Professional Documents
Culture Documents
Swat 4.3.1 General
Swat 4.3.1 General
4.3.1
:
:
- "
SWAT 4.3.1 GENERAL.doc
11 :
SWAT
.
SWAT NAC
MAC ADDRESS/ IP
SWAT .
WEB
POLICY POLICIES :
)1
IP VLAN
)1
)3
)4
POLICY
)5
1,2c,3 :SNMP
SWAT 4.0.1 . :
)1
1 MAC ADDRESS
)1
3 IP
Compliance management
)1
:
)
"
MAC Vendor
SNMP SysObjectId
Policy TYPE
Compliance : WMI
)1
SERVICE .
)1
DISK SPACE
1
11 :
)3
)4
PROCESS
)5
REGISTRY KEY
)6
DOMAIN
)7
)8
)9
)11
.
WMI DB
Compliance
)1
)1
Telnet
Welcome note/Banner
PROMPT
HTTP
)
)3
TCP
TCP GRABBING
)1
)1
SWAT :
)
SIEM SOC
Anti Virus
)3
EXIST
)4
Inventory
)5
API web \
)6
event log
:NMAP
)1
IP
11 :
)1
finger print
)3
:
)1
VLAN Remediation
)1
)3
SMS
TRAP
SYSLOG
:IP PHONE
)1
)1
)3
)4
11 :
)1
COMPLIANCE
:IP
11 :
: POLICIES
: CONDITIONS
6
11 :
:
)1
TRAPS
11 :
:
)1
)1
11 :
)1
)1
COMPLIANCE
11 :
)1
)1
)3
)4
)5
ADMIN
OPER
REPORT
ACCESS
POLICIES
:
Value
Remarks
Section
Parameter
HARDWARE
CPU
MEMORY
Available
Space
Software
No UAC
Windows
authentication
Windows 2003/2008
OS
IIS 6+7
3.5
WEB Server
DotNet Framework
SQL 2005/2008
100GB
TYPE
Disk-Size
SQL
local or remote
:
)1
SQL
)
.
)1
11 :
SSH TELNET , DB )
)1
)3
WMI COMPLIANCE
:SWAT
)1
)1
SNMP
)3
))1
, '
))1
))3
:
)
LEARN MODE
))1
CSV
))1
" NETVIEW :
EYE OF THE STORM
)4
ARP
)5
)6
( ) -
)7
:POLICIES
)
POLICY
))1
SWAT
TYPES
CONDITIONS WMI
POLICIES
POLICIES
11
11 :
)8
.
POLICIES
:Workflow
)1
)1
: , ,
)3
, TRAP , SYSLOG
)4
( ADMIN
) OPER
)5
, ,
( )
)
)6
COMPLIANCE ,TRAP ,
SYSLOG
)7
WEB
)8
'
)9
SYSTEM
)1
)1
)1
)1
)3
PATCHES
// /
11
11 :