Version 10 - Securepoint Downloadsdownload.securepoint.de/.../manual_security_operation_center_1.0.pdf · Security Operation Center Securepoint 10 Securepoint Security Solutions 4

Version 10

Security Operation Center

Version 1.0.0

Security Operation Center Securepoint 10

Securepoint

Security Solutions 2

Contents

1 Installation Notes ............................................................................................................ 5

2 Message Board .............................................................................................................. 6

3 Monitoring ...................................................................................................................... 8

3.1 Monitoring Filter ...................................................................................................... 9

3.2 Monitoring Settings .................................................................................................10

4 Dashboard.....................................................................................................................11

4.1 Details ....................................................................................................................12

4.2 Display Filter of the Dashboard ..............................................................................16

5 Extras ............................................................................................................................17

5.1 Tasks .....................................................................................................................18

5.1.1 Edit Task.............................................................................................................18

5.1.2 Create Tasks ......................................................................................................19

5.1.3 Create Macros ....................................................................................................20

5.2 Tasklog ..................................................................................................................22

5.3 Group Management ...............................................................................................23

5.4 CLI Log ..................................................................................................................24

5.5 Builds .....................................................................................................................24

5.6 Log .........................................................................................................................25

5.6.1 Adjust the Log View ............................................................................................26

5.6.2 Log Settings ........................................................................................................26

5.7 Firewalls .................................................................................................................27

5.7.1 Adjust the Firewall List ........................................................................................28

5.8 User and User Groups ...........................................................................................29

5.8.1 Send Messages to User ......................................................................................30

6 Operation Center ...........................................................................................................31

6.1 Who is Online .........................................................................................................32

6.1.1 Online Chat .........................................................................................................33


Securepoint


6.2 Operation Center Settings ......................................................................................34

6.3 Backup Settings .....................................................................................................35

6.4 Data Provider .........................................................................................................36

6.4.1 Enter Data Provider at Startup ............................................................................37

6.4.2 Change the Source of the Data Provider ............................................................38

7 Firewalls ........................................................................................................................39

7.1 Context Menu .........................................................................................................39

7.2 Query Interface ......................................................................................................40

7.3 Adding a Firewall ....................................................................................................40

7.4 Plot .........................................................................................................................41

7.5 Backup ...................................................................................................................42

7.6 Permissions ............................................................................................................43

8 Sidebar Menu ................................................................................................................44

8.1 Quick Connect ........................................................................................................44

9 Hotkeys .........................................................................................................................45


Securepoint


Introduction

The Security Operation Center (SOC) is the new managing software for Securepoint ap-

pliances. The concept of the Operation Center is adopted from the administration web inter-

face of Securepoint 10.

The Operation Center offers essential administrative functions like monitoring and backup.

As known from the Securepoint Security Manager, you can connect directly to the appliances

via SSH and configure the firewall with the administrative web interface.

The Security Operation Center is installed on the computer locally. The Operation Center

stores monitoring data, backups and log data in a database. It accesses the database by

using the service Securepoint Data Provider. This service can be installed on the same com-

puter or can be stored centrally on a server.

The Operation Center offers four categories Monitoring, Extras, Operation Center and

Firewalls on the left side. The right side of the program window shows actual load data of

the managed firewalls or the administration web interface.

If the SOC is connected to a firewall, in the right area of the window the administration of the

respective firewall is displayed. Only one connection at the same time is possible.

fig. 1 monitoring screen of the Security Operation Center


Securepoint


1 Installation Notes

The Security Operation Center is available for Microsoft Windows and various Linux distribu-

tions. The Service Securepoint Data Provider, which is the interface to the encrypted data-

base, can only be installed on a Windows system.

The software package for Windows is an executable EXE file, which starts an installation

assistant. For Linux distributions a compressed TAR archive is offered.

The Security Operation Center installation packet for Windows consists of several compo-

nents.

The main components are the application software for the client computer and the service

Data Provider. The additional services Monitoring, Backup and Tasks have to be installed on

the client computer so that these functions are available.

The Data Provider can be installed either on the client computer or central on another system

like a server.

fig. 2 installation wizard

The Security Operation Center and the Data provider must be run on the same version for all

functions to run error free. If you update the Data provider all users have to update their ver-

sion of the Security Operation Center.

If you want to use the Security Operation Center on a Windows system you have to ensure

that the Microsoft .NET framework version 3.5 or higher is installed. Windows 7 already in-

cludes the framework but probably it isn’t activated. Activate it via the software management

in the Windows control panel.


Securepoint


2 Message Board

The Message Board shows topical Securepoint news, change logs, messages and executed

tasks in the right window. The view can be switched between News, Changelog, Tasklog

and Messages by using the upper menu bar.

You can set this view as the start-up page of the Security Operation Center. For this choose

the entry Overview for the Start Screen in the Operation Center settings.

The Securepoint News provides press reports and current events of the Securepoint GmbH.

This data is loaded from the Securepoint internet site and can only be shown if the system

has access to the internet.

fig. 3 news dialog of the meassage board

The Changelog lists the changes between two firewall software versions. You can select a

version in a dropdown field at the end of the list.

These data are also loaded form the internet.

fig. 4 changelog dialog of the message board


Securepoint


The Tasklog lists all executed tasks. The entries contain the task name, the execution date

and the received status message. You can remove a task by using the button at the right

side of the list. The suppression will be saved automatically and applies to all users.

fig. 5 tasklog dialog of the message board

Users can write messages to each other. These are shown at the message board. Users can

only see messages which are targeted to them. If a new notification exists when the user

logs in, the start screen switches to the in-box.

Messages read are moved automatically to the tab Read Messages.

fig. 6 message dialog of the message board


Securepoint


3 Monitoring

The Monitoring is one of the central functions of the Security Operation Center. This control

function displays the system utilization of all managed appliances. The processor- and mem-

ory-load is shown graphically. The number of TCP- and UDP-connections and the on-

line/offline status is presented in graphs, too.

Beneath this, the system components, license and software properties are listed.

Lists of running and stopped applications as well as IPSec connections could be displayed if

needed.

graphical component load information about processor type, license and software version opened service list left side: running services list of created IPSec connections

fig. 7 monitoring view of an appliance

with activated service and connection list

numbers of TCP and UDP con-nections and graphical online state information of numbers of inter-faces and update status of the virus database opened service list right side: closed services


Securepoint


3.1 Monitoring Filter

With the filter you can choose the monitoring data of which appliances are shown. The filter

choices are positioned at the left side in the menu Monitoring.

fig. 8 monitoring filter

Filter description Function

Show Shows all appliances except excluded ones.

Show all Shows all appliances. Excluded ones too.

Show excluded Shows only excluded ap-pliances.

Show Important Shows appliances with the mon-itoring status important.

Show Normal Shows appliances with the mon-itoring status normal.

Show Low Shows appliances with the mon-itoring status low.

Show Group Opens a further filter selection, which offers groups as a filter criterion.

Additionally to this filter, you can use the sort function in the left frame to adjust the view.

You can filter the actual view by risk and sort by name or risk.

The actual selection can be searched for appliance names or IP addresses.

The interval of the actualization can be selected between 2 minutes and 4 hours.

If the entry by hand is selected, the display will be only refreshed when a filter on

the left side will be used.

The setting Monitoring will assume the interval of the monitoring.

The selection can be displayed in one or in two columns.

fig. 9 view filter


Securepoint


3.2 Monitoring Settings

The appliances don’t send the monitoring data to the SOC continuously. The data is queried

in so called runs. In this run the monitoring data of the appliance is queried one hundred

times.

The run interval is the time between the end of the previous run and the beginning of the new

run. The default setting is one minute. Because only one appliance at once and one ap-

pliance after another is queried, the elapsed time between the runs could be greater than the

defined interval.

fig. 10 monitoring settings

The queries could be assigned to specific appliances.

The selections are: All appliances

Appliances with a defined status

Appliances of a specified user

Appliances of a specified group

You can also decide to query excluded machines too. Excluded machines are appliances

which are exempted from the monitoring.

If a queried appliance is offline, you can let it move into a defined group.


Securepoint


4 Dashboard

You can also show the main monitoring data in a dashboard view. The dashboard shows a

graphical overview of all recorded firewalls. The capacity utilization of the CPU, memory,

swap partition and the validity time of the license is shown for every firewall. Furthermore the

numbers of TCP and UDP connections and the used version is displayed.

The dashboard can be shown as boxes or as a list.

The colored background of the firewall name or the table row quickly shows critical systems.

A red background signalizes that the risk of the system is evaluated as high. This appears if

the system isn’t reachable respectively, not powered on, or the license is invalid, or the li-

cense is less than 30 days valid and an old version is used.

An orange indication is shown, if an old version is used.

If the firewall is marked green, the system is uncritical.

The status bars for the present utilization change from green over orange to red, if the values

reach a critical situation.

fig. 11 dashboard in box view

fig. 12 dashboard in list view


Securepoint


The icons at the lower border of the box or at the end of the table row show the connection

status, more details or connect the firewall directly.

Icon Description

The firewall is not reachable, not powered on or

not connected at the time of the monitoring.

Connection to the firewall is established.

Connect the firewall via the administration web

interface.

Shows details of the firewall.

4.1 Details

To show more information of a system, click the gear symbol.

The tab General shows information about hardware, license, software version, and virus

database status.

fig. 13 details - tab General


Securepoint


The tab Services lists all running and stopped applications.

fig. 14 details - tab Services

The tab IPSec shows all established IPSec connections which are stored on the appliance.

The status of the connection is show by a dot in the first column. If the connection is active

the dot is green, otherwise the dot is gray.

fig. 15 detail - tab IPSec


Securepoint


The tab Graphs shows the hardware utilization, the numbers of TCP- and UDP-connections

and the online status in diagrams.

fig. 16 details - tab Graphs

On the tab All Runs the date and time of the last 100 status-record-runs are listed. For in-

formation of a run click on the button at the end of the according line.

fig. 17 details - tab All Runs


Securepoint


The tab Backup shows detailed information of the last backups.

fig. 18 details - tab Backup

The tab Average Values shows the arithmetic average of the hardware utilization, the num-

bers of TCP- and UDP-connections and the online status.

fig. 19 details - tab Average Values


Securepoint


4.2 Display Filter of the Dashboard

The dashboard view can be customized by a filter.

To start the filtering or sorting you have to click the according button after setting the wanted

filter. The selected settings can be saved.

Function Description

Filter firewalls Filters the firewall by risk. A distinction is drawn between no, middle and high risk.

To reset the filter use the value All.

Sort firewalls by You can sort the display by risk and name. You can select between ascending and descending sorting.

Search firewall You can search a firewall by name or IP-address. If the searching is successful, the found firewall is displayed.

View Switches the view between gallery and list view.

Auto refresh after Sets the update interval of the display. If the entry Manual is selected, the display will only be updated, when a filter on the left side is changed. When the entry Monitoring is selected, the interval of the monitoring will be assumed, which is set in the left window.

Save settings Saves the current setting for the used client computer.

fig. 20 dashboard filter


Securepoint


5 Extras

In this area you can manage firewall groups, user and user groups. Furthermore you can

start a CLI log window and retrieve a list of available firewall software versions and managed

firewalls. You also reach the item tasks, task log and CLI log.

fig. 21 menu Extras


Securepoint


5.1 Tasks

BY choosing the point Tasks you can create CLI (Command Line Interface) commands

which will be executed at a predefined time.

Click on Tasks to reach the window Manage Tasks where all created tasks are listed with

name and execute time. Commands which have already been executed are listed too. These

tasks can be used as patterns for periodical tasks.

Tasks are only shown to the user who has created them. The user admin sees all tasks.

5.1.1 Edit Task

Click on the entry Tasks in the Extras menu. A list with all defined tasks appears.

To execute the commands at another time or another firewall, use the wrench sym-

bol. The window Edit Task appears.

Change the entries in the fields Run date and Run time.

Change the firewalls for which the task should be executed. For this use the button

Add in the box Assigned firewalls. Select a firewall out of the appearing list. You

can remove firewalls from the list Assigned firewalls by using the minus symbol

button.

Click Save.

You can delete tasks from the list by using the trashcan symbol button.

fig. 22 task list

fig. 23 edit task


Securepoint


5.1.2 Create Tasks

To create a task click the button Add in the Manage Tasks view.

The window Add Task appears.

Enter a name for the new task into the field Title.

Type CLI commands into the field Commands (see the CLI commands reference at

the Securepoint internet page).

The commands to update or register the firewall are predefined and could be acti-

vated by a checkbox.

Click into the field Run date. A calendar appears, on which you can select the de-

sired run date.

At the field Run time select the hours in the first dropdown field and the minutes in

the second dropdown field.

In addition to the predefined commands you can select the options Reboot and Roll-

back.

The option Rollback on error should be activated, to reset failed CLI commands.

Click Save.

The window Tasks Firewalls appears. All available firewalls are listed by name and

IP address.

Select the firewalls the task should run on. For this use the button with the plus sym-

bol beneath the desired firewalls.

When you have selected the firewalls click on Back.

fig. 24 setup task

fig. 25 select firewalls

http://faq.securepoint.de/index.php?option=com_phocadownload&view=category&id=6:sonstige-allgemeine-howtos&download=51:cli-referenz&Itemid=16


Securepoint


5.1.3 Create Macros

You can record CLI commands directly when you configure a firewall via the administration

web interface. This functionality is useful if you want to execute the same actions on several

firewalls or if you want to automate periodical tasks.

For recording commands change to the settings of the Security Operation Center and acti-

vate the checkbox Show macro window on connect. When you connect to a firewall a little

dialog with the name Macro appears, which offers the recording of CLI commands.

When the recording is started, all commands which are send in the administration web inter-

face will be logged. This function only affects commands, which change data, update, restart,

and stop services. When the recording is stopped, you can save the logged commands as a

task. You can set an execution date for the new task during saving.

5.1.3.1 Record Macro

For record commands the macro function must be enabled in the settings of the Security

Operation Center.

Enter the menu point Operation Center. Select the entry Settings.

Activate the checkbox Show macro window on connect.

Establish a connection to the firewall to record a macro.

The macro window appears.

To start the recording, click the record button . All CLI commands which are ex-

ecuted in the administration web interface will be logged. The number of logged

commands will be shown in the macro window.

Click the stop button to exit the recording.

fig. 26 macro dialog


Securepoint


5.1.3.2 Save macro

When you stop the macro recording the save button will be activated. Use it to

open the record window. All logged commands are listed in this window. You can edit

the commands by clicking into the window and use the keyboard for typing the

changes.

Enter a name for the macro into the field Title.

Select a date from the dropdown field Run date/time and enter the desired time.

You can activate the functions Reboot after executed and Rollback on error.

Click Save to store the macro.

The macro is shown in the task management.

fig. 27 save macro as task


Securepoint


5.2 Tasklog

The Tasklog offers a logging of all executed tasks. You can check, whether the tasks are

executed correctly or an error occurred.

Log entries will be shown as long as they are tagged as read. An entry will be deleted, when

the status is set to read by clicking the minus symbol button.

The entries are listed with the task name and are sorted ascending by executing time. The

third column shows the feedback of the system. The fourth column provides the deletion but-

ton.

fig. 28 status messages of executed tasks


Securepoint


5.3 Group Management

Under this item you can manage firewall groups. With groups you can arrange all firewalls

into logical units. Groups are also used as a filter selection during the Monitoring and in the

area Firewalls.

You can create main groups and sub groups. A finer division is not provided.

With the buttons in the rows you can edit or delete the respective group.

fig. 29 group list

At the bottom of this menu you can create new groups.

You have to decide, if the group is a main or a sub group and if

it’s a sub group, in which main group it should be created.

Enter a title for the group into the field Name.

Select a main group in which the new group should be

created.

If the new group is a main group, select the entry

No parent.

Click Add.

Click the button with the wrench symbol beneath the group to

edit it. You can edit the name and if it’s a sub group you can

change the parent group or convert it to a main group. Main

groups which contain sub groups cannot become a sub group.

You can delete a group by using the button with the trashcan

symbol. The containing firewalls will persist.

If you delete a sub group, the contained firewalls will be moved

to the parent group. If you delete a main group, all sub groups

will be deleted too and the firewalls will not be assigned to a

group.


Securepoint


5.4 CLI Log

If the Operation Center is connected with a firewall, the CLI Log (Command Line Interface)

can record the in- and output of the communication between Operation Center and ap-

pliance. With this log you can control and analyze the communication.

It corresponds to the function which is offered in the administration web interface under the

menu point Extras. This log isn’t limited to 100 records.

The consecutive logging always shows the newest entry. To analyze the log, it can be useful

to stop the logging.

fig. 30 CLI log window

5.5 Builds

Under this point all available versions of the firewall software are listed.

If you establish a connection to a firewall, which uses an old version, a message informs you

about the new version. The information box also offers the possibility to download the new

version.


Securepoint


5.6 Log

Under the point Log protocol records are shown which are generated automatically by the

service Data Provider. All operations a user makes at the Security Operation Center are rec-

orded. Additionally, all actions like creation of backups and monitoring runs are logged.

We can track, which actions are made by the user and by the system at which time.

The log is only visible for users with administration rights.

Actions in the list are marked as Permit or Denial. If a user with limited rights has tried to

make privileged actions, this is shown as Denial. The according row is colored.

fig. 31 Operation Center log


Securepoint


5.6.1 Adjust the Log View

A filter is integrated in the header of the dialog Log. With this filter you can adjust the view of

the dialog. After you have set a filter, click on Filter Entries to refresh the list.

The following filters are offered:

All Shows all log entries.

Operation Center Show entries of the Operation Center.

These are actions which are made in the

Operation Center by the users.

Monitoring Service Entries of monitoring runs made.

Backup Service Entries of configuration backups made.

With the buttons in the middle of the header, you can navigate through the log pages.

The number of entries per page is set to 20 by default. You can adjust the number with the

dropdown field at the right side of the header.

The button with the two green arrows is intended for refreshing the entries.

fig. 32 filter options in the header

5.6.2 Log Settings

This point is located under the menu point Operation Center.

You can define how many days the log entries are stored. Log data which are older than the

given time will be deleted.

You can store the data up to 30 days. The number of entries is irrelevant.

fig. 33 storage duration in days


Securepoint


5.7 Firewalls

The entry Firewalls in the menu Extras lists all managed firewalls.

The table shows the name, the IP address or hostname of the firewall. The firewall type, lo-

cation and owner are also listed. Users and user groups and their rights are shown if exist-

ing.

fig. 34 list of managed firewalls


Securepoint


5.7.1 Adjust the Firewall List

In the header of the table a filter is integrated. With this, you can filter a specific firewall. The

header also offers a function to define the number of entries per page and a function to re-

fresh the data.

The following filters are available. Some of them need patterns. If no pattern is set, all fire-

walls are shown.

Category Description Pattern

Show all Shows all available firewalls. not needed

Name Searches for firewalls whose name matches the pattern (firewall names, not hostnames) The pattern doesn’t have to be complete.

The pattern can be the exact name or a part of the name.

IP Searches for firewalls whose IP address matches the pattern. The pattern doesn’t have to be complete. The search supports hostnames too.

The pattern can be the exact IP address or hostname or a part of it. For example: 192.168.

User Searches for firewalls whose user (not owner) matches the pattern. The pattern doesn’t have to be complete.

The pattern can be the exact user name or a part of the name.

User group Searches for firewalls whose user groups match the pattern. The pattern doesn’t have to be complete.

The pattern can be the exact name of the user group or a part of the name.

Patterns are always interpreted as a part of a pattern. It also isn’t case sensitive.

For example: The pattern office matches the entries office, Office, home-office, of-

fice-max, officer, policeofficer etc.

fig. 35 firewall filter


Securepoint


5.8 User and User Groups

You can create users for the Security Operation Center, which you can organize in user

groups. Users could have limited user rights or administrator rights. Only users with adminis-

trator rights can use all functions of the Operation Center. The administrator can grant or

deny read- or read- and write access to several appliances. This can be managed in the

menu Firewalls.

Accounts for users could be created and edited under the point User. User groups are

created and managed under the point User Groups.

Access rights of a user group and its member could be different. In that case the rights of the

user are preferential.

For example: The group staff has read access. The user A is member of the user group

staff. He has read and write access. So he can access the appliance with

read and write rights.

Note: A newly created user account isn’t member in a group and the access right

to all appliances is denied.

fig. 36 user list

fig. 37 add user

fig. 38 user group list


Securepoint


5.8.1 Send Messages to User

You can write messages to all registered users, which are listed in the user management. At

the end of every row in the user list an envelope symbol is placed.

Only this symbol is shown to users with restricted rights. Users with administrative rights also

see an edit and a delete symbol.

Use the button Send message to all at the end of the list, to send the same message to all

listed users.

Click the envelope button to open the Send Message view.

Enter a subject into the field Title.

Type your message into the textbox Message.

Click Send to transmit the message.

The message is shown in the overview under the tab Messages for the receiving us-

er. When the user logs into the system a notification is shown that a new message is

received.

fig. 39 user list

fig. 40 write message


Securepoint


6 Operation Center

Under this menu you will find functions and settings which regard the Operation Center.

fig. 41 menu Operation Center

Button Description

Who is online Shows a list of users that use the Security Operation Center and are connected to the same DataProvider.

Toggle Fullscreen

Set the Security Operation Center into fullscreen mode. To switch back to window mode click the button again. You can also use F11.

Settings Opens an area where the basic settings of the Security Center could be set.

Log Settings Set the time of the log data storage.

Backup Settings

Opens the setting area of the backup ser-vice.

Data Source The SOC always uses the Data Provider to access the data base, whether it is a local data base or a remote one. The service Data Provider checks the access rights of the requested data when it accesses the data base.

Monitoring Opens the monitoring settings (see chapter 3.2).

Exit Application

Closes the Security Operation Center.


Securepoint


6.1 Who is Online

Under the menu entry Who is online you are shown which users are logged in at the Data-

Provider at this moment.

The list of the logged in users contains the username and the IP-addresses of the client

computers. Furthermore the time of the last search run is displayed.

The button at the end of every row opens a chat dialog to the respective user.

The button Send to all at the end of the list transmits a chat message to all logged in users

at the same time.

fig. 42 logged in users


Securepoint


6.1.1 Online Chat

To start a chat session, use the button with envelope symbol. The chat dialog ap-

pears.

Type your message into the text field.

Press Enter to transmit the message.

Your text will be displayed in the upper text field of the dialog.

On the computer of your chat partner a chat dialog will be opened in the foreground.

When the other user sends a message back, it will be displayed in the upper text box

of the dialog.

To distinguish the messages your text will be tagged with your username and the

send time in blue font. Messages from other users will be tagged with their username

and the receiver time in red font.

fig. 43 chat dialog


Securepoint


6.2 Operation Center Settings

fig. 44 SOC settings

Setting Description

Changelog The chancelog shows the changes from version to version of the firewall software. Enter the URL and the filename of the changelog. These settings are required to use the function in the web interface.

Language Define the language of the SOC. You have to restart the SOC for change to take effect.

Build Define the directory where the versions shall be stored.

Passwords Change the password of the current user.

Exit Application Define if a confirmation prompt appears when you close the SOC.

Macro Define if the macro dialog appears when you connect to a firewall.

Menu Change the view to the sidebar menu. The change takes effect after a new login. Use F5 for a quick logout.

Start Screen Select the content of the right frame of the window which is shown at start. Selectable options: Overview Message board Securepoint Securepoint homepage Dashboard Monitoring in box view

Proxy Settings for using a proxy.

Show Update In Webinterface

Is this option selected, a message is shown when the SOC connects to an ap-pliance with an old firewall software.


Securepoint


6.3 Backup Settings

The service Backup offers to store a copy of the configuration of all managed appliances.

These copies will be saved in a database. Ten backups are stored for every appliance. When

the eleventh copy is created the oldest backup will be deleted.

The saved configuration can be reinstalled in the menu Firewalls.

fig. 45 backup settings

Setting Description

General Define the period of the backup runs. You can choose between daily, weekly and monthly. The option weekly requires the day of the week and the option monthly the day.

Time Define the time for the backup run.

Run Turn on this option to activate the backup service.

Force Run This button creates a backup of all ap-pliances immediately.


Securepoint


6.4 Data Provider

Under this menu point you have to enter the IP address of the Data Provider.

The Data Provider is a service which connects to the database where all monitoring and

backup data are stored. The connection to the database is necessary to load data to the Op-

eration Center and to store new settings and configurations. Furthermore the Data Provider

logs all actions of the user. This logging only affects operations on the SOC and not settings

at the appliances made via a SSH connection. So you can track, which actions the users

made in the Operation Center.

The Operation Center only starts if a connection to a Data Provider exists. Therefore the Op-

eration Center checks the connection to a Data Provider when starting the program.

The service can be placed on the local computer or centrally on a server. If the Data Provider

is installed centrally, several machines can access the database.

During the installation routine you can select, which components should be installed. The

Data Provider service is called Securepoint Data Provider. By default it is installed and

started at system start. The service uses the port 6178.

If the Data Provider is installed on a central server which operates night and day, the moni-

toring data and backups will be created and stored continuously even if the local computer is

turned off. Furthermore actions of other Security Operation Centers will be logged. Another

advantage is that all computers can access these data if they have installed the SOC and are

authorized to access the server. This applies not only to local computers but also to external

staffs. It doesn’t matter if the server is accessible from the internet or the external staff con-

nects to the server via a VPN connection.

The granting of read and write permission stored on a central server assures that the user

can only access data on appliances he is allowed to use.

Excluded appliances are only accessible for users with administrator rights.


Securepoint


6.4.1 Enter Data Provider at Startup

The Security Operation Center tries to connect to the local Data Provider service (IP

address 127.0.0.1) at startup.

If the service is not activated or not installed the SOC asks for an IP address of a

computer that provides the service. Type it into the field IP address. Use the default

port 6178.

Click on Test to connect and check the service.

If the test is successful, the button Save will be activated. Use it to save the IP ad-

dress.

Now you can login to the SOC.

Enter your username and your password into the relating fields and click login.

Default username is admin and password is insecure.

fig. 46 enter new IP

fig. 47 save connection and login


Securepoint


6.4.2 Change the Source of the Data Provider

You can change the IP address of the Data Provider when the SOC is actuated. The moni-

toring data and the configuration backups will be stored in the database of the new address.

In the area Operation Center click the button Data Source.

The Window Data Source appears. It shows the IP address of the computer where

the used Data Provider service is running.

Enter the IP address of the computer, whose Data Provider service you want to use

into the field IP.

Change the port number in the field Port if required. By default the port 6178 is used.

Click on the button Test Connection. If the test is successful, a result message ap-

pears beneath the button. Now you can store the connection data with Save.

If the test fails, check the IP address and the port number. Make sure that the service

on the target host is running and available.

fig. 48 change data source


Securepoint


7 Firewalls

In this menu all managed appliances are listed. The firewalls can be sorted by several criteria

for example name, type, group membership etc.

fig. 49 firewalls sorted by groups

fig. 50 sorting options

7.1 Context Menu

The context menu of every firewall offers several options to edit the firewall. To access the

context menu click with the right mouse button on the firewall wanted.

fig. 51 firewall context menu

Name Function

Connect Connects to the firewall by using the stored access data.

Logout Disconnects from the firewall.

LiveLog Opens a new window, which shows the Live Log of the firewall.

Comment Description or notes to the firewall.

SSH Console Connects the firewall by using SSH protocol and opens a terminal window.

Properties Opens a Dialog to edit the properties of the firewall.

Monitoring Shows a list of the stored monitoring runs.

Plot Opens plots about CPU load, memory- and SWAP-utilization.

Advanced Plot Opens plots about TCP- and UDP-connections and the online status.

Backup Shows stored backups.

Permissions Shows permissions of groups and users.

Delete Deletes the firewall from the list.

Reboot Restarts the firewall.

Halt Turns the firewall off.


Securepoint


7.2 Query Interface

At the bottom of this area a search function is positioned. You can search for name or IP ad-

dresses. If the query is successful, the firewall found will be highlighted in the list.

Furthermore two buttons are placed here for quick opening and closing of all groups in the

list.

fig. 52 search mask

7.3 Adding a Firewall

Use the button Add to add a new firewall to the list.

fig. 53 add firewall

Name Description

Name Name of the new appliance

IP and IP 2 IP addresses of the appliance (for example internal and external IP addresses)

Port SSH port to use (default 22)

S/N Serial number of the appliance

Type Appliance type selection

City Position of the appliance

Country Position of the appliance

Group Group membership selection

Owner Owner of the appliance

SSH Creden-tials

Username Username for SSH con-nection

Password Password for the SSH connection

Monitoring Always Appliance will be con-trolled always.

Exclude Appliance will be excluded from controlling.

Monitoring State

Defining the monitoring state (low, normal, impor-tant).

Backup Always Configuration backups will be made always.

Exclude Appliance will be excluded from the backup.


Securepoint


7.4 Plot

The entries Plot and Advanced Plot in the context menu are showing load and connection

statistics in graphical style. The last hundred values of the monitoring will be displayed if

available.

The point Plot shows the processor load, the memory utilization and the swap file utilization.

The point Advanced Plot shows the numbers of TCP and UDP connections and the online

state of the appliance.

fig. 54 load plots

fig. 55 connections plots


Securepoint


7.5 Backup

This point will list the created backups (beginning with the newest). For every appliance only

ten backups are stored.

fig. 56 list of created backups

Beneath the name of the configuration the date and the time

of the backup is shown.

You can export the data with the Button Export or play

it back to the appliance with the button Upload . You

can select a new name for the play back or adopt the old

name. After this you have to decide, if the configuration

should be set as start configuration and if the appliance

should be rebooted.

You can edit the backup by clicking the wrench symbol. The

saved configuration will be opened in the web interface. Here

you can make settings in offline mode. This means that you

don’t edit the current running configuration.

Some functions like configuration management and live log

are not available because these backups are handled in

offline processing.

The edited stored configurations can be uploaded to the ap-

pliance.


Securepoint


7.6 Permissions

With the entry Permissions in the context menu you can define the access rights for the

appliance.

The following permissions are available:

Deny The view to the appliance is refused for the group or the user.

Read The group or the user has only read access to the appliance.

Read / Write The group or the user is allowed to read and edit the settings of

the appliance.

The access rights of the user take priority over the permissions of the group.

For example: The group staff has read access. The user A is member of the user group

staff. He has read and write access. So he can access the appliance with

read and write rights.

fig. 57 group and user permissions


Securepoint


8 Sidebar Menu

The Sidebar menu is an alternative menu view. This view can be useful, if you use a small

monitor or a low resolution. The sidebar menu has the advantage that the most dialogs do

not need scrollbars, by reason that no stacked menus are used.

fig. 58 Sidebar menu

In the sidebar menu view the menu firewalls offers two additional buttons: Quick Connect

and Refresh. These buttons are not available in the other view.

Use the button Refresh to update the firewall list.

8.1 Quick Connect

You can use the function Quick Connect to establish a connection to a firewall that should

not be added to the firewall list permanently.

The button Quick Connect opens a dialog where you have to enter the connection data for

the temporary connection.

fig. 59 Qick Connect dialog


Securepoint


9 Hotkeys

A few functions are stored to the keyboard function keys for fast access.

These key functions are also named as hotkeys or short cuts.

Key Function

F2 Opens the tree view in menu firewalls.

F4 Close the connection to a firewall.

F5 Logout from the SOC. Does not close the SOC. Not available when a con-nection to a firewall is established.

F11 Switch to full screen mode and back.

F12 Takes a screenshot and opens a save dialog.

Documents

Version 10 - Securepoint Downloadsdownload.securepoint.de/.../manual_security_operation_center_1.0.pdf · Security Operation Center Securepoint 10 Securepoint Security Solutions 4