Intrusion Prevention

  • 1.  NSM server questions :)

    Posted 08-05-2009 04:39
    I am posting this on the IDP section as it is how we obtained the NSM software.  We only have SSG550 and IDP800 Juniper products so far.
    Planning for a VM for NSM. I cant find a lot of information or guidelines for my build.  I would appreciate some input on:
    1. What Linux distro's are supported?  Can I use Fedora or should I use RHE ?  Anyone have any experience of using other distro’s?
    2. What size disk space should plan for?  I know this is kind of impossible to answer but some experiences and "guesstimations" would be much appreciated.  We would like to retain about 3 months worth of logging information (1 month minimum online).
    3. Where to put the NSM. There is a small topology diagram that came packaged with the software that suggests it should be placed in a DMZ Zone.  Can anyone shed some light on this?
    Many thanks!
    Message Edited by futare on 08-05-2009 04:46 AM

    #NSM


  • 2.  RE: NSM server questions :)

    Posted 08-05-2009 05:05
    Hi futare,
    let me try to answer your questions below:
     

    1. What Linux distro's are supported?  Can I use Fedora or should I use RHE ?  Anyone have any experience of using other distro’s?

     

    If you install NSM on your own server, only RedHat or Solaris are the supported OS.

    Watch out the VMware is not supported!

     

     


    2. What size disk space should plan for?  I know this is kind of impossible to answer but some experiences and "guesstimations" would be much appreciated.  We would like to retain about 3 months worth of logging information (1 month minimum online).

     

     You can find this in the Installation Guide:

    http://www.juniper.net/techpubs/software/management/security-manager/nsm2008_2/nsm-installer-guide.pdf

    Check Appendix B

     


    3. Where to put the NSM. There is a small topology diagram that came packaged with the software that suggests it should be placed in a DMZ Zone.  Can anyone shed some light on this?

     

    It would be better to have NSMplaced on a management network with direct access to the management interface on the devices.

    This way you have a separate network for the management where only the network/security admins have access.

    You can call this DMZ, or just management network separated from the rest of the netrowks.... 🙂

     

     

     

    Hope this helps!

     

    Ciao 🙂

    Daniele

     



  • 3.  RE: NSM server questions :)

    Posted 08-05-2009 05:34

    Thanks for your input!

    Wikus



  • 4.  RE: NSM server questions :)

    Posted 08-05-2009 05:57

    Daniele,

     

    I received version 2007.3r1 on in my package.  Does the software update itself after the install?

     

    Wikus



  • 5.  RE: NSM server questions :)
    Best Answer

    Posted 08-05-2009 06:04

    No,

    you have to manually upgrade it.

    I recommend latest version, 2008.2r2 and be sure you apply the new certificate  as explained in the download page 🙂

     

    Ciao

    Daniele



  • 6.  RE: NSM server questions :)

    Posted 10-25-2010 12:04

    I am also considering installation of the NSM on VMware for my lab environment.  I understand support is not provided for VM. I only need to develop a proof of concept by demonstrating the sensor's ability to proactively respond to a custom attack signature. In summary, I am trying to determine if a dedicated NSM server is absolutely required, or, if the NSM can indeed be installed in VM - with the understanding that it will not be supported.

     

    Thanks in advance!

     

    jcnetcat



  • 7.  RE: NSM server questions :)

    Posted 12-16-2010 21:01
    We have NSM running on VM without any issues and also we use Centos instead of Redhat, if you look on the forums there should be instructions on how to do it.