The device is set with an IP address and subnet mask using the LCD and buttons to select fields and enter data. The system generates and displays a password used to access the unit's administration functions from a web browser via an SSL-encrypted connection.
The browser needs to support Java, and Symantec recommends Internet Explorer 6 with Java Runtime Environment 1.3.1_04. The necessary Java files have been included on the device, so they can be uploaded if required. Once the browser connection is made, the system runs an initial set-up wizard.
The system's date and time, domain, host and gateway details can all be set and the front panel buttons can be locked to prevent them being used to change the configuration.
Some services, such as mail (smtp), web (http) and file transfer (ftp) will be configured with default rules that will allow clients on the internal network to have internet access.
Defining security policies and rules is slightly complicated: objects (Network Entities) need to be created for all aspects of the network, including locations on internal or external networks (defined using IP address ranges), hosts, domains, and gateways. These entities are used in rule definitions and can have spoof protection applied to them – defining the included and excluded interfaces as needed.
Although this approach requires a great deal of planning before making any changes to the security policy, this is not necessarily a bad thing. An advantage of using entities is that the system can be scanned to determine where a specific entity is used, so that the likely consequences of making changes to the network can be discovered beforehand. This system enables validation checks to be made on individual rules.
The device passed our port scans. It also reported the attempt, which indicates that the hybrid IDS was working correctly. The comprehensive logging and reporting system allows for reports to be generated in both pdf and html formats with various page sizes.