beautypg.com

Checklist for migrating from symantec host ids – Symantec Critical System User Manual

Page 108

background image

108 Migrating to the latest version

Checklist for migrating from Symantec Host IDS

Checklist for migrating from Symantec Host IDS

Symantec Critical System Protection contains an IDS component similar in
functionality to Symantec Host IDS. Migrating from Symantec Host IDS to
Symantec Critical System Protection is a fairly straightforward process.

Before starting the migration process, you should note the following:

The Symantec Critical System Protection management server only runs on
Windows, while the SESA server is multi-platform.
You may want to run Symantec Host IDS and Symantec Critical System
Protection in parallel, migrating over agents from Symantec Host IDS to
Symantec Critical System Protection in bunches, until potentially all
Symantec Host IDS agents are migrated to Symantec Critical System
Protection, and the SESA server can be retired.
Symantec Host IDS supports agent platforms that are not supported by
Symantec Critical System Protection, so you might require a small
continuing Symantec Host IDS presence to service those platforms. If you
install the Symantec Critical System Protection management server on a
separate computer from the SESA server, you might want to reuse the same
communication ports that the SESA server uses to communicate with its
agents, to simplify your firewall changes. The Symantec Critical System
Protection installation process lets you specify which ports you want to use.

The policy conversion utility migrates your custom Symantec Host IDS
policies to Symantec Critical System Protection.
Use the policy conversion utility to convert your custom Symantec Host IDS
policies into XML that can be imported into the Symantec Critical System
Protection authoring environment (and eventually conditionally applied to
your Symantec Critical System Protection agents).
See

“Migrating legacy detection policy files”

on page 111.

The policy conversion process automatically migrates your existing
Symantec Host IDS registry and event log settings, but you will need to
manually reenter any custom files under observation into the file lists in
the following policies:

Host_IDS_File_Tampering policy

Template_FileWatch policy

Your own custom file-watching policy

Plan how to migrate your Symantec Host IDS agents to Symantec Critical
System Protection.
As previously noted, you cannot migrate Symantec Host IDS agents that
run on client platforms not supported by Symantec Critical System
Protection. You should record the policy settings for each group of agents