McAfee UTILITIES 4.0 Guía de usuario descargar pdf (Pagina 20)

might deem certain script processing as illegal behavior, but certain systems in your

engineering groups need to perform such tasks. Allow exceptions to be created for those

systems so they can function normally while the policy continues to prevent this activity on

other systems. Then make these exceptions part of a server-mandated policy to cover only

the engineering group.

• You might require software applications for normal business in some areas of the company,

but not in others. For example, you might allow Instant Messaging in your Technical Support

organization, but prevent its use in your Finance department. You can establish the application

as trusted on the systems in Technical Support to allow users full access to it.

• The Firewall feature acts as a filter between a computer and the network or Internet. The

firewall scans all incoming and outgoing traffic at the packet level. As it reviews each arriving

or departing packet, the firewall checks its list of firewall rules, which is a set of criteria with

associated actions. If a packet matches all the criteria in a rule, the firewall performs the

action specified by the rule — either allowing the packet through the firewall, or blocking it.

Management of systems

As part of managing the Host IPS deployment, you need to perform occasional system tasks.

These include setting up user permissions, server tasks, notifications, and content updating.

Permission sets for Host IPS

A permission set is a group of permissions granted to a user account for specific products or

features of a product. One or more permission sets can be assigned. For users who are global

administrators, all permissions to all products and features are automatically assigned. Permission

sets only grant permissions — they never remove a permission.

Global administrators can assign existing permission sets when creating or editing user accounts

and when creating or editing permission sets.

When you install the Host IPS extension it adds a section to the permission sets without applying

any permissions. The global administrators must grant permissions and create new permission

sets.

With Host Intrusion Prevention, permission can be granted for each feature of the product and

whether the user has read or read/write permission.

These permissions are available...For this feature...

None, view settings only, or view and change settings.IPS

None, view settings only, or view and change settings.Firewall

None, view settings only, or view and change settings.Application Blocking

None, view settings only, or view and change settings.General

The global administrator also needs to give permissions to handle other items that work with

Host Intrusion Prevention, including queries, dashboards, and notifications. To access information

on the Host IPS tab under Reporting, view permissions are needed for Event Log, Systems, and

System Tree access. For example, to analyze and manage Firewall Client rules found on the

Host IPS tab, a user needs permissions to view events under Event Log, to view the System

Tree tab under Systems, to view sections of the System Tree under System Tree access, and

to view and change settings under the Host Intrusion Prevention 7.0 Firewall feature. For more

information on permission sets, see the ePolicy Orchestrator 4.0 documentation.

Managing Your Protection

Management of systems

McAfee Host Intrusion Prevention 7.0 Product Guide for use with ePolicy Orchestrator 4.020

1 2 ... 15 16 17 18 19 20 21 22 23 24 25 ... 111 112

Comentarios a estos manuales

Sin comentarios

McAfee UTILITIES 4.0 Guía de usuario Pagina 20

Comentarios a estos manuales

Relacionado con productos y manuales para Software McAfee UTILITIES 4.0