[ISCS-devel] ISCS/docs/html/en BeforeGettingStarted.html,1.2,1.3 GettingStarted.html,1.2,1.3 GSCommi
Status: Beta
Brought to you by:
jsulliva
Menu
▾
▴
[ISCS-devel] ISCS/docs/html/en BeforeGettingStarted.html,1.2,1.3 GettingStarted.html,1.2,1.3 GSCommitChanges.html,1.2,1.3 GSCreateSPs.html,1.1,1.2 GSDefineAGs.html,1.2,1.3 GSDefinePEPs.html,1.2,1.3 GSDefineRGs.html,1.2,1.3 index.html,1.2,1.3 Installation_DBD.html,1.6,1.7 Installation_ISCS.html,1.2,1.3 Installation_PEP.html,1.4,1.5 Installation_SPM.html,1.4,1.5 ShortIntroduction.html,1.2,1.3
|
From: John A. S. I. <jsu...@us...> - 2004-10-13 01:51:03
|
Update of /cvsroot/iscs/ISCS/docs/html/en In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv31972/docs/html/en Modified Files: BeforeGettingStarted.html GettingStarted.html GSCommitChanges.html GSCreateSPs.html GSDefineAGs.html GSDefinePEPs.html GSDefineRGs.html index.html Installation_DBD.html Installation_ISCS.html Installation_PEP.html Installation_SPM.html ShortIntroduction.html Log Message: Additional NAT documentation Added Server column and supporting logic to NATConflictForm Added check to not detect a conflict with self in SubRangeOptions::returnNATFragment and altered calling functions to provide the needed information Fixed bugs which prevented proper creation of ARP rules and configuration files Updated ChangeLog, README and documentation for 0.0.3 release Index: ShortIntroduction.html =================================================================== RCS file: /cvsroot/iscs/ISCS/docs/html/en/ShortIntroduction.html,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** ShortIntroduction.html 9 Sep 2004 03:34:37 -0000 1.2 --- ShortIntroduction.html 13 Oct 2004 01:50:21 -0000 1.3 *************** *** 14,18 **** <A HREF="GettingStarted.html">Next</A></P> <HR> ! <P>ISCS version 0.0.2</P> <H1 ALIGN=CENTER>A Short Introduction to ISCS</H1> <P ALIGN=LEFT>ISCS is managed through the Security Policy Manager --- 14,18 ---- <A HREF="GettingStarted.html">Next</A></P> <HR> ! <P>ISCS version 0.0.3</P> <H1 ALIGN=CENTER>A Short Introduction to ISCS</H1> <P ALIGN=LEFT>ISCS is managed through the Security Policy Manager Index: GSDefineRGs.html =================================================================== RCS file: /cvsroot/iscs/ISCS/docs/html/en/GSDefineRGs.html,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** GSDefineRGs.html 9 Sep 2004 03:34:37 -0000 1.2 --- GSDefineRGs.html 13 Oct 2004 01:50:21 -0000 1.3 *************** *** 14,18 **** <A HREF="GSCreateSPs.html">Next</A></P> <HR> ! <P>ISCS version 0.0.2</P> <H1 ALIGN=CENTER>Define Resources and Resource Groups</H1> <P ALIGN=LEFT>The Resources and related screens are a little more --- 14,18 ---- <A HREF="GSCreateSPs.html">Next</A></P> <HR> ! <P>ISCS version 0.0.3</P> <H1 ALIGN=CENTER>Define Resources and Resource Groups</H1> <P ALIGN=LEFT>The Resources and related screens are a little more Index: index.html =================================================================== RCS file: /cvsroot/iscs/ISCS/docs/html/en/index.html,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** index.html 9 Sep 2004 03:34:37 -0000 1.2 --- index.html 13 Oct 2004 01:50:21 -0000 1.3 *************** *** 13,17 **** <P ALIGN=LEFT><A HREF="BeforeGettingStarted.html">Next</A></P> <HR> ! <P>ISCS version 0.0.2</P> <H1 ALIGN=CENTER>Welcome to</H1> <H1 ALIGN=CENTER><FONT COLOR="#800000"><FONT SIZE=7>ISCS</FONT></FONT></H1> --- 13,17 ---- <P ALIGN=LEFT><A HREF="BeforeGettingStarted.html">Next</A></P> <HR> ! <P>ISCS version 0.0.3</P> <H1 ALIGN=CENTER>Welcome to</H1> <H1 ALIGN=CENTER><FONT COLOR="#800000"><FONT SIZE=7>ISCS</FONT></FONT></H1> Index: GSCommitChanges.html =================================================================== RCS file: /cvsroot/iscs/ISCS/docs/html/en/GSCommitChanges.html,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** GSCommitChanges.html 9 Sep 2004 03:34:37 -0000 1.2 --- GSCommitChanges.html 13 Oct 2004 01:50:21 -0000 1.3 *************** *** 14,18 **** Next</P> <HR> ! <P>ISCS version 0.0.2</P> <H1 ALIGN=CENTER>Commit Changes</H1> <P ALIGN=LEFT>When you are finished making your configuration --- 14,18 ---- Next</P> <HR> ! <P>ISCS version 0.0.3</P> <H1 ALIGN=CENTER>Commit Changes</H1> <P ALIGN=LEFT>When you are finished making your configuration Index: GettingStarted.html =================================================================== RCS file: /cvsroot/iscs/ISCS/docs/html/en/GettingStarted.html,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** GettingStarted.html 9 Sep 2004 03:34:37 -0000 1.2 --- GettingStarted.html 13 Oct 2004 01:50:21 -0000 1.3 *************** *** 14,18 **** <A HREF="GSDefinePEPs.html">Next</A></P> <HR> ! <P>ISCS version 0.0.2</P> <H1 ALIGN=CENTER>Getting Started</H1> <P ALIGN=LEFT>Please do not attempt to get started before reading <A HREF="ShortIntroduction.html">A --- 14,18 ---- <A HREF="GSDefinePEPs.html">Next</A></P> <HR> ! <P>ISCS version 0.0.3</P> <H1 ALIGN=CENTER>Getting Started</H1> <P ALIGN=LEFT>Please do not attempt to get started before reading <A HREF="ShortIntroduction.html">A *************** *** 22,26 **** ISCS way, you will see how easy and how powerful network security management with ISCS is.</P> ! <P ALIGN=LEFT>There are four foundational activities to getting started with ISCS:</P> <P STYLE="margin-bottom: 0.2in"><A HREF="GSDefinePEPs.html">Define --- 22,26 ---- ISCS way, you will see how easy and how powerful network security management with ISCS is.</P> ! <P ALIGN=LEFT>There are five foundational activities to getting started with ISCS:</P> <P STYLE="margin-bottom: 0.2in"><A HREF="GSDefinePEPs.html">Define Index: Installation_SPM.html =================================================================== RCS file: /cvsroot/iscs/ISCS/docs/html/en/Installation_SPM.html,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** Installation_SPM.html 9 Sep 2004 03:34:37 -0000 1.4 --- Installation_SPM.html 13 Oct 2004 01:50:21 -0000 1.5 *************** *** 14,18 **** <A HREF="ShortIntroduction.html">Next</A></P> <HR> ! <P>ISCS version 0.0.2</P> <H1 ALIGN=CENTER>SPM Installation</H1> <P ALIGN=LEFT>The SPM may be installed on the same computer as the --- 14,18 ---- <A HREF="ShortIntroduction.html">Next</A></P> <HR> ! <P>ISCS version 0.0.3</P> <H1 ALIGN=CENTER>SPM Installation</H1> <P ALIGN=LEFT>The SPM may be installed on the same computer as the Index: GSCreateSPs.html =================================================================== RCS file: /cvsroot/iscs/ISCS/docs/html/en/GSCreateSPs.html,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** GSCreateSPs.html 13 Aug 2004 09:48:55 -0000 1.1 --- GSCreateSPs.html 13 Oct 2004 01:50:21 -0000 1.2 *************** *** 11,28 **** </HEAD> <BODY LANG="en-US" DIR="LTR"> ! <P ALIGN=LEFT><A HREF="GSDefineRGs.html">Previous</A> <A HREF="../../../../../.rhopenoffice1.1/ISCS-1.0WD/ISCS/docs/html/en/index.html">Index</A> ! <A HREF="GSCommitChanges.html">Next</A></P> <HR> ! <P>ISCS version 0.0.1</P> <H1 ALIGN=CENTER>Create Security Policies</H1> <P ALIGN=LEFT>Security Policies are one of the most powerful features of ISCS and a primary reason why it achieves such efficiency while at ! the same time minimizing exposure to human error. For all this ! power, they are amazingly simple to implement. Most of the work is ! done by creating the PEPs, Accessors and Access Groups, and Resources ! and Resource Groups. Security Policies just pull them all together.</P> <P ALIGN=LEFT>Simply drag an Access Group onto a Resource Group or vice versa to provoke the Security Policy dialog shown in figure 1.</P> ! <P ALIGN=LEFT><SPAN ID="Frame1" DIR="LTR" STYLE="float: left; width: 8.61in; height: 6.14in; background: #ffffff"> <P STYLE="margin-top: 0.08in; margin-bottom: 0.08in"><IMG SRC="PolicyDialog.png" NAME="Graphic1" ALIGN=LEFT WIDTH=100% BORDER=0><BR CLEAR=LEFT><FONT SIZE=2><I>Figure 1</I></FONT></P> --- 11,28 ---- </HEAD> <BODY LANG="en-US" DIR="LTR"> ! <P ALIGN=LEFT><A HREF="GSDefineRGs.html">Previous</A> <A HREF="../../../../../.rhopenoffice1.1/ISCS-1.0WD/ISCS/docs/html/en/index.html">Index</A> ! <A HREF="GSCommitChanges.html">Next</A></P> <HR> ! <P>ISCS version 0.0.3</P> <H1 ALIGN=CENTER>Create Security Policies</H1> <P ALIGN=LEFT>Security Policies are one of the most powerful features of ISCS and a primary reason why it achieves such efficiency while at ! the same time minimizing exposure to human error. For all this power, ! they are amazingly simple to implement. Most of the work is done by ! creating the PEPs, Accessors and Access Groups, and Resources and ! Resource Groups. Security Policies just pull them all together.</P> <P ALIGN=LEFT>Simply drag an Access Group onto a Resource Group or vice versa to provoke the Security Policy dialog shown in figure 1.</P> ! <P ALIGN=LEFT><SPAN ID="Frame1" DIR="LTR" STYLE="float: left; width: 8.61in; height: 6.14in; border: none; padding: 0in; background: #ffffff"> <P STYLE="margin-top: 0.08in; margin-bottom: 0.08in"><IMG SRC="PolicyDialog.png" NAME="Graphic1" ALIGN=LEFT WIDTH=100% BORDER=0><BR CLEAR=LEFT><FONT SIZE=2><I>Figure 1</I></FONT></P> *************** *** 31,56 **** <P ALIGN=LEFT>Choose what type of policy this should be, whether it should be enabled and add any descriptive comment up to 255 ! characters. We should take a moment to digress on DENY policies. ! Explicit DENY policies should be made as a last resort. They add significant overhead to both the SPM and the PEP and are rarely ! necessary. ISCS denies by default; if it is not explicitly allowed, ! it is denied. That alone eliminates most requirements for explicit ! DENY. Best Match addresses almost all remaining issues.</P> ! <P ALIGN=LEFT>Consider this example. Let's suppose that there is a malicious public web server where a new trojan is sending stolen ! password files. We might consider creating a Resource Group named Internet Banned Sites and adding a Resource for HTTP on this malicious server to the Resource Group and creating a DENY policy for ! it. That would work but there is a better way. General HTTP ! Internet access comes through a policy granting access to HTTP to the ! World server (IP address 0.0.0.0-255.255.255.255). If we simply ! define the malicious server as Best Match enabled, it will be ! excluded from the World Server's range and users will not longer have ! access to it by virtue of their access to the World Server.</P> <P ALIGN=LEFT>Existing policies may be enabled or disabled by clicking the enabled checkbox.</P> <HR> ! <P ALIGN=LEFT><A HREF="GSDefineRGs.html">Previous</A> <A HREF="../../../../../.rhopenoffice1.1/ISCS-1.0WD/ISCS/docs/html/en/index.html">Index</A> ! <A HREF="GSCommitChanges.html">Next</A></P> <H2><BR><BR> </H2> --- 31,56 ---- <P ALIGN=LEFT>Choose what type of policy this should be, whether it should be enabled and add any descriptive comment up to 255 ! characters. We should take a moment to digress on DENY policies. ! Explicit DENY policies should be made as a last resort. They add significant overhead to both the SPM and the PEP and are rarely ! necessary. ISCS denies by default; if it is not explicitly allowed, ! it is denied. That alone eliminates most requirements for explicit ! DENY. Best Match addresses almost all remaining issues.</P> ! <P ALIGN=LEFT>Consider this example. Let's suppose that there is a malicious public web server where a new trojan is sending stolen ! password files. We might consider creating a Resource Group named Internet Banned Sites and adding a Resource for HTTP on this malicious server to the Resource Group and creating a DENY policy for ! it. That would work but there is a better way. General HTTP Internet ! access comes through a policy granting access to HTTP to the World ! server (IP address 0.0.0.0-255.255.255.255). If we simply define the ! malicious server as Best Match enabled, it will be excluded from the ! World Server's range and users will not longer have access to it by ! virtue of their access to the World Server.</P> <P ALIGN=LEFT>Existing policies may be enabled or disabled by clicking the enabled checkbox.</P> <HR> ! <P ALIGN=LEFT><A HREF="GSDefineRGs.html">Previous</A> <A HREF="../../../../../.rhopenoffice1.1/ISCS-1.0WD/ISCS/docs/html/en/index.html">Index</A> ! <A HREF="GSCommitChanges.html">Next</A></P> <H2><BR><BR> </H2> Index: Installation_PEP.html =================================================================== RCS file: /cvsroot/iscs/ISCS/docs/html/en/Installation_PEP.html,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** Installation_PEP.html 9 Sep 2004 03:34:37 -0000 1.4 --- Installation_PEP.html 13 Oct 2004 01:50:21 -0000 1.5 *************** *** 14,22 **** <A HREF="Installation_SPM.html">Next</A></P> <HR> ! <P>ISCS version 0.0.2</P> <H1 ALIGN=CENTER>PEP Installation</H1> <P ALIGN=LEFT>Theoretically, a PEP can be nearly any network security device which supports chained firewalls, VPN and routing. ISCS ! version 0.0.1 only supports a Linux based PEP. </P> <P ALIGN=LEFT>Install Linux on the hardware which will become your --- 14,22 ---- <A HREF="Installation_SPM.html">Next</A></P> <HR> ! <P>ISCS version 0.0.3</P> <H1 ALIGN=CENTER>PEP Installation</H1> <P ALIGN=LEFT>Theoretically, a PEP can be nearly any network security device which supports chained firewalls, VPN and routing. ISCS ! version 0.0.3 only supports a Linux based PEP. </P> <P ALIGN=LEFT>Install Linux on the hardware which will become your *************** *** 41,50 **** <P ALIGN=LEFT STYLE="margin-bottom: 0in"><BR> </P> ! <P ALIGN=LEFT STYLE="margin-bottom: 0.2in">ISCS version 0.0.1 configures neither the VPN nor iproute2 so you will need to manually create the VPN connections as well as any advanced routing features. For this reason, the training slides for the various technologies ! have been included in the 0.0.1 tarball. Please also note that ! version 0.0.1 REQUIRES the installation of an *swan IPSec stack as described above.</P> <P ALIGN=LEFT STYLE="margin-bottom: 0.2in">Make sure that advanced --- 41,50 ---- <P ALIGN=LEFT STYLE="margin-bottom: 0in"><BR> </P> ! <P ALIGN=LEFT STYLE="margin-bottom: 0.2in">ISCS version 0.0.3 configures neither the VPN nor iproute2 so you will need to manually create the VPN connections as well as any advanced routing features. For this reason, the training slides for the various technologies ! have been included in the 0.0.3 tarball. Please also note that ! version 0.0.3 REQUIRES the installation of an *swan IPSec stack as described above.</P> <P ALIGN=LEFT STYLE="margin-bottom: 0.2in">Make sure that advanced Index: GSDefineAGs.html =================================================================== RCS file: /cvsroot/iscs/ISCS/docs/html/en/GSDefineAGs.html,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** GSDefineAGs.html 9 Sep 2004 03:34:37 -0000 1.2 --- GSDefineAGs.html 13 Oct 2004 01:50:21 -0000 1.3 *************** *** 14,18 **** <A HREF="GSDefineRGs.html">Next</A></P> <HR> ! <P>ISCS version 0.0.2</P> <H1 ALIGN=CENTER>Define Accessors and Access Groups</H1> <P ALIGN=LEFT>Figure 1 shows a typical Access Groups screen.</P> --- 14,18 ---- <A HREF="GSDefineRGs.html">Next</A></P> <HR> ! <P>ISCS version 0.0.3</P> <H1 ALIGN=CENTER>Define Accessors and Access Groups</H1> <P ALIGN=LEFT>Figure 1 shows a typical Access Groups screen.</P> Index: Installation_ISCS.html =================================================================== RCS file: /cvsroot/iscs/ISCS/docs/html/en/Installation_ISCS.html,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** Installation_ISCS.html 9 Sep 2004 03:34:37 -0000 1.2 --- Installation_ISCS.html 13 Oct 2004 01:50:21 -0000 1.3 *************** *** 14,18 **** <A HREF="Installation_DBD.html">Next</A></P> <HR> ! <P>ISCS version 0.0.2</P> <H1 ALIGN=CENTER>ISCS Installation</H1> <P ALIGN=LEFT>ISCS is not a single product. There are three --- 14,18 ---- <A HREF="Installation_DBD.html">Next</A></P> <HR> ! <P>ISCS version 0.0.3</P> <H1 ALIGN=CENTER>ISCS Installation</H1> <P ALIGN=LEFT>ISCS is not a single product. There are three Index: Installation_DBD.html =================================================================== RCS file: /cvsroot/iscs/ISCS/docs/html/en/Installation_DBD.html,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** Installation_DBD.html 9 Sep 2004 03:34:37 -0000 1.6 --- Installation_DBD.html 13 Oct 2004 01:50:21 -0000 1.7 *************** *** 14,18 **** <A HREF="Installation_PEP.html">Next</A></P> <HR> ! <P>ISCS version 0.0.2</P> <H1 ALIGN=CENTER>DBD Installation</H1> <P ALIGN=LEFT>The DataBase Distributor performs two vital functions --- 14,18 ---- <A HREF="Installation_PEP.html">Next</A></P> <HR> ! <P>ISCS version 0.0.3</P> <H1 ALIGN=CENTER>DBD Installation</H1> <P ALIGN=LEFT>The DataBase Distributor performs two vital functions *************** *** 50,54 **** via RSA keys. We recommend that password ssh authentication be disabled.</P> ! <P ALIGN=LEFT>ISCS version 0.0.1 is hard coded to use MySQL. If you would like to use PostgreSQL, you must edit the spm/src/so.cpp file at around line 86 and change --- 50,54 ---- via RSA keys. We recommend that password ssh authentication be disabled.</P> ! <P ALIGN=LEFT>ISCS version 0.0.3 is hard coded to use MySQL. If you would like to use PostgreSQL, you must edit the spm/src/so.cpp file at around line 86 and change *************** *** 109,113 **** .ssh/authorized_keys file in their home directory on the DBD. This will enable passwordless connections.</P> ! <P ALIGN=LEFT>In version 0.0.1 you must connect from the SPM user's workstation to the DBD from the command line first to make the needed entry in the known_hosts file. This is also good practice to ensure --- 109,113 ---- .ssh/authorized_keys file in their home directory on the DBD. This will enable passwordless connections.</P> ! <P ALIGN=LEFT>In version 0.0.3 you must connect from the SPM user's workstation to the DBD from the command line first to make the needed entry in the known_hosts file. This is also good practice to ensure *************** *** 134,138 **** as root. </P> ! <P ALIGN=LEFT>In version 0.0.1, the name of the file is not configurable; it must be id_rsa_SPM even if running the SPM as root.</P> <P ALIGN=LEFT>The SPM users will copy files to the DBD via scp. --- 134,138 ---- as root. </P> ! <P ALIGN=LEFT>In version 0.0.3, the name of the file is not configurable; it must be id_rsa_SPM even if running the SPM as root.</P> <P ALIGN=LEFT>The SPM users will copy files to the DBD via scp. Index: BeforeGettingStarted.html =================================================================== RCS file: /cvsroot/iscs/ISCS/docs/html/en/BeforeGettingStarted.html,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** BeforeGettingStarted.html 9 Sep 2004 03:34:37 -0000 1.2 --- BeforeGettingStarted.html 13 Oct 2004 01:50:21 -0000 1.3 *************** *** 19,23 **** <A HREF="Installation_ISCS.html">Next</A></P> <HR> ! <P>ISCS version 0.0.2</P> <H1 ALIGN=CENTER>Before Getting Started</H1> <P ALIGN=LEFT>Thank you for your interest in ISCS. We are thrilled --- 19,23 ---- <A HREF="Installation_ISCS.html">Next</A></P> <HR> ! <P>ISCS version 0.0.3</P> <H1 ALIGN=CENTER>Before Getting Started</H1> <P ALIGN=LEFT>Thank you for your interest in ISCS. We are thrilled Index: GSDefinePEPs.html =================================================================== RCS file: /cvsroot/iscs/ISCS/docs/html/en/GSDefinePEPs.html,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** GSDefinePEPs.html 9 Sep 2004 03:34:37 -0000 1.2 --- GSDefinePEPs.html 13 Oct 2004 01:50:21 -0000 1.3 *************** *** 14,18 **** <A HREF="GSDefineAGs.html">Next</A></P> <HR> ! <P>ISCS version 0.0.2</P> <H1 ALIGN=CENTER>Define PEPs</H1> <P ALIGN=LEFT>Our first step is to define any gateways or, in ISCS, --- 14,18 ---- <A HREF="GSDefineAGs.html">Next</A></P> <HR> ! <P>ISCS version 0.0.3</P> <H1 ALIGN=CENTER>Define PEPs</H1> <P ALIGN=LEFT>Our first step is to define any gateways or, in ISCS, *************** *** 51,55 **** Identity tab since it will determine some of the options on the other tabs.</P> ! <P ALIGN=LEFT>ISCS version 0.0.1 has only defined a handful of models and can use even fewer. You must have installed a FreeS/WAN derived IPSec stack (OSW). If you installed the iptables patch-o-matic --- 51,55 ---- Identity tab since it will determine some of the options on the other tabs.</P> ! <P ALIGN=LEFT>ISCS version 0.0.3 has only defined a handful of models and can use even fewer. You must have installed a FreeS/WAN derived IPSec stack (OSW). If you installed the iptables patch-o-matic |