Installing
CSPM
Before installing CSPM, make sure the following software
requirements have been met to save yourself from having to backtrack and
install/configure them:
Due to the sensitivity of intrusion detection it is recommended
that you install the CSPM as a stand-alone system. The CSPM system is designed
to be in a location like a Security Operations Center (SOC). It allows all of
the security personnel to look at the same interface and only those personnel
with access to the SOC can access the system. The client/server installation
allows administration to take place from different locations. This is not always
a best practice and auditing, traceability, and nonrepudiation become an
issue.
-
Insert the CSPM installation CD. The autostart utility will
automatically initiate the installation.
-
The first thing you will see is a warning to disable any
antivirus software during installation. Next, you will get the notice in Figure
4.1, Cisco Secure VPN client Not Installed on Host.
Figure 4.1: Cisco Secure
VPN Client Warning Message
-
If you plan on installing the VPN client, do that before you
install CSPM. Otherwise, press Continue.
-
Select Install Product in the Options box as seen in Figure 4.2, and then click
Next.
Figure 4.2: Cisco Secure Policy Manager
Installation
-
At this point, if the applications listed previously have
not been installed, the installation cannot proceed. The Options box will
display any required components that are not present.
-
At the License Agreement panel, accept the
terms of the license and click Next.
-
Specify the location of the CSPM license disk, usually on
the accompanying diskette, by entering the directory path.
-
You will also have to enter the password that corresponds
with the license disk. The password is usually on the diskette label. Click Next. See Figure 4.3
Figure 4.3: CSPM License
Disk
-
If you have downloaded the software, the
password will be in the readme file.
-
Select the type of system you want to install: Standalone or Client/Server. CSPM does not
support the Distributed CSPM option. See Figure 4.4.
Figure 4.4: Installation
Options
-
If you are installing a client/server system, select Policy Server. This needs to be intalled before Policy Administrator in the Feature Set list.
The Policy Administrator Feature Set is for Remote Administration. The Feature
Set drop-down box is disabled for the Standalone option.
-
Specify the installation path in the Installation Folder box and click Next.
-
You will be prompted to enter the password for the Windows
NT username detected during setup. Click Next.
-
Select the IP address configured on the local host for the
stand-alone system and enter the port the Primary Policy Database will
communicate on. The default port is 2567. See Figure
4.5.
Figure 4.5: Settings
|
Note |
When setting the IP address for CSPM, do not think that you
can change it later. You can not change it without reinstalling CSPM, so make
sure you get it right the first time. Don't ask how we know
this. |
-
Specify the Policy Database key location in the File
Destination box. If you are doing a stand-alone system, it is not mandatory to
export the key. The client/server system installation requires you to export the
database key. Click Next.
|
Note |
It is recommended that you export the database key to a
diskette that is readily available and can be stored in a secure location.
Exporting the database key to a network share is discouraged. If the network
resources become inaccessible, the database key cannot be
retrieved. |
-
In the Configure Communication Properties,
shown in Figure 4.6, enter your CSPM system's host ID,
organization ID, the IP address (if it is not already displayed), the host name,
and organization name.
Figure 4.6: Configure Communication
Properties
-
Verify your settings. If a setting is incorrect, you can use
the Back button to back up and make changes. If everything is correct, click Copy Files.
-
Once the installation has completed, click Finish to close the setup program.
If you are performing a stand-alone system installation, you will
only have to do the installation procedures once. If you are implementing a
client/server CSPM system, you need to repeat the preceding steps to install the
Policy Administrator feature set on all additional hosts that will serve as
clients for remote administration.
Once you have finished the installation, you will need to log in
to start configuring.
|
Note |
A stand-alone system can be converted to a client/server
system without having to uninstall and reinstall CSPM. The stand-alone system
will act as the Policy Server. Once you have exported the database key from the
stand-alone system, you can install the Policy Administrator feature set on
multiple hosts for remote administration using that database key during the
installation of the Policy Administrator feature set. |
Sections
Comments (0 posted)
Syndication
