INTOUCH® INSA Network Security Agent

INTOUCH® INSA
Network Security Agent

User's Guide

INTOUCH INSA - Network Security Agent was developed and
is supported by Touch Technologies, Inc. INTOUCH INSA
is distributed by Touch Technologies, Inc.

Touch Technologies, Inc.
9988 Hibert Street, Suite 310
San Diego, California 92131
Sales, Support (800) 525-2527

Note

® INTOUCH is a registered trademark of Touch Technologies, Inc.

NOTICE

Touch Technologies, Inc. (TTI) has prepared this publication for use by TTI personnel, licensees, and customers. This information is protected by copyright. No part of this document may be photocopied, reproduced or translated to another language without prior written consent of Touch Technologies, Incorporated.

TTI believes the information described in this publication is accurate and reliable; much care has been taken in its preparation. However, no responsibility, financial or otherwise, is accepted for any consequences arising out of the use of this material.

The information contained herein is subject to change without notice and should not be construed as a commitment by Touch Technologies, Inc.

The following are trademarks of Touch Technologies, Inc., and may be used only to describe products of Touch Technologies, Inc.: 


DYNAMIC TAPE ACCELERATOR        INTOUCH 4GL     INTOUCH INSA 
 
DYNAMIC LOAD BALANCER PLUS      REMOTE DEVICE FACILITY

The following are trademarks of Digital Equipment Corporation, and may be used only to describe products of Digital Equipment Corporation: 


DBMS      DCL      DECNET      OpenVMS      RDB      RMS      VAX

Revised April 1997 for V1.5

Copyright ©1996, 1997 Touch Technologies, Inc.

Contents Index

Preface

INTOUCH INSA --- Network Security Agent is a network surveillance security tool. INTOUCH INSA continuously scans user sessions for noteworthy or suspicious activity. All TELNET, RLOGIN, LAT, FTP sessions, and URL accesses are scanned by INTOUCH INSA, seven days a week, 24 hours a day. When incidents are detected, they are logged and manager-defined actions can be performed, including:

INTOUCH INSA allows you to define the policy and alert situations that best fit your needs and safeguard your system(s).

Note
Setting up and defining user expectations is considered a necessity by many legal experts (see Chapter 15, User Expectations and Legal Considerations). Touch Technologies, Inc. suggests that you consult your legal counsel regarding user expectations and computer-use policies allowed under Local, State and Federal laws in your area.

Purpose

The purpose of this manual is to provide:

Audience

This document is intended for use by the network manager or other technical personnel.

IF YOU HAVE NO SYSTEM MANAGER OR YOU HAVE QUESTIONS ABOUT INSTALLING INTOUCH INSA, PLEASE CALL TOUCH TECHNOLOGIES, INC. AT:



(800) 525-2527 toll free within the U.S. and Canada

(619) 566-3603 elsewhere

Chapter 1
Product Overview

Note
INTOUCH INSA is a very powerful network surveillance security tool. Used properly, INTOUCH INSA can aid in the early detection of computer crime. However, using INTOUCH INSA to its full potential requires a complete understanding of the content of this manual. Failure to read this manual completely can have a serious negative impact on the effective use of INTOUCH INSA.

INTOUCH INSA is intended to be used solely to aid in the detection of intruders and computer-use policy violations. Any application of INTOUCH INSA outside the scope of its intended use is not supported or condoned by Touch Technologies, Inc.---and is a violation of the INTOUCH INSA license agreement.

INTOUCH INSA should not be used in any manner that is a violation of Local, State, or Federal laws. If you have any questions regarding the legal use of a network surveillance security tool, we suggest that you contact appropriate legal counsel.

1.1 INTOUCH INSA - Network Security Agent

INTOUCH INSA provides network-wide surveillance, including the automated detection of intrusions and computer-use policy violations. All network-based user activity is scanned---regardless of the computer manufacturer or operating system being used.

INTOUCH INSA detects:

1.1.1 Network and System Impact

INTOUCH INSA has no impact on network or system performance. INTOUCH INSA requires no loading of software to any system, anywhere on the network. Even INTOUCH INSA's real-time display of user activity has absolutely no impact on network or system performance!

1.2 Intrusion Detection

Approximately 80% of all computer crime is performed from the inside! Firewalls can stop an outsider from breaking into your system. But having a firewall in place will not stop or detect unauthorized insider use of your computer systems.

INTOUCH INSA - Network Security Agent scans all user activity on your network, seven days a week, 24 hours a day. Whether the intrusion is from the outside (firewall failure) or from the inside (unauthorized insider activity), INTOUCH INSA detects the intrusion activity and takes manager-defined actions.

1.3 Enforcing Computer-Use Policies

The enforcement of computer-use policies has become an impossible and expensive undertaking. Thousands of workstations, PCs, terminals, and super-mini computers are in use each day. Many systems are also connected to LANs, WANs, and the Internet. Prior to the introduction of INTOUCH INSA, there was no solution to this difficult task of policy enforcement. Now, at last, with INTOUCH INSA, there is a solution!

1.3.1 How INTOUCH INSA Does Its Job

Running on a devoted, high-speed, 64-bit RISC system, INTOUCH INSA reads all network packets, reconstructs all user activity, and scans the activity for possible computer-use policy violations. The scanning is done automatically, in the background, and without any impact on the network. The patterns to be scanned for can be customized by the Network Security Manager.

When a possible policy violation is detected by INTOUCH INSA, the Network Security Manager is alerted. Once alerted, the Network Security Manager can review the incident, and even start a real-time display of the possible violator's session.

1.3.2 INTOUCH INSA is Inexpensive and Highly Effective

INTOUCH INSA's inexpensive and highly effective network intrusion detection capabilities:

With INTOUCH INSA - Network Security Agent, the Network Manager and Network Security Officer finally have a tool that allows the automated tracking and recording of unauthorized or suspicious activity --- down to the keystroke level --- in real-time!

1.4 About this Manual

The remainder of this manual is divided into several sections which consist of:

Chapter 2
Setting Up the INTOUCH INSA Hardware

The following information explains how to set up the INTOUCH INSA hardware after it has been unpacked.

Hardware List

The INTOUCH INSA hardware includes:
  Monitor  
  CPU  
  Keyboard  
  Mouse  
  Cables, cords: Video cable
    Network connection cable
    Cable attached to the keyboard
    Cable attached to the mouse
    Power cable for the monitor
    Power cord for the CPU

Setting Up the Hardware

After you have selected the location where you want to set up the INTOUCH INSA hardware, follow these steps:

  1. Place the CPU on the work area (table, desk, etc.).
  2. Set the monitor on top of the CPU.
  3. Connect the video cable. Depending on the type of cable you have, perform a. or b.:
    1. The video cable is the thick cable which has a single plug on one end and five (5) coax plugs on the other end. The five plugs are connected to the back of the monitor. The five plugs and monitor locations have colored dots. Connect the plugs to the monitor connectors which have the same color dots, as shown below: 


              Plugs:          Red      Green      Blue     White     Black 
                        Dot      Dot        Dot      Dot       Dot 
 
                        ---       ---       ---       ---       --- 
                       |   |     |   |     |   |     |   |     |   | 
                        ---       ---       ---       ---       --- 
 
        Monitor         Red      Green      Blue     White     Black 
        Locations:      Dot      Dot        Dot      Dot       Dot

      When connecting the five plugs, push each plug into the monitor location and turn it to the right.
      The other end of the video cable is plugged into the video card adapter in the back of the CPU. Push in the plug and then tighten the two screws.

    2. The video cable is the thick cable which has 15-pin plugs on both ends.
      Plug one end into the back of the monitor just above the five (5) coax plugs location and tighten the two screws.
      The other end of the video cable is plugged into the video card adapter in the back of the CPU. Push in the plug and then tighten the two screws.
  4. Connect the keyboard cable. Plug the keyboard cable into the back of the CPU where you see a powder blue dot.
  5. Connect the mouse cable. Plug the mouse cable into the back of the CPU where you see a yellow dot.
  6. Connect the monitor power cord to the back of the monitor and to the electrical outlet.
  7. Connect the CPU power cord to the back of the CPU and to the electrical outlet.
  8. Connect the network cable. If your INTOUCH INSA unit has more than one network controller card, all but one of these cards will be terminated with a Safe T. Plug one end into the CPU network controller card that is not teminated, and the other end into the network.
  9. Hardware setup is completed.

Note
If your INTOUCH INSA unit has more than one (1) network controller card and you will not be using all of the cards, the unused cards must be terminated by placing an ethernet terminator on the coaxial connector of the card.

Booting the System

Turn on the CPU.

Turn on the monitor.

The automatic boot procedure runs for several minutes. After completion, the "Digital" logo and "Start Session on NSAnn" message are displayed above the username and password boxes.

Chapter 3, Start Up Procedures, contains instructions on logging on and initializing INTOUCH INSA.

2.1 Connecting the External Disk Drive

The following steps describe the procedure for connecting the external disk drive which is used for INTOUCH INSA software upgrades (see Section 12.3, Software Upgrade Option).

  1. Shut down INTOUCH INSA --- see Section 12.2.1, Shut Down INTOUCH INSA.
  2. Shut down the system --- see Section 12.4.2, System Shutdown.
  3. Turn off the INSA CPU and monitor.
  4. Connect the external disk drive to the SCSI connector in the back of the machine.
  5. Turn on the external disk drive.
  6. Turn on the INSA CPU and monitor.
  7. After the automatic boot procedure runs, you can log back into the INTOUCH INSA system.

Chapter 3
Start Up Procedures

Starting up and using INTOUCH Network Security Agent is very simple. This chapter explains how to start up INTOUCH INSA and get to the main menu.

Note
Please read this chapter completely before proceeding with the start up procedures.

3.1 Initialization

Once the monitor and the INTOUCH INSA computer are connected to the network and powered up, the computer boots automatically and you see the "Digital" logo and the user name and password boxes. You can now log on to the system and initialize INSA Manager.

Note
It takes approximately three minutes for INTOUCH INSA to initialize and gather information about the current processes running on your network.

3.2 Logging In

The login boxes are displayed. 



        +---------------------------------------+ 
        |  Username:                            | 
        +---------------------------------------+ 
 
        +---------------------------------------+ 
        |  Password:                            | 
        +---------------------------------------+

Note
Before you can log into the INSA Manager account the first time, you will need to contact Technical Support at Touch Technologies, Inc. to get the password. Technical support can be reached seven days a week, 24 hours a day at 800-525-2527 or 619-566-3603.

Enter the user name. The user name is nsa_manager. The user name and password can be entered in either upper or lowercase letters.

Upper and Lowercase Letters
Unless you are specifically told to use upper or lowercase letters in the input, you can use either, or a mix of upper or lowercase letters at any time. 



        +---------------------------------------+ 
        |  Username: nsa_manager                | 
        +---------------------------------------+ 
 
        +---------------------------------------+ 
        |  Password:                            | 
        +---------------------------------------+

Enter the password given to you by Touch Technologies, Inc's technical support staff.

After the password is entered, the following messages are displayed:

Your password has expired.

Please enter a new password.

You can now select and enter your own password. You will be asked to enter your password twice.

This password procedure only occurs the first time you log into the NSA_MANAGER account. The next time you log in, you will use the new password you selected.

3.3 INSA Manager

After you log into the NSA_MANAGER account, a window (called a DECterm) is displayed and INTOUCH INSA automatically starts INSA Manager. Basically, INSA Manager is the interface you use to control all of INTOUCH INSA.

After INSA Manager is initialized, it displays the INTOUCH INSA main menu.

The next chapter provides examples which show you how to use INTOUCH INSA.

Next Contents Index