PROMOCIÓN DE LA SALUD.

Before installing CSPM, make sure the following software requirements have been met to save yourself from having to backtrack and install/configure them:

■ Windows NT 4.0 ■ Service Pack 6a for NT ■ Internet Explorer 5.5 ■ TCP/IP Protocol Stack ■ HTML Help 1.32 Update

■ Microsoft’s XML Parser 3 (MSXML3) ■ NTFS

■ TAPI/MAPI for email ■ DHCP should be disabled ■ NT Startup time set to zero

NOTE

The autostart utility does a check for NT 4.0, Internet Explorer 5.5, HTML Help 1.32 Update, and MSXML3 during setup. The installation applica- tion does not know what any Windows version later than NT 4 is, or any browser version later than 5.5, so it will not continue. It will run nicely in a Connectix Virtual PC session, which in turn runs very well on Windows 2000 or XP.

Due to the sensitivity of intrusion detection it is recommended that you install the CSPM as a stand-alone system.The CSPM system is designed to be in a location like a Security Operations Center (SOC). It allows all of the security personnel to look at the same interface and only those personnel with access to the SOC can access the system.The client/server installation allows administra- tion to take place from different locations.This is not always a best practice and auditing, traceability, and nonrepudiation become an issue.

1. Insert the CSPM installation CD.The autostart utility will automatically initiate the installation.

2. The first thing you will see is a warning to disable any antivirus software during installation. Next, you will get the notice in Figure 4.1, Cisco Secure VPN client Not Installed on Host.

3. If you plan on installing the VPN client, do that before you install CSPM. Otherwise, press Continue.

4. Select Install Productin the Options box as seen in Figure 4.2, and then click Next.

5. At this point, if the applications listed previously have not been installed, the installation cannot proceed.The Options box will display any

required components that are not present.

6. At the License Agreement panel, accept the terms of the license and click Next.

7. Specify the location of the CSPM license disk, usually on the accompa- nying diskette, by entering the directory path.

8. You will also have to enter the password that corresponds with the license disk.The password is usually on the diskette label. Click Next. See Figure 4.3

9. If you have downloaded the software, the password will be in the readme file.

Figure 4.2 Cisco Secure Policy Manager Installation

10. Select the type of system you want to install:Standalone or

Client/Server. CSPM does not support the Distributed CSPM option. See Figure 4.4.

11. If you are installing a client/server system, select Policy Server.This needs to be intalled before Policy Administratorin the Feature Set

list.The Policy Administrator Feature Set is for Remote Administration. The Feature Set drop-down box is disabled for the Standalone option. 12. Specify the installation path in the Installation Folder box and click

Next.

13. You will be prompted to enter the password for the Windows NT user- name detected during setup. Click Next.

14. Select the IP address configured on the local host for the stand-alone system and enter the port the Primary Policy Database will communi- cate on.The default port is 2567. See Figure 4.5.

Figure 4.4 Installation Options

NOTE

When setting the IP address for CSPM, do not think that you can change it later. You can not change it without reinstalling CSPM, so make sure you get it right the first time. Don’t ask how we know this.

15. Specify the Policy Database key location in the File Destination box. If you are doing a stand-alone system, it is not mandatory to export the key.The client/server system installation requires you to export the database key. Click Next.

NOTE

It is recommended that you export the database key to a diskette that is readily available and can be stored in a secure location. Exporting the database key to a network share is discouraged. If the network resources become inaccessible, the database key cannot be retrieved.

16. In the Configure Communication Properties, shown in Figure 4.6, enter your CSPM system’s host ID, organization ID, the IP address (if it is not already displayed), the host name, and organization name.

17. Verify your settings. If a setting is incorrect, you can use the Back button to back up and make changes. If everything is correct, click Copy Files. 18. Once the installation has completed, click Finish to close the setup

program.

If you are performing a stand-alone system installation, you will only have to do the installation procedures once. If you are implementing a client/server CSPM system, you need to repeat the preceding steps to install the Policy Administrator feature set on all additional hosts that will serve as clients for remote administration.

Once you have finished the installation, you will need to log in to start con- figuring.

NOTE

A stand-alone system can be converted to a client/server system without having to uninstall and reinstall CSPM. The stand-alone system will act as the Policy Server. Once you have exported the database key from the stand-alone system, you can install the Policy Administrator feature set on multiple hosts for remote administration using that database key during the installation of the Policy Administrator feature set.