McAfee UTILITIES 4.0 Guía de usuario Pagina 26
- Pagina / 112
- Tabla de contenidos
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
Host Intrusion Prevention combines the use of signature rules and hard-coded behavioral rules.
This hybrid method detects most known attacks as well as previously unknown or zero-day
attacks.
Events
IPS events are generated when a client recognizes a violation of a signature or behavioral rule.
Events are logged in the Events tab of the IPS Rules tab under Reporting. Administrators can
view and monitor these events to analyze system rule violations. They can then adjust event
reactions or create exceptions or trusted application rules to reduce the number of events and
fine-tune the protection settings.
Reactions
A reaction is what a client does when it recognizes a signature of a specific severity.
A client reacts in one of three ways:
• Ignore — No reaction; the event is not logged and the operation is not prevented.
• Log — The event is logged but the operation is not prevented.
• Prevent — The event is logged and the operation is prevented.
A security policy may state, for example, that when a client recognizes an Information level
signature, it logs the occurrence of that signature and allows the operation to occur; and when
it recognizes a High level signature, it prevents the operation.
NOTE: Logging can be enabled directly on each signature.
Exception rules
An exception is a rule for overriding blocked activity. In some cases, behavior that a signature
defines as an attack may be part of a user’s normal work routine or an activity that is legal for
a protected application. To override the signature, you can create an
exception
that allows
legitimate activity. For example, an exception might state that for a particular client, an operation
is ignored.
You can create these exceptions manually, or place clients in adaptive mode and allow them
to create client exception rules. To ensure that some signatures are never overridden, edit the
signature and disable the Allow Client Rules options. You can track the client exceptions in
the ePolicy Orchestrator console, viewing them in a regular, filtered, and aggregated views.
Use these client rules to create new policies or add them to existing policies that you can apply
to other clients.
Host Intrusion Prevention clients contain a set of IPS signature rules that determine whether
activity on the client computer is benign or malicious. When malicious activity is detected, alerts
known as events are sent to the ePO server and appear in the Host IPS tab under Reporting.
The protection level set for signatures in the IPS Protection policy determines which action a
client takes when an event occurs. Reactions include ignore, log, or prevent the activity.
Events from legitimate activity that are false positives can be overridden by creating an exception
to the signature rule or by qualifying applications as trusted. Clients in adaptive mode
automatically create exceptions, called client rules. Administrators can manually create exceptions
at any time.
Monitoring events and client exception rules helps determine how to tune the deployment for
the most effective IPS protection.
Configuring IPS Policies
Overview of IPS policies
McAfee Host Intrusion Prevention 7.0 Product Guide for use with ePolicy Orchestrator 4.026
- Product Guide 1
- Basic protection 8
- Advanced protection 8
- IPS policies 8
- Firewall policies 8
- Policy management 9
- Policy tracking and tuning 10
- Preset protection 11
- Adaptive and learn mode 11
- Dashboards and queries 12
- Managing Your Protection 13
- Management of policies 16
- Where to find policies 17
- Configuring polices 18
- Automatic tuning with clients 19
- Management of systems 20
- Host IPS server tasks 21
- Host IPS protection updates 22
- Checking in update packages 23
- Updating clients with content 23
- Configuring IPS Policies 24
- Behavioral rules 25
- Reactions 26
- Exception rules 26
- Working with IPS signatures 30
- Creating signatures 33
- Creating exception rules 39
- Working with IPS events 40
- Managing IPS events 41
- Managing IPS client rules 43
- Configuring Firewall Policies 45
- Stateful packet filtering 46
- Stateful packet inspection 46
- State table 47
- State table functionality 47
- How firewall rules work 47
- How stateful filtering works 48
- Stateful protocol tracking 49
- Overview of Firewall policies 51
- Firewall client rules 55
- Quarantine policies and rules 55
- 4 Click Save to save changes 60
- Creating firewall rule groups 61
- Configuring General Policies 76
- Unlocking the Windows client 78
- Working with Host Intrusion 81
- Prevention Clients 81
- Creating 85
- System tray icon 86
- Setting client UI options 87
- Client error reporting 88
- Windows client alerts 90
- Responding to Firewall alerts 91
- About the IPS Policy tab 93
- About the Firewall Policy tab 94
- About the Blocked Hosts tab 96
- About the Activity Log tab 98
- Solaris client issues 100
- Client installation issues 100
- Client operations issues 100
- Stopping the Solaris client 101
- Overview of the Linux client 102
- Notes about the Linux client 103
- Linux client issues 103
- Stopping the Linux client 105
- Restarting the Linux client 105
- (continued) 107
Relacionado con productos y manuales para Software McAfee UTILITIES 4.0
Software McAfee QUICKCLEAN 3.0 Guía de usuario
(41 paginas)
(41 paginas)
Software McAfee UNINSTALLER 6.0 Guía de usuario
(99 paginas)
(99 paginas)
Software McAfee QUICKCLEAN 1.0 Guía de instalación
(29 paginas)
(29 paginas)
Software McAfee ENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE Especificaciones
(120 paginas)
(120 paginas)
Software McAfee QUICKCLEAN 1.0 Guía de usuario
(41 paginas)
(41 paginas)
Software McAfee UTILITIES 4.0 Manual de usuario
(11 paginas)
(11 paginas)
Software McAfee QUICKCLEAN 1.0 Manual de usuario
(22 paginas)
(22 paginas)
Software McAfee GUARD DOG 2 Guía de usuario
(128 paginas)
(128 paginas)
© 2020, manymanuals.es. Todos los derechos reservados | 0.027 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales