIRE-CONTROLLED WEBSITES, THE DOCUMENTATION AND ALL PRODUCT INFORMATION ARE
PROVIDED “AS IS” AND SOURCEFIRE DISCLAIMS ANY AND ALL EXPRESS AND IMPLIED WARRANTIES,
INCLUDING BUT NOT LIMITED TO WARRANTIES OF TITLE AND THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL SOURCEFIRE BE
LIABLE TO YOU FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE, OR
CONSEQUENTIAL DAMAGES (INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES, LOSS OF DATA, LOSS OF PROFITS, AND/OR BUSINESS INTERRUPTIONS), ARISING OUT OF OR IN
ANY WAY RELATED TO SOURCEFIRE-CONTROLLED WEBSITES OR THE DOCUMENTATION, NO MATTER HOW
CAUSED AND/OR WHETHER BASED ON CONTRACT, STRICT LIABILITY, NEGLIGENCE OR OTHER TORTUOUS
ACTIVITY, OR ANY OTHER THEORY OF LIABILITY, EVEN IF SOURCEFIRE IS ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES. BECAUSE SOME STATES/JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION
OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, THE ABOVE LIMITATIONS MAY NOT APPLY TO
YOU.
The Documentation may contain “links” to websites that are not created by, or under the control of Sourcefire.
Sourcefire provides such links solely for your convenience, and assumes no responsibility for the availability or
content of such other sites.
2014-Jan-15 12:06
Version 4.10.3 Sourcefire 3D Sensor Installation Guide 3
Table of Contents
Chapter 1: Before You Begin......................................................................... 7
IPS Installation Considerations ............................................................................. 8
RNA Installation Considerations ........................................................................... 9
RUA Installation Considerations ......................................................................... 10
Typical 3D Sensor Deployments ......................................................................... 11
Deploying a Multi-Port 3D Sensor.......................................................... 15
Other Deployment Options ................................................................................ 18
Integrating with VPNs............................................................................ 18
Detecting Intrusions on Other Points of Entry....................................... 18
Deploying in Multi-Site Environments.................................................... 20
Integrating 3D Sensors with RNA within Complex Networks ............... 21
Understanding Detection Engines and Interface Sets........................................ 22
Understanding Detection Resources and 3D Sensor Models ............... 23
Comparing Inline and Passive Interface Sets......................................... 25
Connecting Sensors to Your Network................................................................. 25
Using a Hub ........................................................................................... 26
Using a Span Port .................................................................................. 26
Using a Network Tap.............................................................................. 26
Issues for Copper Cabling in Inline Deployments .................................. 27
Special Case: Connecting 8000 Series Devices .................................... 29
Using a Sourcefire Defense Center .................................................................... 29
Communication Ports ......................................................................................... 31
Version 4.10.3 Sourcefire 3D Sensor Installation Guide 4
Table of Contents
Chapter 2: Installing a 3D Sensor .............................................................. 33
Included Items .................................................................................................... 34
Security Considerations...................................................................................... 34
Identifying the Management and Sensing Interfaces......................................... 35
Sourcefire 3D Sensor 500/1000/2000 ................................................... 35
Sourcefire 3D Sensor 2100/2500/3500/4500......................................... 36
Sourcefire 3D Sensor 6500.................................................................... 38
Sourcefire 3D Sensor 7010/7020/7030 .................................................. 42
Sourcefire 3D Sensor 7110/7120 ........................................................... 42
Sourcefire 3D Sensor 8120/8130/8140 .................................................. 45
Sourcefire 3D Sensor 8250/8260/8270/8290......................................... 48
Sourcefire 3D Sensor 9900.................................................................... 53
Using 3D Sensors in a Stacked Configuration .................................................... 55
Connecting 3D9900 Sensors ................................................................. 56
Connecting 3D8140 Sensors ................................................................. 58
Connecting 3D8250/8260/8270/8290 Sensors ...................................... 58
Using the 8000 Series Stacking Cable................................................... 62
Installing the 3D Sensor in a Rack ...................................................................... 62
Configuring the Management Interface.............................................................. 64
Using the Management Interface.......................................................... 65
Using a Monitor and Keyboard............................................................... 66
Using the LCD Panel.............................................................................. 68
Using the Command Line Interface....................................................... 71
Performing the Initial Setup ................................................................................ 72
Redirecting Console Output ............................................................................... 75
Testing an Inline Fail-Open Interface Installation ................................................ 76
Checking for Updates ......................................................................................... 78
Chapter 3: Using the LCD Panel ................................................................. 79
Understanding the LCD Panel ............................................................................ 80
Understanding LCD Panel Modes ...................................................................... 80
Initial Setup/Network Configuration ....................................................... 81
Idle Display ............................................................................................ 82
Error Alert .............................................................................................. 83
System Status........................................................................................ 83
Using the Multi-Function Keys ............................................................................ 85
Resetting the Network Configuration ................................................................. 87
Adjusting the Brightness and Contrast on the LCD Panel .................................. 88
Version 4.10.3 Sourcefire 3D Sensor Installation Guide 5
Table of Contents
Chapter 4: Hardware Specifications......................................................... 89
Rack and Cabinet Mounting Options .................................................................. 89
Sourcefire 3D Sensor 500/1000/2000 Specifications ......................................... 90
Chassis Front View ................................................................................ 90
Chassis Rear View ................................................................................. 92
Physical and Environmental Parameters................................................ 93
Sourcefire 3D Sensor 2100/2500/3500/4500 Specifications .............................. 94
Chassis Front View ................................................................................ 94
Chassis Rear View ............................................................................... 100
Physical and Environmental Parameters.............................................. 102
Sourcefire 3D Sensor 6500 Specifications ....................................................... 103
Chassis Front View .............................................................................. 103
Chassis Rear View ............................................................................... 109
Physical and Environmental Parameters............................................... 111
Sourcefire 3D Sensor 7010/7020/7030 Specifications ...................................... 112
Chassis Front View .............................................................................. 113
Chassis Rear View ............................................................................... 118
Physical and Environmental Parameters.............................................. 119
Sourcefire 3D Sensor 7110/7120 Specifications ............................................... 120
Chassis Front View .............................................................................. 120
Chassis Rear View ............................................................................... 126
Physical and Environmental Parameters.............................................. 128
Sourcefire 3D Sensor 8120/8130/8140 Specifications ...................................... 130
Chassis Front View .............................................................................. 130
Chassis Rear View ............................................................................... 138
Physical and Environmental Parameters.............................................. 140
Sourcefire 3D Sensor 8250/8260/8270/8290 Specifications ............................ 142
Chassis Front View .............................................................................. 143
Chassis Rear View ............................................................................... 152
Physical and Environmental Parameters.............................................. 154
Sourcefire 3D Sensor 9900 Specifications ....................................................... 156
Chassis Front View .............................................................................. 156
Chassis Rear View ............................................................................... 162
Physical and Environmental Parameters.............................................. 165
Chapter 5: Restoring a 3D Sensor to Factory Defaults......................... 166
Using an ISO File to Restore Your System ....................................................... 167
Obtaining the Restore ISO File ............................................................ 168
Using a Restore USB Drive.................................................................. 168
Using an Internal Flash Drive ............................................................... 170
Completing the Restore Process ......................................................... 171
Updating the Restore USB Drive ...................................................................... 175
Scrubbing the Contents of the Hard Drive........................................................ 176
Version 4.10.3 Sourcefire 3D Sensor Installation Guide 6
Table of Contents
Chapter 6: Safety and Regulatory Information ...................................... 177
General Safety Guidelines ................................................................................ 177
Safety Warning Statements.............................................................................. 179
Regulatory Information ..................................................................................... 182
Sourcefire 3D Sensor 500/1000/2000 Information .............................. 183
Sourcefire 3D Sensor 2100/2500/3500/4500 Information ................... 184
Sourcefire 3D Sensor 6500/9900 Information ..................................... 185
Sourcefire 3D Sensor 7000 Series Information ................................... 186
Sourcefire 3D Sensor 8000 Series Information ................................... 189
Waste Electrical and Electronic Equipment Directive (WEEE).......................... 193
Chapter 7: Power Requirements for Sourcefire 3D Sensors............... 194
Warnings and Cautions..................................................................................... 194
Interface Connections.......................................................................... 194
Static Control ....................................................................................... 195
3D7010/7020/7030............................................................................................ 195
Installation ........................................................................................... 195
Grounding/Earthing Requirements ..................................................... 196
3D7110/7120 ..................................................................................................... 197
Installation ........................................................................................... 197
Grounding/Earthing Requirements ..................................................... 198
3D8120/8130/8140 and 3D8250/8260/8270/8290 ............................................ 199
AC Installation ..................................................................................... 199
DC Installation...................................................................................... 201
Grounding/Earthing Requirements ..................................................... 202
For Assistance .................................................................................................. 204
Version 4.10.3 Sourcefire 3D Sensor Installation Guide 7
Chapter 1
Before You Begin
This guide describes how to install and set up the Sourcefire 3D Sensor.
Depending on which Sourcefire 3D System products you have licensed, a
Sourcefire 3D Sensor can include:
•IPS, the intrusion detection and prevention component
•RNA, the Real-time Network Awareness component
•RUA, the Real-time User Awareness component
•any two components, or all three
Each of the components is described in detail in the Sourcefire 3D System User
Guide. You can install a 3D Sensor with the IPS component as a standalone
appliance, but if you want to use RNA or RUA, you must use the 3D Sensor with
a Defense Center. Note that some models of the 3D Sensor do not support every
combination of components. See Understanding Detection Resources and
3D Sensor Models on page 23 for more information.
Before you install a Sourcefire 3D Sensor, you should consider how your network
is configured and how you want to deploy the various components of the
Sourcefire 3D System within it.
Version 4.10.3 Sourcefire 3D Sensor Installation Guide 8
Before You Begin
IPS Installation Considerations Chapter 1
This chapter describes some of the considerations for deploying a 3D Sensor,
including:
•the concept of the detection engine and the modes in which you can deploy
detection engines on the 3D Sensor: passive or inline
•your goals in deploying sensors that use RNA to perform network discovery
and vulnerability assessment, as well as your goals in deploying sensors
that use IPS to detect and prevent attacks on your network assets
•deployment issues, such as which network segments you want to monitor
with your 3D Sensors, and why
•how you will physically connect the sensors to your network, taking into
account any special network configuration factors, such as firewall
placement, VPN deployments
•whether you will use a Sourcefire Defense Center to aggregate and
correlate RNA and intrusion events
See the following sections for more information:
•IPS Installation Considerations on page 8
•RNA Installation Considerations on page 9
•RUA Installation Considerations on page 10
•Typical 3D Sensor Deployments on page 11
•Other Deployment Options on page 18
•Understanding Detection Engines and Interface Sets on page 22
•Connecting Sensors to Your Network on page 25
•Using a Sourcefire Defense Center on page 29
IPS Installation Considerations
IPS is the intrusion prevention and detection component of the Sourcefire 3D
System. Before you install a 3D Sensor with IPS, you should consider how your
network is configured and how you want to deploy the various components of the
Sourcefire 3D System within it.
Every network architecture is different, and every enterprise has different security
needs. This section lists some of the factors you should consider as you
formulate your deployment plans and includes a description of how the Sourcefire
3D System can help you meet common network security goals.
Version 4.10.3 Sourcefire 3D Sensor Installation Guide 9
Before You Begin
RNA Installation Considerations Chapter 1
Your deployment decisions for 3D Sensors with IPS will be based on a variety of
factors. Answering these questions can help you understand the vulnerable areas
of your network and clarify your intrusion detection and prevention needs:
•Will you be deploying your 3D Sensor with passive or inline interface sets?
Does your 3D Sensor support multiple detection engines with a mix of
interface sets, some passive and others inline? See Understanding
Detection Engines and Interface Sets on page 22 for more information
about detection engines and interface sets and how they influence your
sensor deployment.
•How will you connect the 3D Sensors to the network? Hubs? Taps?
Spanning ports on switches? See Connecting Sensors to Your Network on
page 25 for more information about methods for connecting the sensing
interfaces on your sensor to your network.
•Do you want to detect every attack on your network, or do you only want to
know about attacks that penetrate your firewall? Do you have specific
assets on your network such as financial, accounting, or personnel records,
production code, or other sensitive, protected information that require
special security policies? See Typical 3D Sensor Deployments on page 11
for more information.
•Do you provide VPN or modem access for remote workers? Do you have
remote offices that also require an IPS deployment? Do you employ
contractors or other temporary employees? Are they restricted to specific
network segments? Do you integrate your network with the networks of
other organizations such as customers, suppliers, or business partners? See
Other Deployment Options on page 18 for more information.
RNA Installation Considerations
RNA is the Real-time Network Awareness component of the Sourcefire 3D
System. Before you install a 3D Sensor with RNA, you should first consider your
goals in deploying network discovery and vulnerability assessment sensors. Next,
consider deployment issues, such as which network segments you want to
monitor with RNA (and why), and how you will physically connect these
appliances to your network. Finally, you should take into account any special
network configuration factors, such as firewall placement, VPN deployments, and
how you will use a Sourcefire Defense Center to aggregate and correlate RNA
events.
Monitoring network changes with RNA can help you realize a variety of goals.
Clarifying your network discovery and vulnerability assessment goals can guide
Version 4.10.3 Sourcefire 3D Sensor Installation Guide 10
Before You Begin
RUA Installation Considerations Chapter 1
your deployment choices. This section examines some general goals that can
influence a deployment of 3D Sensors with RNA, such as:
•gaining a more thorough understanding of your current network
infrastructure
•learning when network change occurs and how it affects your network’s
susceptibility to compromise
•using RNA data to refine your intrusion rules and firewall rules
RUA Installation Considerations
RUA is the Real-time User Awareness component of the Sourcefire 3D System.
RUA allows your organization to correlate threat, endpoint, and network
intelligence with user identity information. 3D Sensors with RUA allow you to
identify the source of policy breaches, attacks, or network vulnerabilities. By
linking network behavior, traffic, and events directly to individual users, RUA helps
to mitigate risk, block users or user activity, and take action to protect others from
disruption. These capabilities also significantly improve audit controls and
enhance regulatory compliance.
You can deploy RUA in two ways: as a component on a 3D Sensor or as an agent
on a Microsoft Active Directory server. The implications of each deployment
method are described in “Using Real-time User Awareness” in the Sourcefire 3D
System User Guide.
3D Sensors with RUA use detection engines to passively analyze the traffic that
travels through your network. An RUA detection engine collects user login events
by passively monitoring traffic. Refer to “Setting up Sourcefire 3D Sensors with
RUA” in the Sourcefire 3D System User Guide for more information.
The Sourcefire RUA Agent on a Microsoft Active Directory (AD) server detects all
AD server logins and reports them to the Defense Center as RUA events. Only
usernames and IP addresses associated with RUA events are collected in this
manner. Information about loading the RUA Agent on a Microsoft Active Directory
server is provided in “Installing an RUA Agent on an Active Directory Server” in
the Sourcefire 3D System User Guide.
Version 4.10.3 Sourcefire 3D Sensor Installation Guide 11
Before You Begin
Typical 3D Sensor Deployments Chapter 1
Typical 3D Sensor Deployments
In the following simple network architecture diagram, the network has three
areas with three different security policies:
•between the border router and the firewall
•in the demilitarized zone, or DMZ
•in the internal, protected network
Deploying your 3D Sensors in each of these locations serves different purposes.
Security requirements vary, so the following are typical location
recommendations:
•Placement outside the firewall gives you a clear picture of all the traffic
traversing your network via this gateway. This location is appropriate for IPS
only. Most enterprises would not need to identify user identities or employ
host and vulnerability detection capabilities in this area.
•Placement in the DMZ provides you with useful information about attacks
on outward-facing servers. This location is appropriate for IPS and RNA,
although some enterprises would want to add the user identification
capabilities of RUA here as well.
•Placement on the internal network monitors inbound traffic for firewall
misconfiguration and detects attacks that originate from hosts on the
internal network. All internal networks are ideal locations for the combined
capabilities of IPS, RNA, and RUA.
These three locations indicate where you may want to connect the 3D Sensor’s
sensing interfaces. Regardless of where you connect the sensing interfaces,
Version 4.10.3 Sourcefire 3D Sensor Installation Guide 12
Before You Begin
Typical 3D Sensor Deployments Chapter 1
make sure you connect the 3D Sensor’s management interface to a secure
internal network that is protected from unauthorized access.
Outside the Firewall
Outside the firewall, the router provides the first line of defense. Although you
can configure most routers to block unwanted packets, this is not typically used
to secure the network segment between the router and the firewall. Placing the
3D Sensor here can help you detect attacks made against your network as well as
attacks from your network to another.
Deploying the 3D Sensor on this segment of your network for a week or two can
help you understand what kinds of attacks reach your firewall and where they
originate. Although you can readily inspect all traffic traversing your network,
considerable resources are required to prioritize, investigate, and respond to
events that may be blocked by your firewall. Your enterprise’s ability to gain
knowledge from this approach depends on the amount of traffic traversing your
network and your security analyst resources. Gaining this kind of information can
help you tune your firewall rules to be as effective as possible.
Version 4.10.3 Sourcefire 3D Sensor Installation Guide 13
Before You Begin
Typical 3D Sensor Deployments Chapter 1
In the DMZ
In this simple network architecture, the DMZ contains outward-facing servers
(web, FTP, DNS, mail, and so on). The hosts in the DMZ provide services to
external users and are at a greater security risk than those inside the firewall.
In this network configuration, the servers in the DMZ also provide services such
as mail relay and web proxy to users on the internal network. A 3D Sensor with
IPS on this segment can provide useful information about the kinds of attacks on
outward facing servers as well as detect attacks directed to the Internet that
originate from a compromised server in the DMZ. Adding RNA to the sensor on
this segment can help you monitor these exposed servers for changes (for
example, a new unknown service suddenly appearing) that could indicate a
compromised server in the DMZ.
Version 4.10.3 Sourcefire 3D Sensor Installation Guide 14
Before You Begin
Typical 3D Sensor Deployments Chapter 1
On the Internal Side of Redundant Firewalls
Many network environments implement a redundant data path for Internet
connectivity. These secondary links may also require monitoring in situations
when the primary, or active, links go offline. Two options are available for ensuring
continuous monitoring during a primary link outage:
•A single 3D Sensor can monitor both the active (primary) and passive
(secondary) links over multiple inline links passing through the single
sensor. Built-in fail-open bypass capabilities ensure that traffic is always
moving through the appliance, and any traffic that moves to the secondary
link is still monitored by the sensor appliance as if nothing had failed.
•Two 3D Sensor appliances may be placed on the network. One can monitor
the active (primary) link and one the passive (secondary) link, with both
sensors up and continuously monitoring the specified link. If a condition
causes traffic to move from the primary to the secondary link, the
3D Sensor on the secondary link automatically takes over all monitoring
responsibilities.
On the Internal Network
Although the sample network includes a firewall configured to provide security to
the servers and workstations on the internal network, 3D Sensors on this
segment can monitor traffic that is allowed inbound by the firewall by choice or
due to firewall misconfiguration. For example, if you have a security policy that
prohibits FTP connections to any host on the internal network, you can create a
rule on the 3D Sensor that will trigger when it detects traffic directed to port 21
on any IP address in the segment. A 3D Sensor on this segment can also detect
attacks that originate from hosts on the internal network. For instance, attaching
one 3D Sensor to a mirror or span port on a switch helps you identify attacks from
Version 4.10.3 Sourcefire 3D Sensor Installation Guide 15
Before You Begin
Typical 3D Sensor Deployments Chapter 1
one computer on the internal network directed against other computers on the
internal network if the attack traffic traverses the switch.
Similarly, if a host on your network is compromised from within, RNA can
immediately identify both unauthorized changes on hosts. For example, a
Microsoft shop can use RNA to identify in real time a rogue Linux or FreeBSD
system that mysteriously appears on their network segment. RNA on a switched
network segment can monitor all the hosts and services on the segment for
changes and vulnerabilities. For example, attaching an 3D Sensor to a mirror or
SPAN port on the switch allows you to monitor the entire network segment, as
long as all traffic to and from all hosts on the segment traverses the switch.
In either case, by adding RUA to the 3D Sensor, you can immediately identify the
user who is logged into the host that is running the rogue operating system or
launching the internal attack.
Deploying a Multi-Port 3D Sensor
Selected models of the 3D Sensor offer multiple sensing ports on an adapter
card. You can use the multi-port 3D Sensors in either of two ways:
•to recombine the separate connections from a network tap
•to capture and evaluate traffic from different networks
IMPORTANT! Although each port is capable of receiving the full throughput for
which the sensor is rated, the total traffic on the 3D Sensor cannot exceed its
bandwidth rating without some packet loss.
Version 4.10.3 Sourcefire 3D Sensor Installation Guide 16
Before You Begin
Typical 3D Sensor Deployments Chapter 1
Deploying a multi-port 3D Sensor with a network tap is a straightforward process.
The following diagram shows a network tap installed on a high-traffic network
segment.
In this scenario, the tap transmits incoming and outgoing traffic through separate
ports. When you connect the multi-port adapter card on the 3D Sensor to the tap,
the 3D Sensor is able to combine the traffic into a single data stream so that it
can be analyzed.
Version 4.10.3 Sourcefire 3D Sensor Installation Guide 17
Before You Begin
Typical 3D Sensor Deployments Chapter 1
Note that with a gigabit optical tap, as shown in the illustration below, both sets
of ports on the 3D Sensor are used by the connectors from the tap.
If your 3D Sensor supports multiple detection engines, you can also create
interface sets to capture data from separate networks. The following diagram
shows a single sensor with a dual-port adapter and two interface sets connected
to two networks.
Version 4.10.3 Sourcefire 3D Sensor Installation Guide 18
Before You Begin
Other Deployment Options Chapter 1
Other Deployment Options
The following sections describe other installation scenarios that may affect your
enterprise’s deployment of the Sourcefire 3D System:
•Integrating with VPNs on page 18
•Detecting Intrusions on Other Points of Entry on page 18
•Deploying in Multi-Site Environments on page 20
•Integrating 3D Sensors with RNA within Complex Networks on page 21
Integrating with VPNs
Virtual private networks, or VPNs, use IP tunneling techniques to provide the
security of a local network to remote users over the Internet. In general, VPN
solutions encrypt the data payload in an IP packet. The IP header is unencrypted
so that the packet can be transmitted over public networks in much the same way
as any other packet. When the packet arrives at its destination network, the
payload is decrypted and the packet is directed to the proper host.
Because network appliances cannot analyze the encrypted payload of a VPN
packet, placing 3D Sensors outside the terminating endpoints of the VPN
connections ensures that all packet information can be accessed. The following
diagram illustrates how 3D Sensors can be deployed in a VPN environment.
Detecting Intrusions on Other Points of Entry
Many networks include more than one access point. Instead of a single border
router that connects to the Internet, some enterprises use a combination of the
Internet, modem banks, and direct links to business partner networks. In general,
you should deploy 3D Sensors near firewalls (either inside the firewall, outside
the firewall, or both) and on network segments that are important to the integrity
and confidentiality of your business data. The following diagram shows how
Version 4.10.3 Sourcefire 3D Sensor Installation Guide 19
Before You Begin
Other Deployment Options Chapter 1
3D Sensors can be installed at key locations on a complex network with multiple
entry points.
Version 4.10.3 Sourcefire 3D Sensor Installation Guide 20
Before You Begin
Other Deployment Options Chapter 1
Deploying in Multi-Site Environments
Many organizations want to extend intrusion detection across a geographically
disparate enterprise and then analyze all the IPS data from one location. The
Sourcefire 3D System supports this by offering the Defense Center, which
aggregates and correlates events from 3D Sensors deployed throughout the
organization’s many locations. Unlike deploying multiple 3D Sensors and Defense
Centers in the same geographic location on the same network, when deploying
3D Sensors in disparate geographic locations, you must take precautions to
ensure the security of the 3D Sensors and the data stream. To secure the data,
you must isolate the 3D Sensors and Defense Center from unprotected
networks. You can do this by transmitting the data stream from the 3D Sensors
over a VPN or with some other secure tunneling protocol as shown in the
following diagram.
This manual suits for next models
20
Table of contents
Popular Accessories manuals by other brands
PCB Piezotronics
PCB Piezotronics 622A01 Installation and operating manual
Elko
Elko Inels RFDSC-71 manual
Dini Argeo
Dini Argeo 3590EXP Series user manual
Esco Medical
Esco Medical MIRI TL 6 user manual
Thermo Scientific
Thermo Scientific 3554-35A Operator's manual and parts list
WAC Lighting
WAC Lighting MS-120 Installation instruction
Pulsar
Pulsar MicroFlow-i instruction manual
weinor
weinor Topas Maintenance instructions and directions for use
Mantracourt
Mantracourt BroadWeigh Original instructions
Wen
Wen 56380i quick start guide
Silvercrest
Silvercrest SPB 2.6 A1 User manual and service information
Gleason Reel
Gleason Reel Dual Hose Reel-Direct Drive K24 Installation and maintenance instructions