TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
RealSecure does not use the Raw Packet Driver, Internet Scanner does.
STEALTH MODE REQUIRES 2 NICs.
Here is the procedure for configuring a RealSecure engine on a multi-homed
machine so that it monitors on one interface and communicates with the
private network, or console, on the other interface. This is known as
operating in "stealth mode" because the promiscuous NIC does not have an ip
address and is therefore invisible on the network.
Installing the NICs (stealth NIC = NIC1, private network NIC=NIC2)
1. Install both NICs and their drivers.
2. Once both are installed, click Control Panel, Network, Adapters.
3. Select the adapter then click Properties.
4. Click the Bindings tab. You will see the bindings being set. If you
receive any errors like, "The adapter has no primary WINS server
configured. Continue anyway?" go ahead and click OK.
5. In the drop down box, click All adapters.
6. For NIC1 click the "+" next to the NIC.
7. Highlight each binding one by one then click Disable. Now NIC1 should
NOT be
disabled, but the bindings listed underneath will be. In order for
RealSecure to watch the network, it does not need the NIC to bind to
TCP/IP. This is because the Raw Packet Driver that is automatically
installed during the setup process places the NIC into promiscuous mode and
reads the data RAW right off of the NIC. This NIC1 will have no ip address.
8. Go back to the Protocols tab.
9. Highlight TCP/IP and click Properties.
10. A new window will be displayed. There will be a drop down box with a
list of NICs. It should only contain NIC2. If it contains NIC1 then you
have not properly disabled the TCP/IP Protocol for that NIC.
11. Select NIC2 (it will be selected by default).
12. Enter all the appropriate TCP/IP information for this network
segment. You may use the machine's own IP address as the "Gateway" IP if
desired. Set up the subnet mask to be as restrictive as possible. However,
this is not totally necessary since this will be a private network.
13. Once finished, click Apply and reboot the machine.
Setting up RealSecure in Stealth Mode:
1. Run the setup.exe (automatically executed upon opening the rsnt2_x.exe)
on the console machine. Select Console Only when prompted.
2. Run the setup.exe again on the console machine. This time, select
Export Public Authentication Key when prompted. Place it on a diskette or
somewhere you retrievable by the engine machine.
3. Run the setup.exe on the engine machine. Select Engine Only when prompted.
4. Run the setup.exe again on the engine machine. This time, select Load
Public Authentication Key when prompted. Load it from the location you
placed it in step 2.
5. From the console machine, launch the RS GUI.
6. Click Monitor Engine. Add the ip address of the interface of the
engine machine that will be communicating with the console.
7. Once the engine has been started and the event channel established,
right-click the engine then click Properties.
8. Click the General tab.
9. For Engine Address, enter the ip address of the interface that will be
communicating with the console.
10. For Service Port, leave it at the default of 2998 or enter a new port
number.
11. For Engine Port, leave it at the default of 901 or enter a new port
number.
12. For Adapter of Monitored Network, select the NIC of the interface the
engine will use to monitor the segment. This will be the promiscuous
interface. This will be the interface that is not the same as the one
assigned to the ip address used in step 7.
13. Click OK.
14. Stop the engine from the GUI.
15. Go to Control Panel, Services.
16. Stop and start the RealSecure Daemon.
17. From the RS GUI, begin monitoring the engine again.
Special Note:
If the RealSecure engine is installed on the management port of a switch,
unless the management, or mirror, port supports bi-directional
communications, the "kill connection" action will not work because the TCP
reset packet that kills the connection must be sent from the monitoring
interface. However, all other actions are initiated from NIC2 and will
function normally.
At 03:11 PM 12/15/99 +0100, [EMAIL PROTECTED] wrote:
>TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
>[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
>----------------------------------------------------------------------------
>
>Hi,
>
>I wanted to install RS 3.2, with only one NIC (in
>stealth mode), because it'll monitor the network
>between one of our firewall and the internet.
>
>I don't want to connet it to our LAN, that's why I
>thought it's enough if I put only one interface to
>the server.
>
>There were two problems with this.
>1.) It didn't install the Row Packet Driver
>2.) The console didn't enable to load the Monitor
>Detector, because it wants the IP address of the
>non-existent second NIC.
>
>How can I install the Real Secure with only one
>NIC, and in stealth mode?
>
>Thanks in advance!
>
>Regards,
>
>
>Istvan Takacs
>Network Manager
>Hungarian Gaming Co.
================================================
Audra N. Eng
Technical Product Manager
Internet Security Systems
Office: 415-379-3566
FAX: 415-831-4780
E-Mail: [EMAIL PROTECTED]
==============================================
