Installation Guide for Cisco Security Manager 3.3 - Index [Cisco Security Manager]

Table Of Contents

A - B - C - D - E - F - G - H - I - J - L - M - N - O - P - R - S - T - U - V - W -

Index

A

AAA Mode Setup page 9-1

ACS

user permissions 9-2

administration

See managing user accounts

antivirus utilities, requirement to disable 3-4

approve permissions 9-3

approver role 9-4

assigning

AUS to devices

after migration 5-6

Configuration Engines to devices

after migration 5-6

assign permissions 9-3

audience for this document i-xii

AUS-managed devices

association with AUS

after migration 5-6

migrating

servers for 5-6

Auto Update Server (AUS)

assigning to devices

after migration 5-6

documentation i-xiii

downgrading 5-7

importing from DCR

after migration 5-6

licensing 1-6

migrating

for AUS-managed devices 5-6

overview 1-3

upgrading 5-3

B

backing up

across mapped drives 5-4

before upgrade 5-4

database for downgrade 5-7

interference with network management applications 5-4

Security Manager database 5-4

backup and restore

upgrade using, definition 5-1

upgrade using, procedure 5-3

bootstrapping devices 8-4

browsers

requirements

cache 6-1

client 2-7

server 2-5

See also Firefox

See also Internet Explorer

C

C/C++ library files, where stored 4-1

cautions

regarding

system time, changing after installing RME 7-2

cautions, significance of i-xii

CD-ONE

unsupported use 3-3

certificates. See digital certificates

checklists

client, browser best practices 6-1

server

enhancing performance 3-1

installation readiness 3-4

post-installation tasks 8-1

security best practices 8-3

Cisco Secure Access Control Server (ACS)

activating NDG feature 9-15

adding devices as AAA clients without NDGs 9-13

adding managed devices 9-13

adding managed devices and configuring NDGs 9-21

adding users 9-11

assigning roles to user groups 9-20

assigning roles to user groups with NDGs 9-21

assigning roles to user groups without NDGs 9-20

associating user roles and permissions 9-7

configuring CiscoWorks AAA mode 9-19

configuring network device groups 9-14

creating network device groups 9-15

customizing user roles 9-6

default roles 9-6

defining system identity user 9-11

integrating with Security Manager 9-9

integration checklist 9-10

integration requirements 9-9

performing integration 9-11

performing integration in CiscoWorks 9-17

registering Security Manager 9-20

restarting Daemon Manager 9-20

understanding user permissions 9-1

Cisco Secure Access Control Server (ACS) integration

creating administration control user 9-16

creating local users in CiscoWorks 9-17

Cisco Secure Access Control Server (ACS) user interface

Group Setup page 9-22

Cisco Secure ACS

user permissions 9-2

Cisco Security Agent

customized, standalone version

overwritten during installation 5-4

documentation B-1

fully configurable version

not overwritten during installation 5-4

installation, conditions for 1-4

installing with Security Manager server 5-4

IPS Event Viewer and modifying policy 1-4

modifying policy for IPS Event Viewer

automatically 1-4

manually 1-4

not installed on Security Manager server

automatically modifying policy for IPS Event Viewer 1-4

not uninstalled with server uninstallation 5-4

overview 1-4

policies

exported, on DVD 1-4

standalone agent 1-4, B-1

preexisting on Security Manager server

manually modifying policy for IPS Event Viewer 1-4

security levels

changing B-2

default B-2

understanding B-2

troubleshooting B-1

Cisco Security Agent

policies

exported, on DVD 3-2

imported, requirement to reconcile 3-2

troubleshooting A-12

uninstalling, recommendation against 3-2, A-12

Cisco Security Manager

interoperability with

Performance Monitor 3.1 1-5

overview 1-2

Cisco Security Manager

basic concepts 8-4

getting started 8-4

late-breaking information about i-xi

logging in 6-13

Cisco Security Monitoring, Analysis, and Response System (Cisco Security MARS)

date and time synchronization 3-4

interoperation with 3-4

overview i-xi

CiscoView Device Manager

unsupported use 3-3

CiscoWorks

Common Services, overview 1-2

TCP ports

Daemon Manager 2-3

HTTP 2-2

VPN/Security Management Solution (VMS)

migrating data to SecurityManager i-xiii

CiscoWorks Common Services

assigning roles to users 9-4

associating user roles and permissions 9-7

available user roles 9-4

configuring AAA mode 9-19

creating administration control user in ACS 9-16

creating local user for Cisco Secure ACS 9-17

defining system identity user 9-18

performing integration for Cisco Secure ACS 9-17

registering Security Manager with Cisco Secure ACS 9-20

understanding user permissions 9-1

client software

logging in to a server 6-13

using 6-13

client systems

deleting Temp files 6-2

Device View

representing devices managed by AUS and CNS after upgrade 5-6

file locations on 6-11

recommendation to delete Temp files 6-2

video (graphics) card drivers

confirming installed versions 2-6

upgrading 2-6

CMFLOCK.TXT file, deleting 4-7

CNS-managed devices

association with Configuration Engines

after migration 5-6

migrating

Configuration Engines for 5-6

Common Services

licensing 1-6

required version 1-2

Common Services

documentation 2-1

installing 2-1

requirement to use 2-1

Configuration Engines

assigning to devices

after migration 5-6

importing from DCR

after migration 5-6

migrating

for devices managed by 5-6

control permissions 9-3

CSTM TCP port 2-3

D

Daemon Manager

restarting after Cisco Secure ACS integration 9-20

database TCP port 2-3

date and time settings

caution against changing 3-4

recommendation to synchronize 2-1, 3-4

use of NTP servers 2-1

deploy permissions 9-3

device bootstrapping 8-4

device credentials repository (DCR)

inventory file exported from

for adding AUS and Configuration Engines 5-6

server process 3-4

TCP port 2-3

troubleshooting 3-4

Device View

red X icon

representing devices managed by AUS and CNS 5-6

digital certificates

requirement to create 8-1

troubleshooting 3-4

directory encryption, restriction against 2-5, 3-4

documentation

audience for this i-xii

typographical conventions in i-xii

documentation, obtaining

Auto Update Server i-xiii

Cisco Security Agent B-1

Cisco SecurityManager i-xiii

CommonServices i-xiv

Resource Manager Essentials (RME) i-xiv

domain controllers (primary or backup), unsupported use 2-5

downgrading

related applications 5-7

requirements to be met 5-7

restoring backed up data 5-7

to earlier supported versions

from 3.2 5-7

E

encrypted directories, restriction against 2-5, 3-4

evaluation license

upgrading to permanent license 1-5

Event Services software TCP port requirements

HTTP 2-3

listening 2-3

routing 2-3

services 2-3

F

FAQs, in the troubleshooting guide i-xiii

files, where stored

Cisco Security Agent

logs B-2

Cisco Security Agent

policies 3-2

file system recommendations 2-5

Firefox

cache size requirement 6-3

confirming the installed Java version 2-7

versions supported 2-5, 2-7

G

gatekeeper HIPO TCP port 2-3

getting started with Cisco SecurityManager 8-4

H

help desk user role 9-4

HTTP TCP port 2-2

I

import permissions 9-3

inline upgrade

See also in place upgrade

in place upgrade

definition 5-1

error during 5-2

from an earlier version with pending data 5-2

procedure 5-2

running the installer 5-2

installation

planning and preparation i-xi

servers

dependencies 2-1

general requirements 2-1

post-installation tasks 8-1

preparatory tasks 3-1

starting an installation 4-2

troubleshooting 4-2

verifying 8-3

installing RME

installation notes 7-1

procedures

custom installations 7-4

typical installations 7-2

installing server software 4-1

Internet Explorer

cache size requirement 6-2

confirming the installed Java version 2-7

security settings 6-2

versions supported 2-5, 2-7

See also browsers

Internet Information Server (IIS)

conflict with SecurityManager 3-3, 3-4

requirement to uninstall 3-3, 3-4

IP addresses

multiple network interface cards and 2-6

static address requirement 2-6

using dynamic addresses 2-6

using multiple interface cards 2-6

IPS Event Viewer client

communicating with server 1-4

IPS Event Viewer server

communicating with client

modifying firewall software policy 1-4

installing on a server with CSA 1-4

IPS Manager

downgrading 5-7

J

Java

confirming the installed version 2-7

embedded version on client systems 2-7

L

language versions supported (Windows)

server 2-5, 2-7

LAN Management Solution (LMS), unsupported use 3-3

licenses

file locations for

Performance Monitor 1-5

Product Authorization Key (PAK) 1-5

Security Manager kit part numbers 1-5

settings 1-5

Software License Claim Certificate 1-5

understanding 1-5

upgrading 1-5

uploading new 1-5

working with 1-5

license server TCP port 2-3

M

McAfee Antivirus

reenabling 6-10

memory (RAM)

client requirements 2-7

server requirements 2-5

modifying firewall software policy 1-4

modify permissions 9-2

N

NETBIOS, recommendation to disable 3-3

Network Access Restriction (NAR) 9-9

network administrator role

Cisco Secure ACS 9-6

CiscoWorks 9-4

network device groups (NDGs)

activating NDG feature 9-15

associating with roles and user groups 9-21

configuring 9-14

creating 9-15

effect on user permissions 9-15

network management applications

backup failure 5-4

network operator role 9-4

network protocols, recommendation to disable 3-3

network shares, recommendation to avoid 3-3

Network Time Protocol (NTP) server, recommendation to use 2-1, 3-4

Norton Internet Security 2005

incompatibility 6-10

requirement to uninstall 6-10

NTFS file system, requirement to use 2-5

O

ODBC driver manager

confirming the installed version 2-5

requirements 2-5

working with Sybase files 2-5

OGS TCP port 2-3

online help, tips for viewing 6-2

operating systems

on client systems

Windows2003 2-7

WindowsVista 2-7

WindowsXP Professional 2-7

on servers

Windows 2003 Server 2-5

Osagent UDP port 2-3

overview 1-1

P

passwords

security basics C-3

strong passwords

characteristics C-2

definition 3-2

how to require 3-2

recommendations C-2

pending data

and upgrading 5-2, 5-3

submitting

in non-Workflow mode 5-2, 5-3

in Workflow mode 5-2, 5-3

taking over a user's session

before upgrading 5-2, 5-3

Performance Monitor

license file location 1-5

overview 1-5

version 3.1, interoperability with

Security Manager 3.2 1-5

permanent license, upgrading from evaluation license 1-5

permissions

understanding 9-1

point patches

applying to a client 6-11

caution against accepting from a third-party 5-7

default location on client systems 6-12

deleting Temp files on client systems 6-2

obtaining 5-7

version mismatch 6-11

popup blockers

configuring 6-1, 6-2

conflicting with other installed software 3-2

disabling 6-1, 6-2

requirements 6-1

troubleshooting 6-1, 6-2

ports

required for TCP 2-1

required for UDP 2-1

privileges

understanding 9-1

product registration. See licenses

R

red X icon

in Device View

representing devices managed by AUS and CNS 5-6

reinstalling

after database corruption

using restorebackup.pl 4-7

Common Services 4-7

server software 4-7

warning message 4-7

related documentation, obtaining i-xiv

Remote Copy Protocol TCP port 2-2

removable media drives, security implications if compromised 8-3

requirements

client system 2-6

servers

installation, general 2-1

system 2-4

Resource Manager Essentials (RME)

documentation i-xiv

installing on a Security Manager server

with VirusScan enabled 4-5

with VirusScan turned off 4-5

licensing 1-6

restorebackup.pl

reinstalling

server software 4-7

restoring

after upgrade 5-4

database after downgrade 5-7

Security Manager database 5-4

using perl script 4-7

roles

Cisco Secure ACS users 9-5

CiscoWorks users 9-3

S

Secure Shell (SSH) TCP port 2-2

security administrator role 9-6

security approver role 9-6

Security Manager

restarting Daemon Manager 9-20

Security Manager database

pending data

and upgrading 5-2, 5-3

SecurityManager database TCP port 2-3

server

configuration

boot settings 3-3

date and time settings 3-4

downgrading from 3.2 5-7

file locations

database files 4-1

log files 4-1

miscellaneous files 4-1

installations

best practices 3-1

dependencies 2-1

procedures 4-1, 5-1

performance

best practices for enhancing 3-1

operating environment 2-4, 4-1

preparation checklists 3-1

processes, verifying status 8-3

traffic

required inbound ports 2-2

required outbound ports 2-2

upgrading 5-3

service agreement contracts 1-5

service packs

applying to a client 6-11

caution against accepting from a third-party 5-7

default location on client systems 6-12

deleting Temp files on client systems 6-2

obtaining 5-7

recommendation to delete Temp files on client systems 6-2

version mismatch 6-11

services

minimum required for Windows 3-3

required for TCP 2-1

required for UDP 2-1

SNMP polling UDP port 2-2

SNMP trap UDP port 2-2

software updates. See point patches

SSL certificate invalidation 3-4

SSL mode (for HTTP server) TCP port 2-2

submit permissions 9-3

support

service agreement contracts 1-5

Software Application Support contracts 1-5

Sybase, requirement to disable 3-4

Sybase database files, requirement to use correct ODBC version 2-5

Syslog UDP port 2-2

system administrator role 9-4

system identity user 9-11, 9-18

T

TACACS+

9-9

selecting as CiscoWorks AAA mode 9-19

TACACS+ TCP port 2-2

TCP

list of required ports 2-1

list of required services 2-2

Telnet TCP port 2-2

Terminal Services

requirements 2-5, 3-4

unsupported configuration 2-5

Tomcat

Ajp13 connector TCP port 2-3

global library files, where stored 4-1

shutdown TCP port 2-3

Trivial File Transfer Protocol (TFTP) UDP port 2-2

troubleshooting

antivirus scanners 3-2

Cisco Security Agent

blocking a valid operation A-13

blocking network access A-12

diagnostic utility A-13

icon appearance changed in system tray A-13

obtaining a revised agent from TAC A-12

recognizing when the agent is disabled A-13

security level is High A-12

setting the security level to Medium A-12

untrusted rootkit detected A-12

using the log file A-12

collecting server troubleshooting information A-14

DCRServer process does not start 3-4

error messages

client installation A-7

server installation A-2

server uninstallation A-5

file contents cannot be unpacked 4-2

file corruption

executable file 4-2

host-based intrusion software 3-2

incorrect GUI 2-6, 8-4, A-4

installation

does not run A-11

hangs A-3, A-10

reviewing log files A-15

interoperation with CS-MARS 3-4

invalid SSL certificate 3-4

java.security.cert errors 3-4

mapped drives A-4

missing

GUI A-4

product features A-4

popup blockers 3-2, 6-1, 6-2

security software conflicts 3-2

server processes

changing A-14

restarting A-15

viewing A-14

server self-test A-13

time-dependent features 7-2

uninstallation

does not run A-11

hangs A-6

using MDCSupport.exe A-14

troubleshooting guide, obtaining i-xiii

typographical conventions in this document i-xii

U

UDP

list of required ports 2-2

list of required services 2-2

uninstallation

cautions against

uninstalling from infected servers 4-6

recommendation to restart client systems 6-12

recommendation to restart servers 4-6

servers

deleting CMFLOCK.TXT 4-7

server software 4-6

updates. See point patches

upgrading

earlier versions supported for 5-3

pending data

committing 5-2, 5-3

discarding 5-2, 5-3

taking over a user's session 5-2, 5-3

using

backup and restore 5-4

in place 5-2

upgrading from

an earlier release 4-6, 5-1

VMS 4-6, 5-1

upgrading migrating to RME 4.0.5

backing up and restoring RME data to RME 4.0.5 7-8

upgrading from RME 4.0.x to RME 4.0.5

local upgrade 7-7

remote upgrade 7-8

user accounts

admin C-1

casuser C-1

managing 9-1

System Identity C-1

understanding C-1

user permissions

assigning roles in CiscoWorks 9-4

associating with user roles 9-7

categories 9-2

customizing for ACS 9-6

impact of NDGs 9-15

understanding 9-1

user permissions, understanding C-2

user roles

associating with user permissions 9-7

available CiscoWorks user roles 9-4

Cisco Secure ACS 9-5

CiscoWorks 9-3

customizing permissions for ACS 9-6

default ACS roles 9-6

V

verifying an installation 8-3

view permissions 9-2

VirusScan

disabled on a Security Manager server

stopping Performance Monitor installation 4-5

stopping RME installation 4-5

failed installation of

RME and Performance Monitor 4-5

installed on a Security Manager server

with Performance Monitor 4-5

with RME 4-5

On-Access Scan feature

running 4-5

turned off 4-5

workaround for

installing Performance Monitor 4-5

installing RME 4-5

VMware 4-5

W

web context files, where stored 4-1

Windows services, required 3-3

	Installation Guide for Cisco Security Manager 3.3
	Index
Installation Guide for Cisco Security Manager 3.3 Software License Acknowledgements Preface Overview Requirements and Dependencies Preparing a Server for Installation Installing, Uninstalling, and Reinstalling Server Applications Upgrading and Downgrading Server Applications Installing or Uninstalling Security Manager Client Installing and Upgrading RME Post Installation Server Tasks Managing User Accounts Troubleshooting Cisco Security Agent: Standalone Agent Overview Helpful Reference Information Index	Download this chapter Index Download the complete book Installation Guide for Cisco Security Manager 3.3 (PDF - 3 MB) Table Of Contents A - B - C - D - E - F - G - H - I - J - L - M - N - O - P - R - S - T - U - V - W - Index A AAA Mode Setup page 9-1 ACS user permissions 9-2 administration See managing user accounts antivirus utilities, requirement to disable 3-4 approve permissions 9-3 approver role 9-4 assigning AUS to devices after migration 5-6 Configuration Engines to devices after migration 5-6 assign permissions 9-3 audience for this document i-xii AUS-managed devices association with AUS after migration 5-6 migrating servers for 5-6 Auto Update Server (AUS) assigning to devices after migration 5-6 documentation i-xiii downgrading 5-7 importing from DCR after migration 5-6 licensing 1-6 migrating for AUS-managed devices 5-6 overview 1-3 upgrading 5-3 B backing up across mapped drives 5-4 before upgrade 5-4 database for downgrade 5-7 interference with network management applications 5-4 Security Manager database 5-4 backup and restore upgrade using, definition 5-1 upgrade using, procedure 5-3 bootstrapping devices 8-4 browsers requirements cache 6-1 client 2-7 server 2-5 See also Firefox See also Internet Explorer C C/C++ library files, where stored 4-1 cautions regarding system time, changing after installing RME 7-2 cautions, significance of i-xii CD-ONE unsupported use 3-3 certificates. See digital certificates checklists client, browser best practices 6-1 server enhancing performance 3-1 installation readiness 3-4 post-installation tasks 8-1 security best practices 8-3 Cisco Secure Access Control Server (ACS) activating NDG feature 9-15 adding devices as AAA clients without NDGs 9-13 adding managed devices 9-13 adding managed devices and configuring NDGs 9-21 adding users 9-11 assigning roles to user groups 9-20 assigning roles to user groups with NDGs 9-21 assigning roles to user groups without NDGs 9-20 associating user roles and permissions 9-7 configuring CiscoWorks AAA mode 9-19 configuring network device groups 9-14 creating network device groups 9-15 customizing user roles 9-6 default roles 9-6 defining system identity user 9-11 integrating with Security Manager 9-9 integration checklist 9-10 integration requirements 9-9 performing integration 9-11 performing integration in CiscoWorks 9-17 registering Security Manager 9-20 restarting Daemon Manager 9-20 understanding user permissions 9-1 Cisco Secure Access Control Server (ACS) integration creating administration control user 9-16 creating local users in CiscoWorks 9-17 Cisco Secure Access Control Server (ACS) user interface Group Setup page 9-22 Cisco Secure ACS user permissions 9-2 Cisco Security Agent customized, standalone version overwritten during installation 5-4 documentation B-1 fully configurable version not overwritten during installation 5-4 installation, conditions for 1-4 installing with Security Manager server 5-4 IPS Event Viewer and modifying policy 1-4 modifying policy for IPS Event Viewer automatically 1-4 manually 1-4 not installed on Security Manager server automatically modifying policy for IPS Event Viewer 1-4 not uninstalled with server uninstallation 5-4 overview 1-4 policies exported, on DVD 1-4 standalone agent 1-4, B-1 preexisting on Security Manager server manually modifying policy for IPS Event Viewer 1-4 security levels changing B-2 default B-2 understanding B-2 troubleshooting B-1 Cisco Security Agent policies exported, on DVD 3-2 imported, requirement to reconcile 3-2 troubleshooting A-12 uninstalling, recommendation against 3-2, A-12 Cisco Security Manager interoperability with Performance Monitor 3.1 1-5 overview 1-2 Cisco Security Manager basic concepts 8-4 getting started 8-4 late-breaking information about i-xi logging in 6-13 Cisco Security Monitoring, Analysis, and Response System (Cisco Security MARS) date and time synchronization 3-4 interoperation with 3-4 overview i-xi CiscoView Device Manager unsupported use 3-3 CiscoWorks Common Services, overview 1-2 TCP ports Daemon Manager 2-3 HTTP 2-2 VPN/Security Management Solution (VMS) migrating data to SecurityManager i-xiii CiscoWorks Common Services assigning roles to users 9-4 associating user roles and permissions 9-7 available user roles 9-4 configuring AAA mode 9-19 creating administration control user in ACS 9-16 creating local user for Cisco Secure ACS 9-17 defining system identity user 9-18 performing integration for Cisco Secure ACS 9-17 registering Security Manager with Cisco Secure ACS 9-20 understanding user permissions 9-1 client software logging in to a server 6-13 using 6-13 client systems deleting Temp files 6-2 Device View representing devices managed by AUS and CNS after upgrade 5-6 file locations on 6-11 recommendation to delete Temp files 6-2 video (graphics) card drivers confirming installed versions 2-6 upgrading 2-6 CMFLOCK.TXT file, deleting 4-7 CNS-managed devices association with Configuration Engines after migration 5-6 migrating Configuration Engines for 5-6 Common Services licensing 1-6 required version 1-2 Common Services documentation 2-1 installing 2-1 requirement to use 2-1 Configuration Engines assigning to devices after migration 5-6 importing from DCR after migration 5-6 migrating for devices managed by 5-6 control permissions 9-3 CSTM TCP port 2-3 D Daemon Manager restarting after Cisco Secure ACS integration 9-20 database TCP port 2-3 date and time settings caution against changing 3-4 recommendation to synchronize 2-1, 3-4 use of NTP servers 2-1 deploy permissions 9-3 device bootstrapping 8-4 device credentials repository (DCR) inventory file exported from for adding AUS and Configuration Engines 5-6 server process 3-4 TCP port 2-3 troubleshooting 3-4 Device View red X icon representing devices managed by AUS and CNS 5-6 digital certificates requirement to create 8-1 troubleshooting 3-4 directory encryption, restriction against 2-5, 3-4 documentation audience for this i-xii typographical conventions in i-xii documentation, obtaining Auto Update Server i-xiii Cisco Security Agent B-1 Cisco SecurityManager i-xiii CommonServices i-xiv Resource Manager Essentials (RME) i-xiv domain controllers (primary or backup), unsupported use 2-5 downgrading related applications 5-7 requirements to be met 5-7 restoring backed up data 5-7 to earlier supported versions from 3.2 5-7 E encrypted directories, restriction against 2-5, 3-4 evaluation license upgrading to permanent license 1-5 Event Services software TCP port requirements HTTP 2-3 listening 2-3 routing 2-3 services 2-3 F FAQs, in the troubleshooting guide i-xiii files, where stored Cisco Security Agent logs B-2 Cisco Security Agent policies 3-2 file system recommendations 2-5 Firefox cache size requirement 6-3 confirming the installed Java version 2-7 versions supported 2-5, 2-7 G gatekeeper HIPO TCP port 2-3 getting started with Cisco SecurityManager 8-4 H help desk user role 9-4 HTTP TCP port 2-2 I import permissions 9-3 inline upgrade See also in place upgrade in place upgrade definition 5-1 error during 5-2 from an earlier version with pending data 5-2 procedure 5-2 running the installer 5-2 installation planning and preparation i-xi servers dependencies 2-1 general requirements 2-1 post-installation tasks 8-1 preparatory tasks 3-1 starting an installation 4-2 troubleshooting 4-2 verifying 8-3 installing RME installation notes 7-1 procedures custom installations 7-4 typical installations 7-2 installing server software 4-1 Internet Explorer cache size requirement 6-2 confirming the installed Java version 2-7 security settings 6-2 versions supported 2-5, 2-7 See also browsers Internet Information Server (IIS) conflict with SecurityManager 3-3, 3-4 requirement to uninstall 3-3, 3-4 IP addresses multiple network interface cards and 2-6 static address requirement 2-6 using dynamic addresses 2-6 using multiple interface cards 2-6 IPS Event Viewer client communicating with server 1-4 IPS Event Viewer server communicating with client modifying firewall software policy 1-4 installing on a server with CSA 1-4 IPS Manager downgrading 5-7 J Java confirming the installed version 2-7 embedded version on client systems 2-7 L language versions supported (Windows) server 2-5, 2-7 LAN Management Solution (LMS), unsupported use 3-3 licenses file locations for Performance Monitor 1-5 Product Authorization Key (PAK) 1-5 Security Manager kit part numbers 1-5 settings 1-5 Software License Claim Certificate 1-5 understanding 1-5 upgrading 1-5 uploading new 1-5 working with 1-5 license server TCP port 2-3 M McAfee Antivirus reenabling 6-10 memory (RAM) client requirements 2-7 server requirements 2-5 modifying firewall software policy 1-4 modify permissions 9-2 N NETBIOS, recommendation to disable 3-3 Network Access Restriction (NAR) 9-9 network administrator role Cisco Secure ACS 9-6 CiscoWorks 9-4 network device groups (NDGs) activating NDG feature 9-15 associating with roles and user groups 9-21 configuring 9-14 creating 9-15 effect on user permissions 9-15 network management applications backup failure 5-4 network operator role 9-4 network protocols, recommendation to disable 3-3 network shares, recommendation to avoid 3-3 Network Time Protocol (NTP) server, recommendation to use 2-1, 3-4 Norton Internet Security 2005 incompatibility 6-10 requirement to uninstall 6-10 NTFS file system, requirement to use 2-5 O ODBC driver manager confirming the installed version 2-5 requirements 2-5 working with Sybase files 2-5 OGS TCP port 2-3 online help, tips for viewing 6-2 operating systems on client systems Windows2003 2-7 WindowsVista 2-7 WindowsXP Professional 2-7 on servers Windows 2003 Server 2-5 Osagent UDP port 2-3 overview 1-1 P passwords security basics C-3 strong passwords characteristics C-2 definition 3-2 how to require 3-2 recommendations C-2 pending data and upgrading 5-2, 5-3 submitting in non-Workflow mode 5-2, 5-3 in Workflow mode 5-2, 5-3 taking over a user's session before upgrading 5-2, 5-3 Performance Monitor license file location 1-5 overview 1-5 version 3.1, interoperability with Security Manager 3.2 1-5 permanent license, upgrading from evaluation license 1-5 permissions understanding 9-1 point patches applying to a client 6-11 caution against accepting from a third-party 5-7 default location on client systems 6-12 deleting Temp files on client systems 6-2 obtaining 5-7 version mismatch 6-11 popup blockers configuring 6-1, 6-2 conflicting with other installed software 3-2 disabling 6-1, 6-2 requirements 6-1 troubleshooting 6-1, 6-2 ports required for TCP 2-1 required for UDP 2-1 privileges understanding 9-1 product registration. See licenses R red X icon in Device View representing devices managed by AUS and CNS 5-6 reinstalling after database corruption using restorebackup.pl 4-7 Common Services 4-7 server software 4-7 warning message 4-7 related documentation, obtaining i-xiv Remote Copy Protocol TCP port 2-2 removable media drives, security implications if compromised 8-3 requirements client system 2-6 servers installation, general 2-1 system 2-4 Resource Manager Essentials (RME) documentation i-xiv installing on a Security Manager server with VirusScan enabled 4-5 with VirusScan turned off 4-5 licensing 1-6 restorebackup.pl reinstalling server software 4-7 restoring after upgrade 5-4 database after downgrade 5-7 Security Manager database 5-4 using perl script 4-7 roles Cisco Secure ACS users 9-5 CiscoWorks users 9-3 S Secure Shell (SSH) TCP port 2-2 security administrator role 9-6 security approver role 9-6 Security Manager restarting Daemon Manager 9-20 Security Manager database pending data and upgrading 5-2, 5-3 SecurityManager database TCP port 2-3 server configuration boot settings 3-3 date and time settings 3-4 downgrading from 3.2 5-7 file locations database files 4-1 log files 4-1 miscellaneous files 4-1 installations best practices 3-1 dependencies 2-1 procedures 4-1, 5-1 performance best practices for enhancing 3-1 operating environment 2-4, 4-1 preparation checklists 3-1 processes, verifying status 8-3 traffic required inbound ports 2-2 required outbound ports 2-2 upgrading 5-3 service agreement contracts 1-5 service packs applying to a client 6-11 caution against accepting from a third-party 5-7 default location on client systems 6-12 deleting Temp files on client systems 6-2 obtaining 5-7 recommendation to delete Temp files on client systems 6-2 version mismatch 6-11 services minimum required for Windows 3-3 required for TCP 2-1 required for UDP 2-1 SNMP polling UDP port 2-2 SNMP trap UDP port 2-2 software updates. See point patches SSL certificate invalidation 3-4 SSL mode (for HTTP server) TCP port 2-2 submit permissions 9-3 support service agreement contracts 1-5 Software Application Support contracts 1-5 Sybase, requirement to disable 3-4 Sybase database files, requirement to use correct ODBC version 2-5 Syslog UDP port 2-2 system administrator role 9-4 system identity user 9-11, 9-18 T TACACS+ 9-9 selecting as CiscoWorks AAA mode 9-19 TACACS+ TCP port 2-2 TCP list of required ports 2-1 list of required services 2-2 Telnet TCP port 2-2 Terminal Services requirements 2-5, 3-4 unsupported configuration 2-5 Tomcat Ajp13 connector TCP port 2-3 global library files, where stored 4-1 shutdown TCP port 2-3 Trivial File Transfer Protocol (TFTP) UDP port 2-2 troubleshooting antivirus scanners 3-2 Cisco Security Agent blocking a valid operation A-13 blocking network access A-12 diagnostic utility A-13 icon appearance changed in system tray A-13 obtaining a revised agent from TAC A-12 recognizing when the agent is disabled A-13 security level is High A-12 setting the security level to Medium A-12 untrusted rootkit detected A-12 using the log file A-12 collecting server troubleshooting information A-14 DCRServer process does not start 3-4 error messages client installation A-7 server installation A-2 server uninstallation A-5 file contents cannot be unpacked 4-2 file corruption executable file 4-2 host-based intrusion software 3-2 incorrect GUI 2-6, 8-4, A-4 installation does not run A-11 hangs A-3, A-10 reviewing log files A-15 interoperation with CS-MARS 3-4 invalid SSL certificate 3-4 java.security.cert errors 3-4 mapped drives A-4 missing GUI A-4 product features A-4 popup blockers 3-2, 6-1, 6-2 security software conflicts 3-2 server processes changing A-14 restarting A-15 viewing A-14 server self-test A-13 time-dependent features 7-2 uninstallation does not run A-11 hangs A-6 using MDCSupport.exe A-14 troubleshooting guide, obtaining i-xiii typographical conventions in this document i-xii U UDP list of required ports 2-2 list of required services 2-2 uninstallation cautions against uninstalling from infected servers 4-6 recommendation to restart client systems 6-12 recommendation to restart servers 4-6 servers deleting CMFLOCK.TXT 4-7 server software 4-6 updates. See point patches upgrading earlier versions supported for 5-3 pending data committing 5-2, 5-3 discarding 5-2, 5-3 taking over a user's session 5-2, 5-3 using backup and restore 5-4 in place 5-2 upgrading from an earlier release 4-6, 5-1 VMS 4-6, 5-1 upgrading migrating to RME 4.0.5 backing up and restoring RME data to RME 4.0.5 7-8 upgrading from RME 4.0.x to RME 4.0.5 local upgrade 7-7 remote upgrade 7-8 user accounts admin C-1 casuser C-1 managing 9-1 System Identity C-1 understanding C-1 user permissions assigning roles in CiscoWorks 9-4 associating with user roles 9-7 categories 9-2 customizing for ACS 9-6 impact of NDGs 9-15 understanding 9-1 user permissions, understanding C-2 user roles associating with user permissions 9-7 available CiscoWorks user roles 9-4 Cisco Secure ACS 9-5 CiscoWorks 9-3 customizing permissions for ACS 9-6 default ACS roles 9-6 V verifying an installation 8-3 view permissions 9-2 VirusScan disabled on a Security Manager server stopping Performance Monitor installation 4-5 stopping RME installation 4-5 failed installation of RME and Performance Monitor 4-5 installed on a Security Manager server with Performance Monitor 4-5 with RME 4-5 On-Access Scan feature running 4-5 turned off 4-5 workaround for installing Performance Monitor 4-5 installing RME 4-5 VMware 4-5 W web context files, where stored 4-1 Windows services, required 3-3
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks