Description

Event Manager for Firewalls allows you to monitor Secure Computing Sidewinder devices for suspicious activities that may indicate a security breach and detects hardware or software errors in real-time. Event Manager for Firewalls helps you secure your internet access points and network resources by providing a single point of monitoring for multiple Secure Computing Sidewinder firewalls in your enterprise. Event Manager for Firewalls alerts you in real-time to critical security events detected by Secure Computing Sidewinder, allowing you to take corrective action.

Event Manager for Firewalls provides views to alert you to suspicious activity. For example, you can perform the following tasks:

• Monitor Access Control List (ACL) changes
• Detect network attacks
• Examine logon failures
• Identify hardware and software errors
• Monitor important or alarm event types detected by Secure Computing Sidewinder
• Notify the Security Specialists notification group of serious issues
• Monitor your environment from a single console

Why Install This Version?

Event Manager for Firewalls provides an important new capability.

This version includes new technology for dynamically updating Security Manager modules. The AutoSync Server allows you to download and install updated modules between Security Manager releases.

Improvements are made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure our products meet all your needs.

Installation Requirements

The following table lists additional requirements for a Windows agent acting as the proxy agent for Secure Computing Sidewinder. For more information about agent requirements, see the Installation Guide for NetIQ Security Manager.

Category	Requirement
Processor	1.5GHz Intel Pentium III or equivalent.
Memory	40MB minimum. The amount of memory usage varies and depends on the environment, including event rate and other factors. Memory use for a Windows agent monitoring Secure Computing Sidewinder could reach 256MB or higher.
Operating System	Windows 2000 with Service Pack 2 or later.
Software	A Windows agent can monitor one or more Secure Computing Sidewinder devices. For more information about the number of devices one agent can support, see the NetIQ Security Manager Knowledge Base Article NETIQKB51404 at www.netiq.com/support/sm. The Windows agent computer acts as a proxy agent for the devices. Install each Windows agent on a computer inside the firewall and on a subnet as physically close to the device as possible. Fewer network hops provide better performance. Use a unique proxy agent for each platform sending syslog events. For example, use separate Windows agents to monitor NetScreen and Snort. Install the Windows agent on a separate computer from the database server or central computer to avoid performance issues.

Installation and Configuration Considerations

You can install this module using the Module Installer. After you install the module, run the Configuration Wizard to configure the module. For more information about installing and configuring this module, see the NetIQ Security Manager for Secure Computing Sidewinder Monitoring Guide in the following folder on the user interface computer:

installation folder\NetIQ Security Manager\OnePoint\Documentation\Monitoring Guides

Where installation folder is the location where you installed Security Manager user interfaces.

© 2004 - 2006 NetIQ Corporation. All rights reserved.