ArcSight Network Security Platform [NSP]

Summary:

The ArcSight NSP demonstration script is designed to guide users through accessing and setting up the platform for managing network security. It begins with instructions on how to access the system via a provided URL and includes setup steps like installing a recommended plugin (Firefox) and logging in. The main section, "NSP General Setup Demo," covers features such as credential aliases and network maps: 1. **Credential Aliases**: Users are instructed to manage devices using SSH or Telnet due to NSP not relying on SNMP for management. They navigate to the Network Devices Tab (Credential Aliases) and edit a Cisco Enable credential alias. 2. **Network Maps**: This feature allows users to visualize network topology, including information about model type, OS version, interface assignments, etc., which is crucial for understanding device relationships. 3. **Discovery Process**: Users can perform various types of device discovery such as targeted, scan-based, and seed file discovery using regular expressions. They can also manually add devices by specifying details like device type, credential aliases, and IP addresses. 4. **Risk Management**: The document emphasizes the importance of obfuscating sensitive information during input and encrypting it within the NSP appliance to reduce risk exposure. Overall, this script aims to help users understand and interact with ArcSight NSP's capabilities for managing network devices effectively through discovery, monitoring, and detailed information access.

Details:

This document provides a demonstration script for accessing and setting up the Arcsight NSP (Network Security Platform) demo. The setup includes instructions for downloading and installing a plugin, logging in to access specific features, and navigating through different modules like network maps and credential aliases. It emphasizes the importance of using Firefox as recommended browser, which is crucial for optimal performance within the demonstration environment. The document begins with an overview on how to gain access to the NSP demo system via a provided URL and details the initial setup process including plugin installation. The main section titled "NSP General Setup Demo" focuses on various features such as credential aliases and network maps, explaining each feature in detail and providing guidance through practical tasks. The first task under this section is setting up credential aliases, which involve managing devices using SSH or Telnet due to NSP not relying on SNMP for management. The document instructs users to navigate to the Network Devices Tab (Credential Aliases) and edit a Cisco Enable credential alias as part of the demo tasks. Overall, the script serves as a guide for effectively demonstrating the features and functionalities of Arcsight NSP, tailored to help users understand and interact with the platform's capabilities in managing network devices. This text provides an overview and explanation of how ArcSight NSP (Network Security Proxy) manages authentication credentials for managed devices, specifically using Credential Aliases and Alias Groups. It highlights the importance of obfuscating sensitive information during input and encrypting it within the NSP appliance to reduce risk exposure. Additionally, it mentions that TACACS+ and Radius authentication methods currently require static passwords due to limitations in two-factor authentication solutions. The text also provides a demo task involving navigating through Credential Alias and Alias Group interfaces within ArcSight NSP. The provided text describes a demonstration on using ArcSight NSP (Network Security Platform) to discover and manage network devices. Here's a summary of the key points: 1. **Device Discovery**: The Network Devices screen in ArcSight NSP displays all managed devices under management within the platform. It supports various types of devices including routers, switches, firewalls, and VPNs, showcasing vendor agnostic support. 2. **Navigating Device Types**: Users can navigate through different device tabs such as Router, Switch, Firewall, and VPN to view detailed information about each type of device. 3. **Device Details**: The View Details link provides summary information specific to the device, including model type, OS version, interface assignments, etc. This is shown in Figure 2.2.2. 4. **Credential Alias Information**: Under the Driver Params tab, credential alias information used during discovery is paired with the specific device. This information is used for all future access to the device rather than sequentially attempting authentication methods previously assigned in the alias group. 5. **Discovery Process**: The Network Discovery page allows administrators to perform various types of device discovery such as targeted discovery, scan based discovery, and seed file discovery (as mentioned but not detailed further). This is illustrated in Figure 2.2.4. In summary, ArcSight NSP provides a comprehensive tool for managing network devices by enabling efficient discovery, monitoring, and accessing detailed information about each device through its vendor agnostic support and user-friendly interface features. This document discusses how to use ArcSight NSP for network and asset management, including device discovery and mapping. The process starts with entering a specific IP address in the include CIDR block or selecting a firewall type like Juniper Netscreen. After setting these parameters, you can run a discovery now. For more precise targeting, organizations can use seed files (like hosts files) to identify managed devices using regular expressions without reformatting them. Alternatively, users can manually add devices by specifying their details such as device type, credential aliases, and IP addresses. Finally, once the devices are discovered or added, they can be mapped on a network map in NCM. This passage discusses how ArcSight's system is designed to help manage network devices efficiently. It explains that creating a layer 3 topology map of all managed devices shows their current configuration, not necessarily their active running status. This feature is helpful because it can reveal any leftover or wrongly configured data that might cause problems in the network. In many cases, after setting up credential aliases and doing device discovery, network engineers can quickly see issues on the topology map and fix them before they become big problems. ArcSight has made sure to keep risks low when giving out information needed for managing devices and letting admins find the best way to discover devices. This means customers usually set up and manage their devices in just a few hours, instead of days. The combination of easy setup, device discovery, and topology mapping helps customers find potential configuration issues early, which saves time and money (return on investment).