Veri-NAC™—the fastest to deploy, easiest to use
Contents
1. ATV JO lef F heer SA my AE HOLA ens NO T T HTA 7 8 9 10 Figure 1 4 LYN5400A R2 back panel 4 14 13 12 11 a HH op i 1 2888 gt Er Ho 11 A CID ES Bi ii l l 7 8 9 10 Figure 1 5 LVN5600A R2 back panel Page 8 724 746 5500 blackbox com LVN5200A R2 Chapter 1 Setting Up the Veri NAC Applicance 4 18 17 1615 12 11 10 e gt Ad Ll bile 5 CED cama lU T E amp Lel al a es re 5 6 7 8 910 Figure 1 6 LVN5800A R2 back panel Table 1 4 LVN5400A R2 LVN5600A R2 LVN5800A R2 components Number Component 1 IEC 320 power connector 2 PS 2 mouse connector 3 Air holes 4 Not used 5 PS 2 keyboard connector 6 2 USB Type A ports 7 DB9 serial 8 HD15 VGA 9 Eth O LVN5400A R2 LVN5600A R2 LVN5800A R2 10 Eth 1 LVN2. Ports for Automatic Download To enable downloads to take place have your System Administrator or Network Engineer open port 443 on your firewall server Next access the Veri NAC through a Web browser window on any system on the same subnet or Local Area Network LAN Step Five Use a Browser to Configure the Veri NAC 1 To log on open a secure browser window with the protocol https instead of just http using the IP address of the Veri NAC as the URL For example if the Veri NAC has IP address 192 168 254 156 the URL to open in your browser would be https 192 168 254 156 using the default SSL port OR https 192 168 254 156 lt custom SSL port number gt 2 The Veri NAC login window appears 3 Enter the user name and password provided on the Password Sheet delivered with your appliance 4 Click on the Login button The License Agreement appears first Accept this license using the button at the bottom of the screen This request to accept will appear at every log in until you accept it 5 Next the Help Product Overview page of the Veri NAC opens in the browser with brief descriptions and links to all the other product pages Page 10 724 746 5500 blackbox com LVN5200A R2 Chapter 1 Setting Up the Veri NAC Applicance CAUTION To be sure that Veri NAC produces accurate results you must be sure you have downloaded the latest Common Vulnerabilities and Exposure CVE vulnerability signatures later when Veri NAC updates i
3. Temporary Internet Files Amount of disk space to use Move Folder View Files View Objects Figure 2 1 Settings screen This setting clears the cache and ensures all edits to reports display upon subsequent visits 2 2 Internet Explorer Security Issues In Internet Explorer you may frequently receive prompts like this see Figure 2 2 LVN5200A R2 Page 13 Chapter 2 Configuring the Browser Security Information xj cn This page contains both secure and nonsecure S items Do you want to display the nonsecure items i No More Info Figure 2 2 Security information prompt To turn off this prompt e Select Tools gt Internet Options e Click on the Security tab e Click on the Custom Level button e Scroll down to the Miscellaneous category and find Display mixed content e To change the prompt setting select Enable for this setting then click OK to save it see Figure 2 3 Page 14 724 746 5500 blackbox com LVN5200A R2 Chapter 2 Configuring the Browser Internet Options Ax O Medium safety Miscellaneous E Access data sources across domains El Allow META REFRESH Allow scripting of Internet Explorer Webbrowser control El Allow scriptanitiated windows without size or position constrai E Allow web sites to open windows without address or status bi E Allow webpages to use restricted protocols for active content E Display mixed content E Don
4. fuente de poder deben ser guiados de tal manera que no sean pisados ni pellizcados por objetos colocados sobre o contra ellos poniendo particular atenci n a los contactos y recept culos donde salen del aparato 14 El equipo el ctrico debe ser limpiado nicamente de acuerdo a las recomendaciones del fabricante 15 En caso de existir una antena externa deber ser localizada lejos de las lineas de energia 16 El cable de corriente deber ser desconectado del cuando el equipo no sea usado por un largo periodo de tiempo 17 Cuidado debe ser tomado de tal manera que objectos liquidos no sean derramados sobre la cubierta u orificios de ventilaci n 18 Servicio por personal calificado deber ser provisto cuando El cable de poder o el contacto ha sido da ado u Objectos han ca do o l quido ha sido derramado dentro del aparato o El aparato ha sido expuesto a la lluvia o El aparato parece no operar normalmente o muestra un cambio en su desempe o o El aparato ha sido tirado o su cubierta ha sido da ada MON Page 4 724 746 5500 blackbox com LVN5200A R2 Table of Contents 1 Setting Upthe Veri NAC Applied 6 VW a e E a setasheeaaepeseabadac i daseled sen Chaetsaadgnacel a a a a a A E T 6 1 2 LVN5200A R2 LVN5250A R2 and LVN5400A R2 LVN5600A R2 LVN5800A R2 Appliances oooooocoococccooocccononcconoccononnncnnnncononnncn nnnnos 6 2 COMME UGG HMEHB A 13 2 1 Internet Explorer Cache SUS ccascrooniai ilatina coven A E dani
5. gt Options gt Advanced gt Encryption and click on View Certificates see Flgure 2 5 2 In the Servers and Authorities tab remove the appliance certificate by highlighting the appliance s IP and clicking Delete 3 Try refreshing the page and add the appliance to the exception list Page 16 724 746 5500 blackbox com LVN5200A R2 Chapter 2 Configuring Your Browser Options wW O Y E amp Main Tabs Content Feeds Privacy Security Advanced General Network Update Encryption r Protocols Use SSL 3 0 Use TLS 1 0 r Certificates When a web site requires a certificate Select one automatically 2 Ask me every time View Certificates Revocation Lists Security Devices Figure 2 5 Options screen LVN5200A R2 Page 17 Chapter 3 Troubleshooting 3 Troubleshooting For additional help please consult the User Guide or Black Box Network Services Technical Support at 724 746 5500 Additionally you can contact your Authorized Black Box Network Services Reseller for support For more information contact Black Box Network Services at 724 746 5500 Please have the following information ready e Total number of network assets e Veri NAC model and serial number e Veri NAC firmware software version e A network topology diagram e Type of firewalls and switches you are using e Presence of VLANs proxy servers remote subnets e What symptoms or issues you are experiencing We
6. 5400A R2 LVN5600A R2 LVN5800A R2 11 Eth 2 LVN5400A R2 LVN5600A R2 LVN5800A R2 12 Eth 3 LVN5400A R2 LVN5600A R2 LVN5800A R2 13 Eth 4 LVN5600A R2 14 Eth 5 LVN5600A R2 15 Eth 4 LVN5800A R2 16 Eth 5 LVN5800A R2 17 Eth 6 LVN5800A R2 18 Eth 7 LVN5800A R2 NOTE The network cable must be CAT5 cable or higher with RJ 45 connectors Description Connects to power Links to PS 2 mouse Allow cooling Links to PS 2 keyboard Links to USB peripherals Links to serial connector Links to monitor Connects to LAN O Connects to LAN 1 Connects to LAN 2 Connects to LAN 3 Connects to LAN 4 Connects to LAN 5 Connects to LAN 4 Connects to LAN 5 Connects to LAN 6 Connects to LAN 7 LVN5200A R2 Page 9 Chapter 1 Setting Up the Veri NAC Appliances Step Two Connect the Monitor and Keyboard 1 Connect the monitor cable to the 15 pin VGA color Monitor port on the rear of the appliance 2 Connect a keyboard to the Keyboard outlet on the rear of the appliance 3 Press the Power button on the far right front panel of the appliance The Power LED indicates that power is on and the network LED flashes indicating network traffic is occurring On the rear panel adjacent to the Ethernet port another LED begins flashing to indicate that network traffic is occurring After a scan completes a bootup screen appears Step Three A If Your Environment Is DHCP In a DHCP environment the IP address subnet mask and default gat
7. LVN5200A R2 LVN5600A R2 o o LVN5250A R2 LVN5800A R2 lt 5BLACK BOX nen NETWORK SERVICES Me Ares ESS CONTROL Customer Order toll free in the U S Call 877 877 BBOX outside U S call 724 746 5500 e Support FREE technical support 24 hours a day 7 days a week Call 724 746 5500 or fax 724 746 0746 e Inf ti Mailing address Black Box Corporation 1000 Park Drive Lawrence PA 15055 1018 e Sd Web site www blackbox com E mail infoO blackbox com Trademarks Used in this Manual Trademarks Used in this Manual Black Box and the Double Diamond logo are registered trademarks and Veri NAC is a trademark of BB Technologies Inc Microsoft and Internet Explorer are registered trademarks of Microsoft Corporation Mozilla and Firefox are registered trademarks of Mozilla Foundation Corporation Opera is a trademark of Opera Software ASA Corporation Norway Any other trademarks mentioned in this manual are acknowledged to be the property of the trademark owners Page 2 724 746 5500 blackbox com LVN5200A R2 FCC and IC RFI Statements Federal Communications Commission and Industry Canada Radio Frequency Interference Statements This equipment generates uses and can radiate radio frequency energy and if not installed and used properly that is in strict accordance with the manufacturer s instructions may cause interference to radio communication It has been tested and found to comply with the limits for a Class A computing
8. Rabia E AAE E ea aabd oa santa iia dnde 13 2 2 Internet Explorer S c rity ISSUES mni cea sais 13 2 3 Mozilla Firefox Security ISSUES ardilla A aA 15 Al O 18 We re here to help If you have any questions about your application or our products contact Black Box Tech Support at 724 746 5500 or go to blackbox com and click on Talk to Black Box You ll be live with one of our technical experts in less than 30 seconds LVN5200A R2 Page 5 Chapter 1 Setting Up the Veri NAC Appliances 1 Setting Up the Veri NAC Appliance The Veri NAC Appliance can help provide better Network Access Control and help prevent intrusions on your network There are five Veri NAC models LVN5200A R2 LVN5250A R2 LVN5400A R2 LVN5600A R2 and LVN5800A R2 rackmountable 1U appliances 1 1 What s Included Your package should include the following items If anything is missing or damaged contact Black Box Technical Support at 724 746 5500 LVN5200A R2 LVN5250A R2 e Veri NAC appliance e 2 EVNSL81 0010 cables e This printed Quick Start Guide a Default Password Sheet and a License Agreement e This QSG full manual readme file and FAQ on CD ROM e Printed read me document LVN5400A R2 LVN5600A R2 LVN5800A R2 e Veri NAC appliance e EVNSL81 0010 cables 4 for LVN5400A R2 6 for LVN5600A R2 8 for LVN5800A R2 e This printed Quick Start Guide a Default Password Sheet and License Agreement e Printed full manual e This QSG full
9. are Signatures You should see the following BLACK BOX N A NETWORK VULMERAMILITY A ACCESE CONTRO b Malware Threat Signature Updates Status Automatic Malware Signature Updates Running Last Signature Update Tue Nov 2 09 00 37 2010 Next Signature Update Tue Nov 2 12 00 37 2010 P Network Access Control System Asset Tracker i Command Center Audits Reports P vorktow Policies and Regulations Updates Logona Figure Q1 7 Veri NAC malware updates status LVN5200A R2 Page 11 Chapter 1 Setting Up the Veri NAC Appliances Step Seven Discovering All Your Network Assets Before you can turn on alerts and the blocking engine create a list of all your trusted network assets To do this 1 Go to the left frame menu bar and select Network Access Control gt Asset Discovery 2 If you use NetBIOS on any of your equipment click the Use NetBIOS Scans for host names 3 Click the Refresh IPs button and wait approximately 5 15 minutes while the appliance discovers all the trusted network assets on the current subnet Your Veri NAC is now up and running Start reading through the User Guide In particular learn about the Network Access Control gt Dynamic Detection System as well as the Inventory Alerts Remember one of the most powerful features of your Veri NAC appliance is your Veri NAC blocking engine so you ll also need to look at the Manage IPs list to determine how to add and remove assets to a
10. d drive Lights when the unit is powered on Press this button to reset the system Press this button to turn power ON OFF Figure 1 2 shows the LVN5200A R2 LVN5250A R2 back panel Table 1 2 describes its components Number O ON DU pun 2 N 2 Oo 2 3 4 E lef AAA ee Ep e E 9 le Slesiosiorio e ORES III io z a 6 7 8 9 10 11 12 Figure 1 2 LVN5200A R2 LVN5250A R2 back panel Table 1 2 LVN5200A R2 LVN5250A R2 back panel components Component IEC 320 power connector PS 2 mouse connector Air holes Not used Expansion slot cover PS 2 keyboard connector 2 USB Type A ports DB9 serial HD15 VGA Eth 1 Eth O Description Connects to power Links to PS 2 mouse Allow cooling Covers expansion slots Links to PS 2 keyboard Links to USB peripherals Links to serial connector Links to monitor Connects to LAN 2 Connects to LAN 1 LVN5200A R2 Page 7 Chapter 1 Setting Up the Veri NAC Appliances Figure 1 3 shows the LVN5400A R2 LVN5600A R2 LVN5800A R2 model
11. device in accordance with the specifications in Subpart B of Part 15 of FCC rules which are designed to provide reasonable protection against such interference when the equipment is operated in a commercial environment Operation of this equipment in a residential area is likely to cause interference in which case the user at his own expense will be required to take whatever measures may be necessary to correct the interference Changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment This digital apparatus does not exceed the Class A limits for radio noise emission from digital apparatus set out in the Radio Interference Regulation of Industry Canada Le pr sent appareil num rique n met pas de bruits radio lectriques d passant les limites applicables aux appareils num riques de la classe A prescrites dans le Reglement sur le brouillage radio lectrique publi par Industrie Canada LVN5200A R2 Page 3 NOM Statement Instrucciones de Seguridad Normas Oficiales Mexicanas Electrical Safety Statement 1 Todas las instrucciones de seguridad y operaci n deber n ser le das antes de que el aparato el ctrico sea operado 2 Las instrucciones de seguridad y operaci n deber n ser guardadas para referencia futura 3 Todas las advertencias en el aparato el ctrico y en sus instrucciones de operaci n deben ser respetadas 4 Todas las instruccio
12. eway settings have been assigned automatically and should appear on the next menu Do not make any selections or change any settings Do not save any settings if you have not changed anything 1 IMPORTANT Write down the appliance IP address for later use 2 Disconnect the monitor keyboard and computer from the appliance No further direct connection to the appliance is required Step Three B If Your Environment Is Non DHCP In a Non DHCP environment you must assign the IP address other settings 1 Type the number of a parameter at lt Make a selection gt then press lt Enter gt As prompted type a new value and press lt Enter gt To enter Network Configuration press lt 1 gt 2 IMPORTANT Write down the appliance IP address 3 To set the IP address press lt 2 gt and press lt Enter gt At the Enter new IP address prompt type the IP address i e 192 168 254 156 and press lt Enter gt The list of settings is displayed with the IP address you entered 4 Enter values for the Subnet mask lt 3 gt Default gateway lt 4 gt and Host name lt 6 gt that apply to your network 5 To add a DNS server press lt 5 gt and lt Enter gt After you have added your DNS servers press lt 3 gt to save your server values then press lt Q gt and lt Enter gt to return to the Main Menu 6 Disconnect the monitor and keyboard from the Veri NAC No further direct connection to the appliance is required Step Four Open
13. manual readme file and FAQ on CD ROM e Printed read me document 1 2 LVN5200A R2 LVN5250A R2 and LVN5400A R2 LVN5600A R2 LVN5800A R2 Applicances To set up the Veri NAC appliance on your network connect it to the first switch or hub inside your firewall Then follow these steps Step One Connect to Your Network 1 A power cable is included with each Veri NAC Connect the power cable to the power jack on the rear side on the far left end of the appliance and to a 3 prong grounded 120 VAC 60 Hz outlet NOTE We strongly recommend that you plug your Veri NAC appliance into a surge protector to ensure that your appliance is protected from voltage spikes 2 Connect your local area network to the Ethernet O port labeled EthO on the rear of the Veri NAC appliance see Figure 1 2 or 1 4 Figure 1 1 shows the LVN5200A R2 LVN5250A R2 front panel Table 1 1 describes its components 1234567 Veri NAC NETWORK VULNERABILITY amp ACCESS CONTROL Figure 1 1 LVN5200A R2 LVN5250A R2 front panel Page 6 724 746 5500 blackbox com LVN5200A R2 Number W N Dd Ul A N Chapter 1 Setting Up the Veri NAC Appliances Table 1 1 LVN5200A R2 LVN5250A R2 front panel components Component System overheat LED Network activity LEDs Hard drive activity LED Power LED System reset button Power ON OFF button Description Lights when the system overheats Lights during activity on the network Lights during activity on the har
14. nd from your trust list Page 12 724 746 5500 blackbox com LVN5200A R2 Chapter 2 Configuring the Browser 2 Configuring the Browser Veri NAC has been verified with the following Web browsers Microsoft Internet Explorer Versions 5 0 6 0 7 0 and 8 0 Mozilla Firefox Versions 2 x and 3 x and Opera Version 9 63 2 1 Internet Explorer Cache Issues Occasionally if you perform a task with Veri NAC Internet Explorer 6 0 does not immediately update the display If for example you decide to add a custom comment to a report and then recreate the report when you next open that report or view the Text of Vulnerabilities your new comment may not display Instead you may see the older cached version of the report To be sure you see the newest version of the report every time change your browser settings as follows see Figure 2 1 e Go to the Internet Explorer menu bar and select Tools Internet Options e In the Internet Options window click on the General tab and then click the Settings button e Under Check for newer versions of stored pages select Every visit to the page General security Content Connections Programs Advanced Hnme nane axil Check for newer versions of stored pages Ma Every visit to the page 2 Every time you start Internet Explorer C Automatically C Never Temporary Internet files folder Current location C Documents and Settings NetClarity Local Settings
15. nes de operaci n y uso deben ser seguidas 5 El aparato el ctrico no deber ser usado cerca del agua por ejemplo cerca de la tina de ba o lavabo s tano mojado o cerca de una alberca etc D El aparato el ctrico debe ser usado nicamente con carritos o pedestales que sean recomendados por el fabricante N El aparato el ctrico debe ser montado a la pared o al techo s lo como sea recomendado por el fabricante 00 Servicio El usuario no debe intentar dar servicio al equipo el ctrico m s all a lo descrito en las instrucciones de operaci n Todo otro servicio deber ser referido a personal de servicio calificado o El aparato el ctrico debe ser situado de tal manera que su posici n no interfiera su uso La colocaci n del aparato el ctrico sobre una cama sof alfombra o superficie similar puede bloquea la ventilaci n no se debe colocar en libreros o gabinetes que impidan el flujo de aire por los orificios de ventilaci n 10 El equipo el ctrico deber ser situado fuera del alcance de fuentes de calor como radiadores registros de calor estufas u otros aparatos incluyendo amplificadores que producen calor 11 El aparato el ctrico deber ser connectado a una fuente de poder s lo del tipo descrito en el instructivo de operaci n o como se indique en el aparato 12 Precauci n debe ser tomada de tal manera que la tierra fisica y la polarizaci n del equipo no sea eliminada 13 Los cables de la
16. re here to help If you have any questions about your application or our products contact Black Box Tech Support at 724 746 5500 or go to blackbox com and click on Talk to Black Box You ll be live with one of our technical experts in less than 30 seconds Page 18 724 746 5500 blackbox com LVN5200A R2 NOTES LVN5200A R2 Page 19 Black Box Tech Support FREE Live 24 7 Tech support the way it should be Great tech support is just 30 seconds away at 724 746 5500 or blackbox com lt BLACK BOX About Black Box Black Box Network Services is your source for more than 118 000 networking and infrastructure products You ll find everything from cabinets and racks and power and surge protection products to media converters and Ethernet switches all supported by free live 24 7 Tech support available in 30 seconds or less id di DIA OA LVN5200A R2 rev 2 N 503 0053 05 724 746 5500 blackbox com
17. s front panel Table 1 3 lists its components lt gt BLACK BOX www blackbox com 1234567 Veri NA C NETWORK VULNERABILITY amp ACCESS CONTROL Number Component System overheat LED Network activity LEDs Hard drive activity LED Power LED System reset button Power ON OFF button Vent holes for airflow Figure 1 3 LVN5400A R2 LVN5600A R2 LVN5800A R2 front panel Table 1 3 LVN5400A R2 LVN5600A R2 LVN5800A R2 components Description Lights when the system overheats Lights during activity on the network Lights during activity on the hard drive Lights when the unit is powered on Press this button to reset the system Press this button to turn power ON OFF Allows for system cooling Figures 1 4 through 1 6 show the LVN5400A R2 LVN5600A R2 LVN5800A R2 models back panels Table 1 4 lists their components 12 11
18. t prompt for client certificate selection when no certificat E Drag and drop or copy and paste files E Installation of desktop items a AA sunchinn snnlicstiane and meta flor LES m 2 Takes effect after you restart Internet Explorer Pa eto a Cons Figure 2 3 Security settings 2 3 Mozilla Firefox Security Issues To get rid of certificate errors in Firefox 1 On the screen that comes up when you get a certificate error click on Or you can add an exception see Figure 2 4 2 Click on Add Exception 3 The appliance s IP should be automatically filled in the Server Location field 4 Click Get Certificate gt Confirm Security Exception LVN5200A R2 Page 15 Chapter 2 Configuring the Browser Secure Connection Failed Veri NAC uses an invalid security certificate The certificate is not trusted because it is self certificate The certificate is only valid for Unknown Error code sec_error_untrusted_issuer e This could be a problem with the server s configuration or it could be someone to impersonate the server e If you have connected to this ever successfully in the past the error may be tem and you can try again later Or you can add an exception Flgure 2 4 Secure connection failed screen You may also run into a specific Firefox security error that reads Error code sec_error_reused_issuer_and_serial To remedy this problem 1 Go to Tools
19. tself regularly it will down load new signatures daily but if you do not add all known vulnerabilities when it starts it will not realize that it doesn t have them To be sure you have the latest CVEs initially you must carry out the next step Downloading CVE Tests Step Six Downloading CVE Tests and Making Sure Malware Updates are Running All Models Except LVN5200A R2 Before you take any other action with the product you must download the latest Common Vulnerabilities and Exposures CVEs tests into the Veri NAC database CAUTION If you skip this step Veri NAC will not do its job effectively 1 Go to the left frame menu bar and select Updates gt Vulnerability Signatures 2 Click the Update Now button 3 As long as the appliance is on a network connected to the Internet you just need to click Download Updates and after the updates download click Install Now 4 If your appliance is NOT on a network connected to the Internet you must update from a machine that is Go to that machine and log into Veri NAC then click Download Updates Then browse to the file using the Browse button and click Upload Now to install the update on Veri NAC 5 After you have updated the vulnerability signatures you may now return to the Vulnerability Signature Updates page and select Daily so that the updates automatically occur daily Be sure to click Save to save the setting 6 Click on Updates gt Malw
Download Pdf Manuals
Related Search