Installation Guide for Cisco Security Manager 3.0.1 - Index [Cisco Security Manager]

Table Of Contents

A - B - C - D - E - F - G - H - I - J - L - M - N - O - P - R - S - T - U - V - W -

Index

A

antivirus utilities, requirement to disable 5, 6

audience for this document ii

Auto Update Server (AUS)

documentation v

licensing 8

overview 4

B

bootstrapping devices 4

browsers

requirements

cache 2

client 8

server 6

See also Internet Explorer

See also Mozilla

C

C/C++ library files, where stored 9

Catalyst 6500/7600 Device Manager (DM6500/7600), overview 3

cautions, significance of iii

CD-ONE

unsupported use 4

certificates. See digital certificates

checklists

client, browser best practices 2

server

enhancing performance 2

installation readiness 5

post-installation tasks 2

security best practices 6

Cisco Marketplace xiii

Cisco Press xiii

Cisco Product Quick Reference Guide, obtaining xiii

Cisco product security

PSIRT x

vulnerability policy portal x

Cisco Security Agent

documentation 1

installation, conditions for 6

overview 6

policies

exported, on DVD 6, 3

imported, requirement to reconcile 3

standalone agent 6, 1

security levels

changing 3

default 3

understanding 3

troubleshooting 11, 1

uninstalling, recommendation against 3, 12

Cisco Security Manager

basic concepts 4

getting started 4

late-breaking information about ii

learning more about 4

logging in 3

overview 3

using 4

Cisco Security Monitoring, Analysis, and Response System (Cisco Security MARS)

date and time synchronization 5

interoperation with 5

overview i

CiscoView Device Manager

features in SecurityManager 3

unsupported use 4

See also Catalyst 6500/7600 Device Manager (DM 6500/7600)

CiscoWorks

CommonServices, overview 2

Monitoring Center for Performance. See Performance Monitor

Monitoring Center for Security. See Security Monitor

TCP ports

Daemon Manager 3

HTTP 3

VPN/Security Management Solution (VMS)

free upgrade from 4

migrating data to SecurityManager iv

client software

installing 5

InstallShield database corruption 5

logging in to a server 3

using 3

client systems

deleting Temp files 6

file locations on 9, 8

recommendation to delete Temp files 9

video (graphics) card drivers

confirming installed versions 7

upgrading 7

CMFLOCK.TXT file, deleting 13

Common Services

documentation 1

installing 1

licensing 8

required version 2

requirement to use 1

CSTM TCP port 4

D

database TCP port 3

date and time settings

caution against changing 5

recommendation to synchronize 1, 5

use of NTP servers 1

device bootstrapping 4

device credentials repository (DCR)

server process 5

TCP port 3

troubleshooting 5

digital certificates

requirement to create 2

troubleshooting 5

directory encryption, restriction against 6

documentation

audience for this ii

on Cisco.com viii, xi

on DVD-ROM viii

ordering ix

reviewing updated iii

typographical conventions in ii

documentation, obtaining

Auto Update Server v

Cisco SecurityAgent vii, 1

Cisco SecurityManager iv

CommonServices vi

IPSManager vi

PerformanceMonitor viii

Resource Manager Essentials (RME) vii

documentation feedback, sending to Cisco ii, ix

domain controllers (primary or backup), unsupported use 6

E

encrypted directories, restriction against 6

evaluation license

device count limitations 6

duration 6

upgrading to permanent license 7

Event Services software TCP port requirements

HTTP 4

listening 4

routing 4

services 4

F

FAQs, in the troubleshooting guide iv

files, where stored

Cisco Security Agent

logs 2

policies 6, 3

on client systems 9

on servers 9

file system recommendations 5

G

gatekeeper HIPO TCP port 3

getting started with Cisco SecurityManager 4

H

HTTP TCP port 3

I

installation

client software 5

InstallShield database corruption 5

planning and preparation ii

servers

dependencies 1

general requirements 1

GUI reference 1

post-installation tasks 2

preparatory tasks 1

starting an installation 5

troubleshooting 5

verifying 6

Internet Explorer

cache size requirement 6, 9

confirming the installed Java version 8

security settings 9

versions supported 6, 8

See also browsers

See also Mozilla

Internet Information Server (IIS)

conflict with SecurityManager 4, 6

requirement to uninstall 4, 6

Internet Inter-ORB Protocol (IIOP) TCP port 3

IP addresses

disabling dynamic addresses 5

static address requirement 6

using a static address 5

IPS database engine TCP port 3

IPS Manager

documentation vi

importing IPSMC2.2 data 7

migrating from IPSMC 3, 7

overview 3

prerequisites to import IPSMC data 7

time required to import IPSMC data 8

using IpsMcDbUpgrade.pl 8

See also IPS MC

IPS MC

backing up server data 3

exporting data 3

migrating to IPSManager 3, 7

securing the backed-up data 3

See also IPS Manager

IpsMcDbUpgrade.pl 8

J

Java

confirming the installed version 8

embedded version on client systems 8

enabling 2

obtaining 8

version to use with IPSManager 8

JavaScript, enabling 2

L

language versions supported (Windows)

client 8

server 5

LAN Management Solution (LMS), unsupported use 2

licenses

file locations for

PerformanceMonitor 6

RME 5

installing 8

Product Authorization Key (PAK) 7

SecurityManager kit part numbers 7

settings 7

Software License Claim Certificate 7

understanding 7

upgrading 7

uploading new 7

working with 7

license server TCP port 3

M

Management Center for Cisco Security Agents (CSAMC), documentation vii

Management Center for IPS Sensors (IPSMC). See IPS Manager

McAfee Antivirus

incompatibility 6

reenabling 8

requirement to disable 6

memory (RAM)

client requirements 7

server requirements 5

Monitoring Center for Performance. See Performance Monitor

Mozilla

confirming the installed Java version 8

security settings 9

versions supported 6, 8

N

NETBIOS, recommendation to disable 4

Networking Professionals Connection xiv

network protocols, recommendation to disable 4

network shares, recommendation to avoid 4

Network Time Protocol (NTP) server, recommendation to use 1, 5

Norton Internet Security 2005

incompatibility 6, 8

requirement to disable 6

requirement to uninstall 8

NTFS file system, requirement to use 5

O

ODBC driver manager

confirming the installed version 5

requirements 5

working with Sybase files 5

OGS TCP port 3

online help, tips for viewing 1

operating systems

on client systems

Windows2000 8

Windows2003 8

WindowsXP Professional 8

on servers

Windows2000 5

Windows 2003 Server 5

Osagent UDP port 3

overview 1

P

passwords

admin account 6

requirement to use identical passwords 6

security basics 4

strong passwords

characteristics 3

definition 3

how to require 3

recommendations 3

System Identity Account 6

peer support, Networking Professionals Connection xiv

Performance Monitor

availability viii

documentation viii

entitlement to install 6

license file location 6

licensing 8

overview 6

permanent license, upgrading from evaluation license 7

point patches

applying to a client 9

applying to a server 10

caution against accepting from a third-party 9

default location on client systems 10

deleting Temp files on client systems 6

obtaining 9

recommendation to delete Temp files on client systems 9

version mismatch 9

popup blockers

configuring 1, 2

conflicting with other installed software 3

disabling 1, 2

requirements 2

troubleshooting 1, 2

ports

required for TCP 2

required for UDP 2

product registration. See licenses

PSIRT

email addresses

emergencies x

nonemergencies x

telephone numbers x

publications, obtaining additional xiii

R

related documentation, obtaining vi

Remote Copy Protocol TCP port 3

removable media drives, security implications if compromised 6

requirements

client system 7

servers

installation, general 1

system 4

Resource Manager Essentials (RME)

documentation vii

entitlement to install 5

installing 5

license file location 5

licensing 8

overview 5

S

Secure Shell (SSH) TCP port 2

security

advisories x

emergencies, definition x

incidents, obtaining assistance x

news from Cisco

registering to receive x

RSS feed URL x

nonemergencies, definition x

notices x

PSIRT x

vulnerabilities, reporting x

SecurityManager database TCP port 3

SecurityMonitor 3

server

configuration

boot settings 4

date and time settings 5

file locations

database files 9

log files 9

miscellaneous files 9

installations

best practices 1

dependencies 1

procedures 1

performance

best practices for enhancing 1

operating environment 4

preparation checklists 1

processes, verifying status 7

traffic

required inbound ports 2

required outbound ports 2

service agreement contracts 7

service packs

applying to a client 9

applying to a server 10

caution against accepting from a third-party 9

default location on client systems 10

deleting Temp files on client systems 6

obtaining 9

recommendation to delete Temp files on client systems 9

version mismatch 9

service requests

severity level definitions xiii

submitting xii

services

minimum required for Windows 4

required for TCP 2

required for UDP 2

SNMP polling UDP port 3

SNMP trap UDP port 3

software updates. See point patches

SSL certificate invalidation 5

SSL mode (for HTTP server) TCP port 3

support

Networking Professionals Connection xiv

obtaining from Cisco xi

service agreement contracts 7

Software Application Support contracts 7

Sybase, requirement to disable 6, 5

Sybase database files, requirement to use correct ODBC version 5

Syslog UDP port 3

T

TACACS+ TCP port 2

TCP

list of required ports 2

list of required services 2

technical support (TAC)

obtaining xi

URL for service requests xii

Telnet TCP port 2

Terminal Services

requirements 6

unsupported configuration 6

Tomcat

Ajp13 connector TCP port 3

global library files, where stored 9

shutdown TCP port 3

training, obtaining xiv

Trivial File Transfer Protocol (TFTP) UDP port 2

troubleshooting

antivirus scanners 3

Cisco Security Agent

blocking a valid operation 12

blocking network access 11

diagnostic utility 12

icon appearance changed in system tray 12

obtaining a revised agent from TAC 12

recognizing when the agent is disabled 12

security level is High 11

setting the security level to Medium 11

untrusted rootkit detected 11

using the log file 11

collecting server troubleshooting information 13

DCRServer process does not start 5

error messages

client installation 7

server installation 2

server uninstallation 6

file contents cannot be unpacked 5

file corruption

executable file 5

host-based intrusion software 3

incorrect GUI 7, 4

installation

does not run 9

hangs 3, 8

reviewing log files 16

interoperation with CS-MARS 5

invalid SSL certificate 5

java.security.cert errors 5

mapped drives 5

missing

GUI 4

product features 4

popup blockers 3, 1, 2

security software conflicts 3

server processes

changing 14

restarting 15

viewing 14

server self-test 13

uninstallation

does not run 9

hangs 6

using MDCSupport.exe 13

troubleshooting guide, obtaining iv

typographical conventions in this document ii

U

UDP

list of required ports 2

list of required services 2

uninstallation

cautions against

uninstalling from infected servers 12

client software 11

InstallShield database corruption 11

recommendation to restart client systems 12

recommendation to restart servers 13

servers

deleting CMFLOCK.TXT 13

failure to delete CSCOpx/bin folder 12

server software 12

updates. See point patches

upgrading from

an earlier release 3

VMS 3

user accounts

admin 2

casuser 2

System Identity 2

understanding 1

user permissions, understanding 3

using SecurityManager 4

V

verifying an installation 6

VMS, free upgrade from 4

W

web context files, where stored 9

Windows services, required 4

	Installation Guide for Cisco Security Manager 3.0.1
	Index
Installation Guide for Cisco Security Manager 3.0.1 Preface Overview Requirements and Dependencies Preparing a Server for Installation Installing, Upgrading, Downgrading, Uninstalling, and Reinstalling Server Applications Installing, Patching, and Uninstalling Security Manager Client Post-installation Server Tasks Preparing to Use Security Manager Security Manager Server Installation GUI Reference Troubleshooting Cisco Security Agent: Standalone Agent Overview Helpful Reference Information Index	Download this chapter Index Download the complete book Installation Guide for Cisco Security Manager 3.0.1 (PDF - 2 MB) Table Of Contents A - B - C - D - E - F - G - H - I - J - L - M - N - O - P - R - S - T - U - V - W - Index A antivirus utilities, requirement to disable 5, 6 audience for this document ii Auto Update Server (AUS) documentation v licensing 8 overview 4 B bootstrapping devices 4 browsers requirements cache 2 client 8 server 6 See also Internet Explorer See also Mozilla C C/C++ library files, where stored 9 Catalyst 6500/7600 Device Manager (DM6500/7600), overview 3 cautions, significance of iii CD-ONE unsupported use 4 certificates. See digital certificates checklists client, browser best practices 2 server enhancing performance 2 installation readiness 5 post-installation tasks 2 security best practices 6 Cisco Marketplace xiii Cisco Press xiii Cisco Product Quick Reference Guide, obtaining xiii Cisco product security PSIRT x vulnerability policy portal x Cisco Security Agent documentation 1 installation, conditions for 6 overview 6 policies exported, on DVD 6, 3 imported, requirement to reconcile 3 standalone agent 6, 1 security levels changing 3 default 3 understanding 3 troubleshooting 11, 1 uninstalling, recommendation against 3, 12 Cisco Security Manager basic concepts 4 getting started 4 late-breaking information about ii learning more about 4 logging in 3 overview 3 using 4 Cisco Security Monitoring, Analysis, and Response System (Cisco Security MARS) date and time synchronization 5 interoperation with 5 overview i CiscoView Device Manager features in SecurityManager 3 unsupported use 4 See also Catalyst 6500/7600 Device Manager (DM 6500/7600) CiscoWorks CommonServices, overview 2 Monitoring Center for Performance. See Performance Monitor Monitoring Center for Security. See Security Monitor TCP ports Daemon Manager 3 HTTP 3 VPN/Security Management Solution (VMS) free upgrade from 4 migrating data to SecurityManager iv client software installing 5 InstallShield database corruption 5 logging in to a server 3 using 3 client systems deleting Temp files 6 file locations on 9, 8 recommendation to delete Temp files 9 video (graphics) card drivers confirming installed versions 7 upgrading 7 CMFLOCK.TXT file, deleting 13 Common Services documentation 1 installing 1 licensing 8 required version 2 requirement to use 1 CSTM TCP port 4 D database TCP port 3 date and time settings caution against changing 5 recommendation to synchronize 1, 5 use of NTP servers 1 device bootstrapping 4 device credentials repository (DCR) server process 5 TCP port 3 troubleshooting 5 digital certificates requirement to create 2 troubleshooting 5 directory encryption, restriction against 6 documentation audience for this ii on Cisco.com viii, xi on DVD-ROM viii ordering ix reviewing updated iii typographical conventions in ii documentation, obtaining Auto Update Server v Cisco SecurityAgent vii, 1 Cisco SecurityManager iv CommonServices vi IPSManager vi PerformanceMonitor viii Resource Manager Essentials (RME) vii documentation feedback, sending to Cisco ii, ix domain controllers (primary or backup), unsupported use 6 E encrypted directories, restriction against 6 evaluation license device count limitations 6 duration 6 upgrading to permanent license 7 Event Services software TCP port requirements HTTP 4 listening 4 routing 4 services 4 F FAQs, in the troubleshooting guide iv files, where stored Cisco Security Agent logs 2 policies 6, 3 on client systems 9 on servers 9 file system recommendations 5 G gatekeeper HIPO TCP port 3 getting started with Cisco SecurityManager 4 H HTTP TCP port 3 I installation client software 5 InstallShield database corruption 5 planning and preparation ii servers dependencies 1 general requirements 1 GUI reference 1 post-installation tasks 2 preparatory tasks 1 starting an installation 5 troubleshooting 5 verifying 6 Internet Explorer cache size requirement 6, 9 confirming the installed Java version 8 security settings 9 versions supported 6, 8 See also browsers See also Mozilla Internet Information Server (IIS) conflict with SecurityManager 4, 6 requirement to uninstall 4, 6 Internet Inter-ORB Protocol (IIOP) TCP port 3 IP addresses disabling dynamic addresses 5 static address requirement 6 using a static address 5 IPS database engine TCP port 3 IPS Manager documentation vi importing IPSMC2.2 data 7 migrating from IPSMC 3, 7 overview 3 prerequisites to import IPSMC data 7 time required to import IPSMC data 8 using IpsMcDbUpgrade.pl 8 See also IPS MC IPS MC backing up server data 3 exporting data 3 migrating to IPSManager 3, 7 securing the backed-up data 3 See also IPS Manager IpsMcDbUpgrade.pl 8 J Java confirming the installed version 8 embedded version on client systems 8 enabling 2 obtaining 8 version to use with IPSManager 8 JavaScript, enabling 2 L language versions supported (Windows) client 8 server 5 LAN Management Solution (LMS), unsupported use 2 licenses file locations for PerformanceMonitor 6 RME 5 installing 8 Product Authorization Key (PAK) 7 SecurityManager kit part numbers 7 settings 7 Software License Claim Certificate 7 understanding 7 upgrading 7 uploading new 7 working with 7 license server TCP port 3 M Management Center for Cisco Security Agents (CSAMC), documentation vii Management Center for IPS Sensors (IPSMC). See IPS Manager McAfee Antivirus incompatibility 6 reenabling 8 requirement to disable 6 memory (RAM) client requirements 7 server requirements 5 Monitoring Center for Performance. See Performance Monitor Mozilla confirming the installed Java version 8 security settings 9 versions supported 6, 8 N NETBIOS, recommendation to disable 4 Networking Professionals Connection xiv network protocols, recommendation to disable 4 network shares, recommendation to avoid 4 Network Time Protocol (NTP) server, recommendation to use 1, 5 Norton Internet Security 2005 incompatibility 6, 8 requirement to disable 6 requirement to uninstall 8 NTFS file system, requirement to use 5 O ODBC driver manager confirming the installed version 5 requirements 5 working with Sybase files 5 OGS TCP port 3 online help, tips for viewing 1 operating systems on client systems Windows2000 8 Windows2003 8 WindowsXP Professional 8 on servers Windows2000 5 Windows 2003 Server 5 Osagent UDP port 3 overview 1 P passwords admin account 6 requirement to use identical passwords 6 security basics 4 strong passwords characteristics 3 definition 3 how to require 3 recommendations 3 System Identity Account 6 peer support, Networking Professionals Connection xiv Performance Monitor availability viii documentation viii entitlement to install 6 license file location 6 licensing 8 overview 6 permanent license, upgrading from evaluation license 7 point patches applying to a client 9 applying to a server 10 caution against accepting from a third-party 9 default location on client systems 10 deleting Temp files on client systems 6 obtaining 9 recommendation to delete Temp files on client systems 9 version mismatch 9 popup blockers configuring 1, 2 conflicting with other installed software 3 disabling 1, 2 requirements 2 troubleshooting 1, 2 ports required for TCP 2 required for UDP 2 product registration. See licenses PSIRT email addresses emergencies x nonemergencies x telephone numbers x publications, obtaining additional xiii R related documentation, obtaining vi Remote Copy Protocol TCP port 3 removable media drives, security implications if compromised 6 requirements client system 7 servers installation, general 1 system 4 Resource Manager Essentials (RME) documentation vii entitlement to install 5 installing 5 license file location 5 licensing 8 overview 5 S Secure Shell (SSH) TCP port 2 security advisories x emergencies, definition x incidents, obtaining assistance x news from Cisco registering to receive x RSS feed URL x nonemergencies, definition x notices x PSIRT x vulnerabilities, reporting x SecurityManager database TCP port 3 SecurityMonitor 3 server configuration boot settings 4 date and time settings 5 file locations database files 9 log files 9 miscellaneous files 9 installations best practices 1 dependencies 1 procedures 1 performance best practices for enhancing 1 operating environment 4 preparation checklists 1 processes, verifying status 7 traffic required inbound ports 2 required outbound ports 2 service agreement contracts 7 service packs applying to a client 9 applying to a server 10 caution against accepting from a third-party 9 default location on client systems 10 deleting Temp files on client systems 6 obtaining 9 recommendation to delete Temp files on client systems 9 version mismatch 9 service requests severity level definitions xiii submitting xii services minimum required for Windows 4 required for TCP 2 required for UDP 2 SNMP polling UDP port 3 SNMP trap UDP port 3 software updates. See point patches SSL certificate invalidation 5 SSL mode (for HTTP server) TCP port 3 support Networking Professionals Connection xiv obtaining from Cisco xi service agreement contracts 7 Software Application Support contracts 7 Sybase, requirement to disable 6, 5 Sybase database files, requirement to use correct ODBC version 5 Syslog UDP port 3 T TACACS+ TCP port 2 TCP list of required ports 2 list of required services 2 technical support (TAC) obtaining xi URL for service requests xii Telnet TCP port 2 Terminal Services requirements 6 unsupported configuration 6 Tomcat Ajp13 connector TCP port 3 global library files, where stored 9 shutdown TCP port 3 training, obtaining xiv Trivial File Transfer Protocol (TFTP) UDP port 2 troubleshooting antivirus scanners 3 Cisco Security Agent blocking a valid operation 12 blocking network access 11 diagnostic utility 12 icon appearance changed in system tray 12 obtaining a revised agent from TAC 12 recognizing when the agent is disabled 12 security level is High 11 setting the security level to Medium 11 untrusted rootkit detected 11 using the log file 11 collecting server troubleshooting information 13 DCRServer process does not start 5 error messages client installation 7 server installation 2 server uninstallation 6 file contents cannot be unpacked 5 file corruption executable file 5 host-based intrusion software 3 incorrect GUI 7, 4 installation does not run 9 hangs 3, 8 reviewing log files 16 interoperation with CS-MARS 5 invalid SSL certificate 5 java.security.cert errors 5 mapped drives 5 missing GUI 4 product features 4 popup blockers 3, 1, 2 security software conflicts 3 server processes changing 14 restarting 15 viewing 14 server self-test 13 uninstallation does not run 9 hangs 6 using MDCSupport.exe 13 troubleshooting guide, obtaining iv typographical conventions in this document ii U UDP list of required ports 2 list of required services 2 uninstallation cautions against uninstalling from infected servers 12 client software 11 InstallShield database corruption 11 recommendation to restart client systems 12 recommendation to restart servers 13 servers deleting CMFLOCK.TXT 13 failure to delete CSCOpx/bin folder 12 server software 12 updates. See point patches upgrading from an earlier release 3 VMS 3 user accounts admin 2 casuser 2 System Identity 2 understanding 1 user permissions, understanding 3 using SecurityManager 4 V verifying an installation 6 VMS, free upgrade from 4 W web context files, where stored 9 Windows services, required 4
	© 1992-2009 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.