McAfee UTILITIES 4.0 Guía de usuario Pagina 11
- Pagina / 112
- Tabla de contenidos
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
Prevention you can divide administrative duties based on product features, such as IPS or
firewall.
Deploying Host Intrusion Prevention to thousands of computers is easily managed because
most computers fit into a few usage profiles. Managing a large deployment is reduced to
maintaining a few policy rules. As a deployment grows, newly added systems should fit one or
more existing profiles, and can be placed under the correct group on the System Tree.
Preset protection
Host Intrusion Prevention offers two types of protection.
Basic protection is available through the McAfee Default policy settings. This “out-of-the-box”
protection requires no tuning and generates few events. Clients can be initially deployed on a
large scale, even before you tune the deployment. For many environments this basic protection
may be sufficient.
Advanced protection is also available from some preconfigured IPS and firewall policies or by
creating custom policies. Servers, for example, need stronger protection than that offered in
basic protection.
Adaptive and learn mode
To further tune protection settings, Host Intrusion Prevention clients can create client-side rules
to server-mandated policies that block legitimate activity. The automatic creation of client rules
is permitted when clients are placed in
adaptive
or
learn
mode. In adaptive mode, available for
IPS, Firewall, and Application Blocking features, client rules are created without interaction from
the user. In learn mode, available for Firewall and Application Blocking features, the user
responds to alerts, indicating whether or not to create a client rule.
After client rules are created, you can analyze them decide which if any to convert to to
server-mandated policies. Adaptive and learn modes can be turned off at any time to tighten
the system’s protection.
Often in a large organization, avoiding disruption to business takes priority over security concerns.
For example, new applications may need to be installed periodically on some computers, and
you may not have the time or resources to immediately tune them. Host Intrusion Prevention
enables you to place specific computers in adaptive mode for IPS protection. Those computers
will profile a newly installed application, and forward the resulting client rules to the ePolicy
Orchestrator server. The administrator can promote these client rules to an existing or new
policy, then apply the policy to other computers to handle the new software.
Tuning
As part of Host Intrusion Prevention deployment, you need to identify a small number of distinct
usage profiles and create policies for them. The best way to achieve this is to set up a test
deployment, then begin reducing the number of false positives and generated events. This
process is called
tuning
.
Stronger IPS rules, for example, target a wider range of violations, and generate more events
than in a basic environment. If you apply advanced protection, McAfee recommends using the
IPS Protection policy to stagger the impact. This entails mapping each of the severity levels
(High, Medium, Low, and Information) to a reaction (Prevent, Log, Ignore). By initially setting
all severity reactions except High to Ignore, only the High severity signatures will be applied.
The other levels can be raised incrementally as tuning progresses.
Introducing Host Intrusion Prevention 7.0
Policy tracking and tuning
11McAfee Host Intrusion Prevention 7.0 Product Guide for use with ePolicy Orchestrator 4.0
- Product Guide 1
- Basic protection 8
- Advanced protection 8
- IPS policies 8
- Firewall policies 8
- Policy management 9
- Policy tracking and tuning 10
- Preset protection 11
- Adaptive and learn mode 11
- Dashboards and queries 12
- Managing Your Protection 13
- Management of policies 16
- Where to find policies 17
- Configuring polices 18
- Automatic tuning with clients 19
- Management of systems 20
- Host IPS server tasks 21
- Host IPS protection updates 22
- Checking in update packages 23
- Updating clients with content 23
- Configuring IPS Policies 24
- Behavioral rules 25
- Reactions 26
- Exception rules 26
- Working with IPS signatures 30
- Creating signatures 33
- Creating exception rules 39
- Working with IPS events 40
- Managing IPS events 41
- Managing IPS client rules 43
- Configuring Firewall Policies 45
- Stateful packet filtering 46
- Stateful packet inspection 46
- State table 47
- State table functionality 47
- How firewall rules work 47
- How stateful filtering works 48
- Stateful protocol tracking 49
- Overview of Firewall policies 51
- Firewall client rules 55
- Quarantine policies and rules 55
- 4 Click Save to save changes 60
- Creating firewall rule groups 61
- Configuring General Policies 76
- Unlocking the Windows client 78
- Working with Host Intrusion 81
- Prevention Clients 81
- Creating 85
- System tray icon 86
- Setting client UI options 87
- Client error reporting 88
- Windows client alerts 90
- Responding to Firewall alerts 91
- About the IPS Policy tab 93
- About the Firewall Policy tab 94
- About the Blocked Hosts tab 96
- About the Activity Log tab 98
- Solaris client issues 100
- Client installation issues 100
- Client operations issues 100
- Stopping the Solaris client 101
- Overview of the Linux client 102
- Notes about the Linux client 103
- Linux client issues 103
- Stopping the Linux client 105
- Restarting the Linux client 105
- (continued) 107
Relacionado con productos y manuales para Software McAfee UTILITIES 4.0
Software McAfee QUICKCLEAN 3.0 Guía de usuario
(41 paginas)
(41 paginas)
Software McAfee UNINSTALLER 6.0 Guía de usuario
(99 paginas)
(99 paginas)
Software McAfee QUICKCLEAN 1.0 Guía de instalación
(29 paginas)
(29 paginas)
Software McAfee ENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE Especificaciones
(120 paginas)
(120 paginas)
Software McAfee QUICKCLEAN 1.0 Guía de usuario
(41 paginas)
(41 paginas)
Software McAfee UTILITIES 4.0 Manual de usuario
(11 paginas)
(11 paginas)
Software McAfee QUICKCLEAN 1.0 Manual de usuario
(22 paginas)
(22 paginas)
Software McAfee GUARD DOG 2 Guía de usuario
(128 paginas)
(128 paginas)
© 2020, manymanuals.es. Todos los derechos reservados | 0.049 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales