Symantec Critical System User Manual

106 Migrating to the latest version

Checklist for migrating from Symantec Intruder Alert

Policy migration involves using a policy conversion utility that converts legacy
.pol and .ini files to XML files and places them in a .zip file, and then using the
authoring environment to compile the converted legacy policies to the latest
version. The utility runs on Windows only, but will convert UNIX policy files.

You should not migrate policies until you are comfortable working with the
Symantec Critical System Protection management console and authoring
environment.

Symantec Critical System Protection implements rules differently than
Symantec Intruder Alert and Symantec Host IDS, so you must validate your
rules before compiling your policies.

Checklist for migrating from Symantec Intruder
Alert

Symantec Critical System Protection contains an IDS component similar in
functionality to Symantec Intruder Alert. Migrating from Symantec Intruder
Alert to Symantec Critical System Protection is a fairly straightforward process.

Before starting the migration process, you should note the following:

■

The Symantec Critical System Protection management server only runs on
Windows, while the Symantec Intruder Alert server is multi-platform.
You may want to run Symantec Intruder Alert and Symantec Critical
System Protection in parallel, migrating over agents from Symantec
Intruder Alert to Symantec Critical System Protection in bunches, until
potentially all Symantec Intruder Alert agents are migrated to Symantec
Critical System Protection, and the Symantec Intruder Alert server can be
retired.
Symantec Intruder Alert supports agent platforms that are not supported
by Symantec Critical System Protection, so you might require a small
continuing Symantec Intruder Alert presence to service those platforms. If
you install the Symantec Critical System Protection management server on
a separate computer from the Symantec Intruder Alert server, you might
want to reuse the same communication ports that the Symantec Intruder
Alert server uses to communicate with its agents, to simplify your firewall
changes. The Symantec Critical System Protection installation process lets
you specify which ports you want to use.

■

The policy conversion utility migrates your custom Symantec Intruder
Alert policies to Symantec Critical System Protection.
Use the policy conversion utility to convert your custom Symantec Intruder
Alert policies into XML that can be imported into the Symantec Critical