Dell DPND-523-EN12 B

Security Checklist | 153

CHAPTER

BSecurity Checklist

Although your Peregrine appliance will operate even if you do not follow these

procedures, we strongly recommend that you take the following steps to

reduce risk.

Step 1 Place your Peregrine appliance behind your institution/corporation’s

firewall.

The Peregrine appliance stores a lot of information about your network. You

do not want this information to be publicly available.

Information about the firewall ports to enable is in Choose how to receive

Peregrine Systems Customer Support on page 27 and Enable firewall ports

on page 28.

Step 2 Change the write community string of the Peregrine appliance.

This is a documented community string, known to:

Admin accounts at your site

existing and prospective Network Discovery customers

Anyone who knows the default write community string will be able to

change the SNMP MIB of your Peregrine appliance.

There is more information in Change the Peregrine appliance community

strings on page 77.

Contents

Main Page PEREGRINE Contents Page Page Page Page Page Page Page 1 About Network Discovery Peregrine Desktop Inventory can contribute data to Network Discovery Why its important to prepare Start by collecting information about your network Page 2 Your contact information Enter the following information to help determine the scale of your network. Describe your networks node and subnet setup Enter the Peregrine appliance network information Peregrine Systems Customer Support access List IPv4 ranges for Network Discovery to discover List IPv4 ranges for Network Discovery to avoid List the community strings of your networks devices Enter TCP/IP configuration Page What server will you use for the Peregrine appliance? Send the questionnaire 3 Turn on SNMP management in all routers and core switches (Optional) Turn on SNMP management in other devices Set DHCP lease time About community strings Directed community strings Give the Peregrine appliance IP address to all devices using directed community strings (Optional) Adjust bridge aging Plan the device and port to which the Peregrine appliance will be attached Choose how to receive Peregrine Systems Customer Support Through Internet access Virtual Private Network over the Internet By modem and dedicated telephone line Through a Remote Access Server (RAS) Enable firewall ports Page configuration Check Cisco devices (Optional) Enable UDP port forwarding on routers Check Committed Information Rate values 4 Page Picking the right Server Basic Requirements Small Appliance (up to 4,000 devices) Medium Appliance (up to 8,000 devices) Page Page Large Appliance (up to 15,000 devices) Page Servers that have been tested Here is a list of servers that Peregrine has tested and do work: Check the management workstation Note: Java and JavaScript must be enabled in order for Network Discovery to work properly. Peregrine Product Compatibility Page 5 About installing the hardware Connect a keyboard and monitor directly to the Peregrine appliance Connect the Peregrine appliance to AC power Set the BIOS boot sequence IBM Hardware Page Dell Hardware For the Dell 1750 Page For the Dell 1650 Page HP Hardware Install Network Discovery software from the CD Page Give the Peregrine appliance its network information Page Page Page Connect the appliance to the network Top-of-the-network device IBM xSeries 335 Peregrine appliance Page Page HP DL360/DL380 Peregrine appliance Connect a management workstation to the network Connect an Uninterruptible Power Supply (Optional) Connect data backup equipment and pager hardware (Optional) Connect the Peregrine appliance to a telephone line (Optional) Using terminal emulation software Page Page 6 Log in to Network Discovery Troubleshooting when logging in for the first time Page The Home page Page The Toolbar The banner or title bar The status window Assign a system name, contact, and location Change the Peregrine appliance community strings Set the time zone Enter the domain name server Page Enter the host name (Optional) Enter the Workgroup name (Optional) Enter the Administrator e-mail address (Optional) Enter the SMTP server Set the system time Set the date and time Synchronize the time Enter an NTP server to synchronize the time (continually) Change the default Admin password About disabling warnings Disabling UPS warnings Disabling modem warnings Disabling backup warnings 7 How it works Evaluation License Disaster Recovery License Basic Discovery License Request a new license Install the new license 8 How it works Run router discovery Set up the IPv4 range(s) to discover Import your IPv4 ranges from a CSV file View an IPv4 range Export your IPv4 ranges to a CSV file Delete an IPv4 range Add an IPv4 range Set up the IPv4 range(s) to avoid Add ranges for DHCP servers and unmanaged routers Add community stringsthe quick way Page Activate your proposed changes Check that its working Are devices appearing on the Network Map? Are there problems on the Exceptions reports? Check the Device Filters report Check the Device Modeling Queue 9 A precise matrix of network discovery A tree of IPv4 ranges Page Property Groups Network Property Groups The properties The following properties are in every Network Property Group: On How to use Network Property Groups Making changes to Network Property Groups Modify a Network Property Group Create a Network Property Group Delete a Network Property Group Apply a Network Property Group to a range Community Property Groups Page More on community strings Multiple Strings SNMP Traps Directed Community Strings Deleting a community string Property sets are a shortcut Reviewing and activating your configuration changes Page 10 There are four pre-installed accounts How many people can use Network Discovery at once How the types of accounts differ Creating accounts Page Page (Optional) More Account Administration Page 11 About external backups Choosing tape or an FTP site for your external backup Configuring an external backup Procedural alerts Page Page Testing your external backup and restore To run an internal or external backup immediately Creating an external backup Creating an internal backup Restoring your data Restoring from the internal backup Restoring from an FTP site Restoring from tape Restoring from another appliance Page Step 3: Connect the crossover cable between the two appliances Page Page Step 8: Restore on new appliance Page 12 Appliance How to shut down the Peregrine appliance Page A Overview Check that your maintenance license is current Check that you have the latest software components Download the new component(s) Install the new component(s) After you install new components Page Page B Page Page Page C Uninterruptible Power Supply (UPS) units Requirements Acceptable UPS units Recommended UPS units for Africa, Asia, Europe, Australia, the Middle East, and the South Pacific Tape Drive Required External Modem Required Adding a CPU or a modem later Use the CD and reboot the Peregrine appliance Page Page PEREGRINE Index A B C D E F G H J L M N P Q R S T