Forensics Tab Location dialog Note: The first row in the Client based threat displays the Event Time, while rest of the rows displays the Start/End Time of Association. This is valid for all Client based threats, except Ad hoc. Client Based Threat – Prevention Tab Prevention Tab shows the details of the Quarantine status of the association in the Association tab.
Forensics Tab Client Based Threat Details – Prevention Tab The fields in Prevention Tab are as follows: Client AP Association Start Time Association End Time Quarantine: Specifies the action taken on both the devices in the association. Even if one of device is quarantined, the association is Quarantined, else it is Not Quarantined. Click Quarantined, the Quarantine Details dialog opens. Click Not Quarantined, the Not Quarantined Reason dialog opens.
Forensics Tab Client Based Threat Details – Admin Tab The fields in Admin Tab are as follows: User: Specifies the name of the user who took action on the threat. Action: Specifies the action taken by the user for the Client based threat, such as Client added to quarantine, Client name changed.
Forensics Tab Client – Ad hoc Threat Details dialog Note: The Client – Ad hoc Threat Details dialog does not have All Device Filter icon Client Ad hoc Threat – Association tab The fields in Association Tab are as follows: Client Association Start Time Association End Time Locate: Click Locate, the Location dialog opens. In this case only the Client name appears in the Locate Device drop down list. Select Start Time of Ad hoc Connection and End Time of Ad hoc Connection from At drop down list.
Forensics Tab Client – Ad hoc Threat Details – Prevention tab The fields in Prevention tab are as follows: Client Association Start Time Association End Time Quarantine: Specifies quarantine action taken on the devices during the Ad hoc connection. Click Quarantined, the Quarantine Details dialog opens. Click Not Quarantined, the Not Quarantined Reason dialog opens. Client Ad hoc Threat – Admin Tab Click on Admin Tab in the Client – Ad hoc Threat Details dialog.
Forensics Tab Client – Ad hoc Threat Details – Admin tab The fields in Admin tab are as follows: User Action: Displays all the actions taken on all the Clients participating in the Ad hoc connection Time Forensics Tab – User Saved Settings The following User choices made during browsing of Forensics Tab are saved by the system. Time Filter These settings are saved on log out as well as movement to other tabs on the Console.
Administration Tab Administration Tab Introduction The system is highly customizable and can be configured to suit the needs of your enterprise. The Administration screen allows you to perform various administrative activities such as event, device, and user management, configure the system and location settings, and enable integration with SAFE and third party applications. Administration Screen The Administration screen includes two panes.
Administration Tab Local Tab Global Policies Global policies are the policies that are applicable to the entire system. A superuser or an administrator with rights to the root location can modify the global policies. Click the Global tab on the Administration screen to view the policies groups under this tab. Event Settings The Event Settings option enabled you to configure the following event settings in the system.
Administration Tab Remove SSIDs from this list by selecting the SSIDs and clicking Delete. To remove the SSIDs from the database, click Apply. Vulnerable SSIDs Regeneration Some events are generated repeatedly when the cause persists; for example, Denial of Service (DoS) (Security) and traffic events (Monitoring). The Regeneration screen enables you to specify how often an event is repeated if the cause persists under the Event Regeneration Interval.
Administration Tab Event Regeneration Interval Hotspot SSIDs It is highly likely that hotspot APs are present in the enterprise neighborhood. If enterprise Client probes for well known hotspot SSID, it is at risk of connecting to the hotspot AP without the user necessarily knowing about it. Also if enterprise AP uses hotspot SSID on it, such an AP may attract undesirable Clients to connect to it.
Administration Tab Hotspot SSIDs Remove SSIDs from this list by selecting the SSIDs and clicking Delete. To remove the SSIDs from the database, click Apply. Device Settings Smart Device Type You can view, add, and delete the smart device types using the Smart Device Type dialog. Go to Administration>Global->Device Settings->Smart Device Type to view the Smart Device Type dialog. The dialog shows the system-defined smart device types , and the user-defined smart device types, if any.
Administration Tab Smart Device Type Adding a smart device type To add a new smart device type, click Add. Enter the Smart Device Type in the Add Smart Device Type dialog shown below, and click OK to add the smart device type to the existing list of smart device types.
Administration Tab Delete Smart Device Type Import Devices Importing an Authorized AP List and an Authorized or Non-authorized Clients List is an efficient alternative to manual movement of these devices into the Authorized/Non-authorized bins. After successfully importing these lists, the system automatically classifies the APs and Clients in the respective lists as Authorized/Non-authorized.
Administration Tab Under Import AP List, click Import Authorized AP List to open Import Authorized AP List dialog. Import Authorized AP List In the Import Authorized AP List dialog: Under Tag Devices, select one of the following: Auto Tag Devices: To automatically tag the AP to the corresponding location. Manually Tag Devices to: Click Change to manually tag the AP to the desired location.
Administration Tab Import Guest Client List Under Enter Client details To add a Client’s details, type the Client’s MAC Address, IP Address, and Name and click Add to List>>> To add a Client’s details from a file, click Browse. On the Select Authorized/Guest/Rogue Client_Device_List_File dialog, select the .txt file from the desired location and click Open. Then click Add to List. Note: When you import sensors from a list, you can delete these sensors only from the Devices screen.
Administration Tab Note: When you import sensors from a list, you can delete these sensors only from the Devices screen. Thresholds Threshold settings determine the status of devices in terms of up-down association and connectivity. The Thresholds screen enables you to set parameters for APs, clients, and sensors.
Administration Tab Sensor Timeout: The sensor sends keep alive information to the server at a regular time interval specified here, to tell the server that it is alive. If the system does not receive this keep alive information for a time span specified here, it declares the sensor inactive. Note: Sensor timeout is not user configurable for this release and has been fixed as 600 seconds.
Administration Tab Device Discovery The following options are available: Number of packets in a discovery burst: Specifies the number of packets that the system sends in each discovery burst. (Minimum: 10; Maximum: 1000; Default: 300) Time interval for packets in a discovery burst: Specifies the time interval between two consecutive packets sent in a discovery burst.
Administration Tab Banned AP List In the Banned AP List under Enter AP MAC addresses, enter the MAC address of a prohibited AP and click Add to List>>>. The MAC address is added to the Banned AP List. You can also Use Ctrl + V to paste a list Add the MAC addresses from a file by clicking Browse and then selecting the file Note: Separate MAC addresses by a comma, space, tab, semicolon, or new line.
Administration Tab Banned Client List In the Banned Client List under Enter Client MAC addresses, enter the MAC address of a prohibited Client and click >>>. The MAC address is added to the Banned Client List. You can also Use Ctrl + V to paste a list Add the MAC addresses from a file by clicking Browse and then selecting the file Note: Separate MAC addresses by a comma, space, tab, semicolon, or new line. User Management Select the User Management option to set various user settings.
Administration Tab Manage Users Adding a User Click Add to open the Add User Details dialog.
Administration Tab Adding User Details: User Properties Tab for Local User Under User Details, select the user type (Local, LDAP, or Radius User). Superuser can create user accounts. For local authentication using password, it is necessary to create the user account using this screen before the user can log in. For a Local User, the superuser must specify the following fields: Login ID: Login ID of the user. User Role: This field specifies the role to be assigned to the user.
Administration Tab Adding User Details: User Properties Tab for LDAP User For LDAP User, the superuser may create user accounts using this screen, prior to the first successful login of the user. For this, the following fields can be specified: Login ID: Login ID of the user. User Role: This field specifies the role to be assigned to the user. The table below shows the user roles and their respective rights.
Administration Tab Adding User Details: User Properties Tab for RADIUS User For a RADIUS User, the superuser may create user accounts using this screen, prior to the first successful login of the user. For this, the following fields can be specified:: Login ID: Login ID of the user. User Role: This field specifies the role to be assigned to the user. The table below shows the user roles and their respective rights. First and Last Name: First and last name of the user.
Administration Tab Session Timeout: Specify the number of minutes after which the system automatically logs out the currently logged in user when there is no activity on the Console for the Session Timeout period (Minimum: 10 minutes; Maximum: 120 minutes) Language Preference: Select English or Multilingual support from the drop-down list. Time Zone: Select the appropriate time zone for the user The following table summarizes the rights for various user roles.
Administration Tab Note: 1. There can be as many Superusers as required. Superuser always has rights to root of the location tree. 2. The role is unique for any user. The Password Settings tab applies to only locally authenticated users. It does not apply to LDAP or RADIUS authenticated users. The Password Settings menu has the following fields: Adding User Details: Password Settings Tab Password never expires: If selected, the password does not expire over time.
Administration Tab To edit the details of an existing user, double-click a row or select a row and click Edit to open the Edit User Details dialog. Editing User Details The Edit User Details dialog is similar to the Add User Details dialog. Any field value, other than Login ID, that has been specified manually while adding user details, can be modified at the time of editing the user details. Under User Account Accessibility, the superuser can do the following for other users.
Administration Tab The system can use an LDAP server for user authentication. The LDAP Configuration screen facilitates configuration of the LDAP server access parameters. LDAP Configuration Check Enable LDAP to enable user authentication using an LDAP compliant directory. LDAP Integration Details: Provide configuration parameters for the system to be able to access the LDAP compliant directory. Following details can be provided using this screen.
Administration Tab Base Distinguished Name: Specifies the base distinguished name of the directory to which you want to connect, for example, o=democorp, c=au. Note: Distinguished Name is a unique identifier of an entry in the Directory Information Tree (DIT). The name is the concatenation of Relative Distinguished Names (RDNs) from the top of the DIT down to the entry in question.
Administration Tab RADIUS Configuration Check Enable RADIUS Integration for CLI login to enable CLI user authentication using RADIUS and check Enable RADIUS Integration for GUI login to enable GUI user authentication using RADIUS. The RADIUS Configuration screen has Authentication, Accounting, and Advanced Settings tabs.
Administration Tab Login Screen – Password only authentication 2. Certificate only: In this option, the user authentication is performed using the client certificate (such as smart card). The user has to insert a smart card containing the client certificate in a reader attached to the computer from where the console is accessed and then press the Login button. The system then verifies the client certificate and obtains user identity (username) from the certificate.
Administration Tab Login Screen – Certificate and Password authentication 4. Certificate or Password: In this option, the user authentication is permitted either using the password or using the client certificate. This option is appropriate for organizations which have only partially migrated to using smart cards for authentication.
Administration Tab Certificate Authentication The required authentication option can be activated based on the various combinations of the Enable certificate based authentication box, Allow access without certificate box, and Users must provide password along with certificate box. The following table describes the activation of the authentication options based on the check boxes selected by the user.
Administration Tab The field in the client certificate from which user identity can be retrieved by the system. Root CA certificates to facilitate the verification of the client certificate. Preferred method to check for certificate revocation. Password Policy The Password Policy determines the minimum requirements for system passwords. This policy applies to all User Roles: superuser,, administrator, operator, and viewer. If you change this policy, older passwords are not affected.
Administration Tab Account locking allows the superuser to specify the account locking policy for the selected user type – Superuser, administrator, operator, or viewer. Account locking protects the system from spurious logins through dictionary attacks. This setting applies only to those authentication options which use password as at least one of the authentication mechanisms.
Administration Tab User Preferences Under Password Details, user can specify/modify his email address and password. Password change from this screen is not applicable for the users using LDAP/RADIUS authentication, or for users for whom password based authentication has been disabled. Also, changing the email address from this screen is not applicable for LDAP authenticated user. Under User Preferences, the user can change his/her own Session Timeout, Language Preference, or Time Zone.
Administration Tab Auto Location Tagging Auto Location Tagging Configuration contains the following options: Devices: Based on the initial location of the device, the APs and Clients are auto-tagged immediately upon discovery. You can select how the system should compute the initial location tag of the APs or Clients. The system never auto-tags an AP or Client, if it is tagged manually. To re-enable auto location-tagging for a device, you must delete the device and let the system re-discover it.
Administration Tab The location of a particular device can be tracked using the location tracking feature. The system needs at least three sensors to perform location tracking. The Location Tracking screen enables you to define the parameters that control location tracking. Location Tracking Default Location Tracking Parameters contains the following options: Location Tracking Technique: Select the technique used for location tracking. The technique available is Generalized Likelihood.
Administration Tab The Live RF Views screen enables you to define the parameters that are used in live RF views. These parameters are specific to each environment. Tuning the parameters enables you to see more accurate views. Live RF Views Default Live RF Views Parameters contains the following options: Intrusion Detection and Prevention Regions: Specify the dBm values for which the system shows the intrusion detection and prevention regions in the sensor coverage views.
Administration Tab RF Propagation Default RF Propagation Settings contains the following options: Default Antenna Gain Values: Specify the default sensor, AP, and Client antenna gain values. Antenna gain is a characteristic of an antenna used for transmitting or receiving signal, defined as gain in power when signal is received (or transmitted) using the antenna. Sensor Antenna Gain (dB): Specifies the gain of antenna attached to the sensor. (Default: 2.
Administration Tab Note: The system uses the first set of parameters when the Planner file is imported; the second set for blank, gif, or jpeg files. Minimum and Maximum Signal Decay Constants specify the range for the decay exponent, that is, the exponent at which signal decays with distance. Signal Decay Slope (Beta) and Signal Decay Inflection (Alpha) control how the decay exponent changes from its minimum value to maximum value.
Administration Tab Encoding Reports The system can display a rich set of reports. The Reports screen enables you to modify the appearance and text in the generated reports. Refer to 'Adding a Report' in the Reports Tab section for more details.
Administration Tab Reports Configuration Auto-deletion The system is designed to store information about devices seen and older events over a period of time. The rate of growth of this information is dependent on the volatility of the wireless environment at the deployed location. This information also becomes obsolete after a certain time. It is necessary to delete this information periodically. Based on the event related configuration done by you, the system also raises and stores a number of events.
Administration Tab Auto Deletion The Auto Deletion Parameters window contains the following options: Access Point Deletion Parameters: Select the checkboxes to choose the category of APs that you would like the system to delete automatically. Specify the number of days of inactivity after which the AP records are automatically deleted. (Minimum: 1 day; Maximum: 30 days) Uncategorized Rogue External Note: Authorized APs are not auto deleted from the system.
Administration Tab Events Deletion Parameters: Specify the maximum number of events that would be retained on the server. Maximum Security Events (Minimum: 20000; Maximum: 80000; Default: 50000) Note: Maximum number of security events that can be retained for SA-350 appliance, is 0.7 million. Maximum Performance Events (Minimum: 5000; Maximum: 40000; Default: 10000) Note: Maximum number of performance events that can be retained for SA-350 appliance, is 0.25 million.
Administration Tab Vendors To add a new pair of vendor name and MAC prefix, click Add. The Add Vendor dialog opens. Specify the Vendor Name and the MAC Prefix and click Add. Add Vendor Dialog To delete any pair from the existing list, select the relevant row and click Delete. SMTP The SMTP screen enables you to set Simple Mail Transfer Protocol (SMTP) server settings to send emails when events occur. You must have administrator privileges to set these values.
Administration Tab SMTP Note: If you want the system to notify you by an events email, you need to specify SMTP server details. The system does not email events by default. If you do not want to receive email for the events, select Restore Defaults and Apply. SMTP Configuration contains the following options: SMTP Server IP Address/Hostname: Specifies the IP Address or the Hostname of the SMTP server used by the system for sending email alerts. (Default: 127.0.0.
Administration Tab To update the license, click Browse and navigate to the location of the License Key File. To finish, click Apply. Note: To apply the license effectively, logout and re-login to the console. License Server The Server screen enables you to view server information.
Administration Tab Server Details Server Details: This is a read-only section and displays the following information: Server ID: Unique identifier for the server appliance. If you have installed a single server appliance, then retain the default server ID, that is, 1. Port: The User Datagram Protocol (UDP) port number used. Max Sensors: Maximum number of sensors that can connect to the server. Max Sensor/AP Combos: Maximum number of sensors that can be converted to Sensor/AP Combo devices.
Administration Tab Manage Logs View logs The system enables downloading the user action logs for review. Only the superuser has permission to download logs. Logs can be downloaded as .TSV (tab separated values) or .CSV (comma separated values) format. The .TSV format is also called Unicode format. The downloaded file can be viewed using text editors such as Excel, WordPad etc. to specify the Time Period.
