IBM Security Guardium V10: TEC Setup and Instructor Guide

IBM Software
IBM Security Guardium V10

TEC setup and instructor guide
Version 1.3
April 2016
An IBM Proof of Technology
PoT.0121.01
Contents
TEC SETUP INSTRUCTIONS .................................................................................................................................................. 3

REQUIREMENTS ........................................................................................................................................................ 3
SETTING UP THE SOFTWARE IMAGE ............................................................................................................................. 4
START THE APPLIANCE VM (CHOOSE “I MOVED IT” ON STARTUP) ................................................................................. 15
DB SERVER IMAGE .................................................................................................................................................. 22
STARTING THE LABS ................................................................................................................................................ 22
SNAPSHOTS............................................................................................................................................................ 24
INSTRUCTOR GUIDE ............................................................................................................................................................ 25
OBJECTIVES FOR THIS POT ...................................................................................................................................... 26
SCHEDULE AND STRUCTURE ..................................................................................................................................... 26
CLASSROOM CHECKLIST........................................................................................................................................... 30
TROUBLESHOOTING TIPS .......................................................................................................................................... 30
CONTACTS ............................................................................................................................................................. 30
FOR REFERENCE: ................................................................................................................................................... 31
© Copyright IBM Corporation, 2016

US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
IBM Software
TEC Setup instructions
Requirements
Hardware
For each participant you need a minimum of:

• An Intel™ or compatible system consisting of the following components:
• 1.6 GHz or greater processor, 4 or more CPU cores recommended.
• 70 GB free hard drive (50 GB hard drive for the DB Server image + 20 GB for the
collector)
• At least 16 GB core host RAM (The VM Images will require a minimum of 12GB to
run).
• Keyboard
• Mouse
• Display (image set to 1024x768)
• Network adapter (not needed at this time)
Software
• For TEC Centers: Software required to run the VM images: VMware Workstation.
• For IBMers running the images in their own laptop: if you don’t have a VMWare workstation
license, alternatives are:
• VMware player version (free version): This is a “bare bones” version of the VM Ware
workstation. It does not allow you to take snapshots and the network configuration is
different than described in this document.
• Alternatively you can also use a 30 days trial version of the VMWare Workstation.
• Minimum VMware version is 8.X.
• Windows 7
• Adobe Reader
• Mozilla Firefox
• FileZilla and 7zip to download and extract the images. These open source tools are
available via the IBM Open Community.
TEC setup and instructor guide Page 3

IBM Software
Setting up the software image
Downloading the VMware images

• For MAC: It’s recommended to use the Open Source tool FileZilla to download the files. Some
MAC users have reported that Finder FTP throws an error.
• You will download the VMware images from the Asset Library web site. The VMware images are
compressed into 7zip formatted files and each image is in a single file.
• Your download will consist of pieces for the IBM Security™ Guardium® PoT Appliance and
pieces for the PoT Database Server. The Download may take some time (a few hours)
depending on the speed of your internet connection. Please be patient.
• All Files can be downloaded into the same temporary directory.
• Approximately 16 GB of disk is required to store all pieces and about 55 GB after being
expanded:
• 6GB Collector, 14 GB expanded and running
• 10 GB for the DB Server, 40 GB expanded and running
Uncompressing the images

• The image are NOT self-extracting and you will need to unpack it using open source tool like
7zip which is Mac compatible.
• Uncompressing the *.7z files will enable you to create a folder containing all the VMware files
needed for each of the 2 Virtual Machines.
• When doing the extract, point to a ROOT directory where you want to create the folder with all
VMware contents. Like E:\, D:\ or C:\
• Extracting using 7Zip:
Select the first zip file of the image. For example: V10p8_Collector.7z.001 to Extract. All other
files that are part of this image will be extracted automatically.
Page 4 IBM Security Guardium V10

IBM Software
• Note: you can remove the compressed images after you uncompressed and ran a few tests.
Connectivity Requirements
• A dynamic IP address is used in the VM to allow the user to access the internet as needed.
• The VM network setting is set to NAT.
• The host workstation does not need to be on the network.
• A Network Time Protocol (NTP) Server must be configured as follows:
• Workstation with VMware images must be running ntp server service
• PoT_V10_DB_Server image is configured to reference an ntp server at 10.10.9.240
• VMnet8 (NAT) network adapter on workstation should be set to 10.10.9.240
Detailed steps:
__1. Select Virtual Network Editor from the Edit pull down menu:

IBM Software
__2. You will see this editor. Select the VMNet8 adapter and set Subnet IP to 10.10.9.0 and Subnet
mask to 255.255.255.0
__3. Click on DHCP Settings.

IBM Software
__4. Set the values as below. Click Ok.
__5. Click on NAT Settings:

IBM Software
__6. Enter or validate these values then select OK. The gateway address must be as shown in since
the hosts are set to expect the Gateway at the IP shown.
__7. Click OK to exit.
__8. The VMware Workstation network settings are complete.

IBM Software
Windows Workstation Settings
__1. Check or set the Workstation network settings for VMNet8.

Open the workstation network Control Panel > Network and Internet > View Network status and
tasks > Change Adapter Settings, OR
__2. On Windows 7, type ncpa.cpl
__3. Select VMware network Adapter VMnet8 , right click and select Properties.

IBM Software
__4. Select the Internet Protocol version 4 and click on Properties.

IBM Software
__5. Set the values as below, click Ok and close the window.
__6. You can also check this from the DOS prompt type: ipconfig
Windows IP Configuration
Ethernet adapter VMware Network Adapter VMnet8:
Connection-specific DNS Suffix . :

IP Address 10.10.9.240
Subnet Mask 255.255.255.0
Default Gateway

IBM Software
Setting up the VM Images Mac
1. Upgrade the hardware version of your virtual machine to improve performance by increasing the
memory limit and the number of processors. This will enable the Quick Search functionality in
Guardium.
a. Verify that you have the latest version of VMware tools are installed.
b. Select Window > Virtual Machine Library
c. Select the Collector VM and click Settings.
d. Under Other click Compatibility.
e. Under Advanced options, select a hardware version from the Use Hardware Version
drop-down menu to upgrade to hardware version 12 and Apply.
f. You need to edit or create this file to over commit memory

i. cd /Library/Preferences/VMware\ Fusion
ii. Note the escape character “\” used in the folder VMWare Fusion above.
iii. sudo vi config
iv. Add line prefvmx.minVmMemPct = P as shown below

IBM Software
v. Enter :wq to save the file
g. Next change the VNET 8 subnet

i. sudo vi networking
ii. Change the VNET_8_HOSTONLY_SUBNET to 10.10.9.0 as show below
iii. Enter :wq to save the file
h. Restart your Mac.
i. Start VMware Fusion and select the Collector VM and click Settings.
j. Select Processors & Memory and change to 4 cores and 25000 MB.

IBM Software
k. Under Removable Devices select Network Adapter.
l. Under Internet Sharing select the radio button to Share with my Mac.
m. Repeat the changes for the Network Adapter on the DBServer image.

IBM Software
Starting the VMs
Start the Appliance VM (Choose “I moved it” on startup)
To startup the Appliance VM you just unzipped, find the .vmx file, which is the VMware Virtual Machine
Configuration file. Double click on the icon for that file. This is one way to start the VMware Workstation
program. The VMware Workstation application will appear. Power up or resume the Appliance VM from
the Summary View. Right click on the VM tab and Select Add to Favorites to add this VM to the
VMware Workstation Favorites.
On First Startup of your VMware image, you MAY see the question:
Did you Move this VM or was it Copied.
Do NOT take the default.
For these labs, at first startup, a VMware image alert box may ask if this VM was Moved or Copied.
Always select the “I moved it” Radio Button. This will prevent VMware from automatically creating
new MAC addresses which will not allow the appliance license to be validated.
Guardium Collector VMware image setup
Recommended changes on Master VMware (before copying for each workstation):
PoT_V10_Appliance image snapshot set to default state – “V10 PoT – Lab Start”:
__1. Select the Collector VM image and right click.
__2. Select the option Snapshot > Snapshot Manager

IBM Software
__3. Select the Lab Start snapshot and click in Go To.
__4. Repeat the same process for the PoT_V10_DB_Server image. Set the snapshot to state – “V10
PoT – Lab Start”

IBM Software
Verify Guardium Collector components are working
__1. Once the appliance login appears on the VMware Workstation Console View,
Login with user cli, password guardium on the IBM Security™ Guardium® appliance command
line.
> show net int all
__2. Next, from the workstation command line (Dos prompt)
 ping 10.10.9.239 (This Appliance VM IP address)
If these commands execute successfully, you can proceed to verifying that the Database Server VM can
communicate with the Guardium Appliance VM.
Install putty.exe on the host workstation machine, if not already installed.
Start the Database Server VM
__1. To startup the Database Server VM you just unzipped, find the .vmx file, which is the VMware
Virtual Machine Configuration file.
__2. Double click on the icon for that file. This is one way to start the VMware Workstation program.
The VMware Workstation application will appear with the tab for the Database Server VM. Power
up or resume the Database Server VM from the Summary View. Right click on the VM tab and
Select Add to Favorites to add this VM to the VMware Workstation Favorites.
On First Startup of your VMware image you MAY see the question:
Did you Move this VM or was it Copied.
Do NOT take the default.
For these labs, at first startup, a VMware image alert box may ask if this VM was Moved or Copied.
Always select the “I moved it” Radio Button. This will prevent VMware from automatically creating
new MAC addresses.

IBM Software
__3. Set the snapshot to state – “V10 PoT – Lab Start”
Verify Database server components are working
1. On the Database Server VM login with the root user and use password 'guardium'.
2. First, let’s verify that the IP address of the Database Server VM is 10.10.9.56. Issue the
command ifconfig and check that this is the address.

IBM Software
3. Let us now start the the database processes. Run the following script ./startdb_all.sh
Verify that the Collector and DB Server timestamps are the same
1. Switch to the Guardium Appliance VM.
2. Login to the machine using the username 'cli' and the password 'guardium'.
3. Let us verify that the IP address of this Guardium appliance is 10.10.9.239. Issue the command
show network interface all and verify that this is the IP that is set.
4. We must now verify communication between the Database Server VM and the Guardium
Appliance VM. Issue the command ping 10.10.9.56 to see if the Guardium appliance can talk to
the Database Server.

IBM Software
5. Issue the command show system clock all to see what the day and time is. The date and time
on both VMs should be about the same. Note that synchronous time between both VMs is critical
to the success of the lab.
6. Switch to the DB Server VM and check the timestamp with the command date:
7. If the system clock or timezone in the appliance does not match the one in the DB Server image,
change the sys clock in the Guardium appliance with the command:
store system clock datetime YYYY-mm-dd hh:mm:ss
For example: store system clock datetime 2016-03-21 10:15:30

(Use the timestamp from the DB Server image)

IBM Software
8. After changing the Guardium collector timestamp, run the command restart gui. Type Y to the
prompt.
9. Optional: Change the timezone of the VMs. Use the command first with the list option to display
all time zones. Then enter the command a second time with the appropriate zone.
store system clock timezone list
store system clock timezone <timezone>

IBM Software
DB Server Image
For more information on the database instances installed on the DB Server image, like credentials and
commands for each database, refer to the V10 POT DB Server Primer document.
Application Version Auto DB Start OS User
DB2 Database Server 10.1 No db2inst1
Informix Database
11.70 No informix
Server
MySQL Database
5.6.10 No mysql
Server
Oracle Database
11.2.0.2.0 Yes oracle
Server
PostgreSQL Database 9.2.4 No postgres
Sybase Database
15.7 No sybase
Server
Starting the Labs

__1. Whenever starting the DB Server VM, log as root and run the script to start the database
instances: ./startdb_all.sh
__2. Launch your browser (such as Firefox) from your Lab workstation to connect to the IBM
Security® Guardium® GUI web server.
Internet Browser > https://10.10.9.239:8443/
Login using pot/guardium

IBM Software

IBM Software
Snapshots
Lab Start
This snapshot contains all the Guardium components (CAS, GIM, STAP, FAM) “uploaded” into the
appliance, ready to the imported and installed in the DB server.
The Installation and Configuration Lab will guide you thru all the steps for the installation of the Guardium
components.
Use the Lab Start snapshot if you want to do the Install Lab or FAM Discovery Lab_Start. If you are not
running the Install Lab, you should use the Demo Snapshot.
Demo Mode
In this snapshot, all the Guardium components (CAS, GIM, STAP and FAM) are already installed. You
can run all the other labs in this Snapshot, with the exception of Install and FAM Discovery Labs.
This snapshot contains data that can be displayed in several Standard pre-defined Guardium reports.
Look at the Standards report lab for a list of such reports.
Data for the Demo Mode snapshot was generated on March 7, 2016. Make sure you adjust the run time
parameter of the reports to 03/07/2016 00:00:00 to March 8 or to today’s date (‘NOW’).
Quick Search is available with demo data. In the time period drop down box, click on Specify to change
the time frame to display data:

IBM Software
Instructor guide
This proof of technology is designed to be self-paced. The PoT contains:
• Setup and Instructor Guide (this document)
• A presentation for each of the 19 Labs
• A hands-on laboratory workbook for each Lab.
• You need approximately 2 days to cover all the Labs. If your PoT is just for one day, you
should choose up to 10 Labs from the list below.
• Refer to the 1 Day and 2 Day PoT Flyers, in the Source Flyer folder for suggestions of Labs
to run.
• An overview
• Lab 1: Database Auto-Discovery
• Lab 2: Sensitive Data Finder
• Lab 3: Entitlement Reports
• Lab 4: Guardium Client Install
• Lab 5: Custom Reports
• Lab 6: Policy Builder
• Lab 7: FAM Discovery and Classification (Lab Start)
• Lab 7: FAM Discovery and Classification (Demo Mode)
• Lab 8: FAM Monitoring
• Lab 9: Vulnerability Assessment
• Lab 10: Compliance Workflow Automation
• Lab 11: Configuration Audit System (CAS)
• Lab 12: Correlation Alerts
• Lab 13: Standard Reports
• Lab 14: PCI Accelerator
• Lab 15: Application End-User Identifier
• Lab 16: SIEM Integration
• Lab 17: Data Level Security
• Lab 18: Query Rewrite
• Lab 19: Frequently Asked Questions
• VMware images
It is suggested that the presentation be given first. It is designed to provide introductory information,
terminology and navigation tips.

IBM Software
Some labs have optional sections. The instructor will use his or her own discretion informed by client’s
goals (if known) to decide which labs and lab optional sections will meet time and other constraints.
Objectives for this PoT

This PoT will provide hands-on training on IBM Security® Guardium® V10, covering DAM, VA and FAM
products. The intended audience will be customers, technical trainees and anyone with a business need
to become familiar with the IBM Security® Guardium® applications. Each of the 19 Labs will focus on a
specific IBM Security® Guardium® V10 feature.
Schedule and structure

Table 1: Estimated timing for PoT modules

IBM Software
Estimated time Snapshot to Pre-Requisite

Component required run the Lab
Introductory slide presentation 30 minutes NA
Lab 1 – Database Auto- Demo or Lab -

15 minutes
Discovery Start
Demo or Lab -
Lab 2 – Sensitive Data Finder 30 minutes
Start
Demo or Lab -
Lab 3 – Entitlement Reports 15 minutes
Start
Lab 4 – Guardium Client Install 40 minutes Lab Start -
Demo or Lab On Lab start, run Install

Lab 5 – Custom Reports 30 minutes
Start Lab first.

Lab 6 – Policy Builder 45 minutes
Start Lab first.
Lab 7 – FAM Discovery and Lab Start On Lab start, run Install
20 minutes
Classification (Lab Start) Lab first.
Lab 7 – FAM Discovery and Demo Mode

30 minutes
Classification (Demo Mode)

Lab 8 – FAM Monitoring 30 minutes
Start Lab first.
Lab 9 – Vulnerability Demo or Lab

30 minutes
Assessment Start

Start Lab first.
Lab 10 – Compliance Workflow
30 minutes Uses a report generated
Automation
in Lab 9 – Vulnerability
Assessment
Lab 11 – Configuration Audit Demo or Lab On Lab start, run Install

30 minutes
System Start Lab first.

Lab 12 – Correlation Alerts 20 minutes
Start Lab first.
Lab 13 - Standard Reports 20 minutes Demo Mode
Lab 14 – PCI Accelerator 20 minutes Demo Mode

IBM Software
Lab 15 – Application End-User Demo or Lab On Lab start, run Install

20 minutes
Identifier Start Lab first.

Lab 16 – SIEM Integration 30 minutes
Start Lab first.

Lab 17 – Data Level Security 30 minutes
Start Lab first.

Lab 18 – Query Rewrite 60 minutes
Start Lab first.
Lab 19 – Frequently Asked NA

30 minutes
Questions

IBM Software
Given the above data, the following agenda is recommended:
Table 3: Recommended agenda for 1 - Day PoT

Agenda item Recommended schedule
Introductory slide presentation 8:30 AM – 9:00 AM
Labs 1 – 4 9:00 – 12:00
Lunch 12:00 – 1:00
Labs 5-10 1:00 – 4:00
Summary 4:00 – 4:30
Table 4: Recommended agenda for 2-Day PoT – Day 1

Introductory slide presentation 8:30 AM – 9:00 AM
Labs 11-15 9:00 – 12:00
Lunch 12:00 – 1:00
Labs 16-19 1:00 – 4:00
Summary 4:00 – 4:30
Table 5: Recommended agenda for 2-Day PoT – Day 2

Overview of previous day 8:30 AM – 9:00 AM
Labs 11-16 9:00 – 12:00
Lunch 12:00 – 1:00
Labs 17-20 1:00 – 4:00
Summary 4:00 – 4:30

IBM Software
Classroom checklist
Instructors must reach the classroom at least an hour before the scheduled start time for the PoT to
make sure there is enough time to go through the checklist. Make sure you have the contact info of the
person responsible for the classroom and the machine setup.
VMware verification
Steps to be performed on all the machines in the classroom:
__1. Power-on all the machines (if necessary)
__2. Find out the user login password in case machine gets locked
__3. Navigate to the directory where PoT VM images have been copied
__4. Put VM in full screen mode (Press ctrl+alt keys to undo full screen mode)
__5. Check that the VMs up.
__6. Check that the VMs at the appropriate VM Snapshots
__7. Check that DBs needed for labs have been started.
Miscellaneous checklist
__1. Test projector
__3. Test microphone
__4. Student handouts
__5. Beverages and food
__6. Restrooms and exits
Troubleshooting tips
The computers are set up by TECs for the PoT in question.
Contacts
Marilene Roder – marilene@us.ibm.com

IBM Software
For Reference:

© Copyright IBM Corporation 2016.
The information contained in these materials is provided for

informational purposes only, and is provided AS IS without warranty
of any kind, express or implied. IBM shall not be responsible for any
damages arising out of the use of, or otherwise related to, these
materials. Nothing contained in these materials is intended to, nor
shall have the effect of, creating any warranties or representations
from IBM or its suppliers or licensors, or altering the terms and
conditions of the applicable license agreement governing the use of
IBM software. References in these materials to IBM products,
programs, or services do not imply that they will be available in all
countries in which IBM operates. This information is based on
current IBM product plans and strategy, which are subject to change
by IBM without notice. Product release dates and/or capabilities
referenced in these materials may change at any time at IBM’s sole
discretion based on market opportunities or other factors, and are not
intended to be a commitment to future product or feature availability
in any way.
IBM, the IBM logo, and ibm.com are trademarks of International

Business Machines Corp., registered in many jurisdictions
worldwide. Other product and service names might be trademarks of
IBM or other companies. A current list of IBM trademarks is
available on the Web at “Copyright and trademark information” at
www.ibm.com/legal/copytrade.shtml.

IBM Security Guardium V10: TEC Setup and Instructor Guide

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

IBM Security Guardium V10: TEC Setup and Instructor Guide

Uploaded by

Copyright:

Available Formats

IBM Software

IBM Security Guardium V10

TEC SETUP INSTRUCTIONS .................................................................................................................................................. 3

© Copyright IBM Corporation, 2016

TEC Setup instructions

For each participant you need a minimum of:

TEC setup and instructor guide Page 3

Setting up the software image

Downloading the VMware images

Uncompressing the images

Page 4 IBM Security Guardium V10

TEC setup and instructor guide Page 5

__3. Click on DHCP Settings.

Page 6 IBM Security Guardium V10

__4. Set the values as below. Click Ok.

__5. Click on NAT Settings:

TEC setup and instructor guide Page 7

__7. Click OK to exit.

__8. The VMware Workstation network settings are complete.

Page 8 IBM Security Guardium V10

Windows Workstation Settings

__1. Check or set the Workstation network settings for VMNet8.

__2. On Windows 7, type ncpa.cpl

TEC setup and instructor guide Page 9

__4. Select the Internet Protocol version 4 and click on Properties.

Page 10 IBM Security Guardium V10

Connection-specific DNS Suffix . :

TEC setup and instructor guide Page 11

Setting up the VM Images Mac

b. Select Window > Virtual Machine Library

c. Select the Collector VM and click Settings.

d. Under Other click Compatibility.

f. You need to edit or create this file to over commit memory

Page 12 IBM Security Guardium V10

v. Enter :wq to save the file

g. Next change the VNET 8 subnet

iii. Enter :wq to save the file

h. Restart your Mac.

TEC setup and instructor guide Page 13

k. Under Removable Devices select Network Adapter.

Page 14 IBM Security Guardium V10

Starting the VMs

Start the Appliance VM (Choose “I moved it” on startup)

Do NOT take the default.

Guardium Collector VMware image setup

Recommended changes on Master VMware (before copying for each workstation):

__1. Select the Collector VM image and right click.

__2. Select the option Snapshot > Snapshot Manager

TEC setup and instructor guide Page 15

__3. Select the Lab Start snapshot and click in Go To.

Page 16 IBM Security Guardium V10

Verify Guardium Collector components are working

> show net int all

__2. Next, from the workstation command line (Dos prompt)

 ping 10.10.9.239 (This Appliance VM IP address)

Install putty.exe on the host workstation machine, if not already installed.

Start the Database Server VM

Do NOT take the default.

TEC setup and instructor guide Page 17

__3. Set the snapshot to state – “V10 PoT – Lab Start”

Verify Database server components are working

Page 18 IBM Security Guardium V10

1. Switch to the Guardium Appliance VM.