McAfee UTILITIES 4.0 Guía de usuario Pagina 19
- Pagina / 112
- Tabla de contenidos
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
• Establish a naming convention for your clients. Clients are identified by name in the
System Tree, in certain reports, and in event data generated by activity on the client. Clients
can take the names of the hosts on which they are installed, or you can assign a specific
client name during installation. McAfee recommends establishing a naming convention for
clients that is easy to interpret by anyone working with the Host Intrusion Prevention
deployment.
• Install the clients. Clients are installed with a default set of IPS, Firewall, Application
Blocking, and General rule policies. New policies with updated rules can later be pushed
from the server.
• Group the clients logically. Clients can be grouped according to any criteria that fits in
the System Tree hierarchy. For example, you might group clients according to their geographic
location, corporate function, or the characteristics of the system.
Client data and what it tells you
After you have installed and grouped your clients, you have completed the deployment. You
should begin to see events triggered by activity on the clients. If you have placed clients in
adaptive mode, you should see the client rules that indicate which client exception rules are
being created. By analyzing this data, you begin to tune the deployment.
To analyze event data, view the Events tab of the Host IPS tab under Reporting. You can
drill down to the details of an event, such as which process triggered the event, when the event
was generated, and which client generated the event. Analyze the event and take the appropriate
action to tune the Host Intrusion Prevention deployment to provide better responses to attacks.
The Events tab displays all Host IPS events, including quarantine and application blocking,
marked as intrusion, HIPS, or NIPS.
To analyze client rules, view the IPS, Firewall, and Application Blocking Client Rules
tabs. You can see which rules are being created, aggregate them to find the most prevalent
common rules, and move the rules directly to a policy for application to other clients.
In addition, the Reporting module provides detailed reports based on events, client rules, and
the Host Intrusion Prevention configuration. Use these queries to communicate environment
activity to other members of your team and management.
Automatic tuning with clients
A major element in the tuning process includes placing Host Intrusion Prevention clients in
adaptive mode for IPS, firewall, and application blocking, or learn mode for firewall and
application blocking. These modes allow computers to create client exception rules to
administrative policies. Adaptive mode does this automatically without user interaction, while
learn mode requires the user to tell the system what to do when an event is generated.
These modes analyze events first for the most malicious attacks, such as buffer overflow. If
the activity is considered regular and necessary for business, client exception rules are created.
By setting representative clients in adaptive or learn mode, you can create a tuning configuration
for them. Host Intrusion Prevention then allows you to take any, all, or none of the client rules
and convert them to server-mandated policies. When tuning is complete, turn off adaptive or
learn modes to tighten the system’s intrusion prevention protection.
• Run clients in adaptive or learn mode for at least a week. This allows the clients time to
encounter all the activity they would normally encounter. Try to do this during times of
scheduled activity, such as backups or script processing.
• As each activity is encountered, IPS events are generated and exceptions are created.
Exceptions are activities that are distinguished as legitimate behavior. For example, a policy
Managing Your Protection
Management of policies
19McAfee Host Intrusion Prevention 7.0 Product Guide for use with ePolicy Orchestrator 4.0
- Product Guide 1
- Basic protection 8
- Advanced protection 8
- IPS policies 8
- Firewall policies 8
- Policy management 9
- Policy tracking and tuning 10
- Preset protection 11
- Adaptive and learn mode 11
- Dashboards and queries 12
- Managing Your Protection 13
- Management of policies 16
- Where to find policies 17
- Configuring polices 18
- Automatic tuning with clients 19
- Management of systems 20
- Host IPS server tasks 21
- Host IPS protection updates 22
- Checking in update packages 23
- Updating clients with content 23
- Configuring IPS Policies 24
- Behavioral rules 25
- Reactions 26
- Exception rules 26
- Working with IPS signatures 30
- Creating signatures 33
- Creating exception rules 39
- Working with IPS events 40
- Managing IPS events 41
- Managing IPS client rules 43
- Configuring Firewall Policies 45
- Stateful packet filtering 46
- Stateful packet inspection 46
- State table 47
- State table functionality 47
- How firewall rules work 47
- How stateful filtering works 48
- Stateful protocol tracking 49
- Overview of Firewall policies 51
- Firewall client rules 55
- Quarantine policies and rules 55
- 4 Click Save to save changes 60
- Creating firewall rule groups 61
- Configuring General Policies 76
- Unlocking the Windows client 78
- Working with Host Intrusion 81
- Prevention Clients 81
- Creating 85
- System tray icon 86
- Setting client UI options 87
- Client error reporting 88
- Windows client alerts 90
- Responding to Firewall alerts 91
- About the IPS Policy tab 93
- About the Firewall Policy tab 94
- About the Blocked Hosts tab 96
- About the Activity Log tab 98
- Solaris client issues 100
- Client installation issues 100
- Client operations issues 100
- Stopping the Solaris client 101
- Overview of the Linux client 102
- Notes about the Linux client 103
- Linux client issues 103
- Stopping the Linux client 105
- Restarting the Linux client 105
- (continued) 107
Relacionado con productos y manuales para Software McAfee UTILITIES 4.0
Software McAfee QUICKCLEAN 3.0 Guía de usuario
(41 paginas)
(41 paginas)
Software McAfee UNINSTALLER 6.0 Guía de usuario
(99 paginas)
(99 paginas)
Software McAfee QUICKCLEAN 1.0 Guía de instalación
(29 paginas)
(29 paginas)
Software McAfee ENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE Especificaciones
(120 paginas)
(120 paginas)
Software McAfee QUICKCLEAN 1.0 Guía de usuario
(41 paginas)
(41 paginas)
Software McAfee UTILITIES 4.0 Manual de usuario
(11 paginas)
(11 paginas)
Software McAfee QUICKCLEAN 1.0 Manual de usuario
(22 paginas)
(22 paginas)
Software McAfee GUARD DOG 2 Guía de usuario
(128 paginas)
(128 paginas)
© 2020, manymanuals.es. Todos los derechos reservados | 0.041 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales