McAfee UTILITIES 4.0 Guía de usuario Pagina 50
- Pagina / 112
- Tabla de contenidos
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
Description of handlingProtocol
A UDP connection is added to the state table when a matching static rule is found and the action
from the rule is Allow. Generic UDP connections, which carry Application-Level protocols unknown
UDP
to the firewall, remain in the state table as long as the connection is not idle longer than the specified
timeout period.
Only ICMP Echo Request and Echo Reply message types are tracked.
NOTE: In contrast to the reliable, connection-oriented TCP protocol, UDP and ICMP are less reliable,
connectionless protocols. To secure these protocols, the firewall considers generic UDP and ICMP
ICMP
connections to be virtual connections, held only as long as the connection is not idle longer than
the timeout period specified for the connection. The timeout for virtual connections is set in the
Firewall Options policy.
TCP protocol works on the S3-way handshake. When a client computer initiates a new connection,
it sends a packet to its target with a SYN bit that is set, indicating a new connection. The target
TCP
responds by sending a packet to the client with a SYN-ACK bit set. The client responds then by
sending a packet with an ACK bit set and the stateful connection is established. All outgoing packets
are allowed, but only incoming packets that are part of the established connection are allowed. An
exception is when the firewall first queries the TCP protocol and adds all pre-existing connections
that match the static rules. Pre-existing connections without a matching static rule are blocked. The
TCP connection timeout, which is set in the Firewall Options policy, is enforced only when the
connection is not established. A second or forced TCP timeout applies to established TCP connections
only. This timeout is controlled by a registry setting and has a default value of one hour. Every four
minutes the firewall queries the TCP stack and discards connections that are not reported by TCP.
Query/response matching ensures DNS responses are only allowed to the local port that originated
the query and only from a remote IP address that has been queried within the UDP Virtual Connection
Timeout interval. Incoming DNS responses are allowed if:
DNS
• The connection in the state table has not expired.
• The response comes from the same remote IP address and port where the request was sent.
Query/response matching ensures that return packets are allowed only for legitimate queries, Thus
incoming DHCP responses are allowed if:
DHCP
• The connection in the state table has not expired.
• The response transaction ID matches the one from the request.
FTP • The firewall performs stateful packet inspection on TCP connections opened on port 21.
Inspection occurs only on the control channel, the first connection opened on this port.
• FTP inspection is performed only on the packets that carry new information. Retransmitted
packets are ignored.
• Dynamic rules are created depending on direction (client/server) and mode (active/passive):
• Dynamic rules are created depending on direction (client/server) and mode (active/passive):
• Client FTP Active Mode: the firewall creates a dynamic incoming rule after parsing the
incoming port command, provided the port command RFC 959 compliant. The rule is deleted
when the server initiates the data connection or the rule expires.
• Server FTP Active Mode: the firewall creates a dynamic outgoing rule after parsing the
incoming port command.
• Client FTP Passive Mode: the firewall creates a dynamic outgoing rule when it reads the
PASV command response sent by the FTP server, provided it has previously seen the PASV
command from the FTP client and the PASV command is RFC 959 compliant. The rule is
deleted when the client initiates the data connection or the rule expires.
• Server FTP Passive Mode: the firewall creates a dynamic incoming rule.
Rule groups and connection-aware groups
You can group rules for easier management. Normal rule groups do not affect the way Host
Intrusion Prevention handles the rules within them; they are still processed from top to bottom.
Configuring Firewall Policies
Overview of Firewall policies
McAfee Host Intrusion Prevention 7.0 Product Guide for use with ePolicy Orchestrator 4.050
- Product Guide 1
- Basic protection 8
- Advanced protection 8
- IPS policies 8
- Firewall policies 8
- Policy management 9
- Policy tracking and tuning 10
- Preset protection 11
- Adaptive and learn mode 11
- Dashboards and queries 12
- Managing Your Protection 13
- Management of policies 16
- Where to find policies 17
- Configuring polices 18
- Automatic tuning with clients 19
- Management of systems 20
- Host IPS server tasks 21
- Host IPS protection updates 22
- Checking in update packages 23
- Updating clients with content 23
- Configuring IPS Policies 24
- Behavioral rules 25
- Reactions 26
- Exception rules 26
- Working with IPS signatures 30
- Creating signatures 33
- Creating exception rules 39
- Working with IPS events 40
- Managing IPS events 41
- Managing IPS client rules 43
- Configuring Firewall Policies 45
- Stateful packet filtering 46
- Stateful packet inspection 46
- State table 47
- State table functionality 47
- How firewall rules work 47
- How stateful filtering works 48
- Stateful protocol tracking 49
- Overview of Firewall policies 51
- Firewall client rules 55
- Quarantine policies and rules 55
- 4 Click Save to save changes 60
- Creating firewall rule groups 61
- Configuring General Policies 76
- Unlocking the Windows client 78
- Working with Host Intrusion 81
- Prevention Clients 81
- Creating 85
- System tray icon 86
- Setting client UI options 87
- Client error reporting 88
- Windows client alerts 90
- Responding to Firewall alerts 91
- About the IPS Policy tab 93
- About the Firewall Policy tab 94
- About the Blocked Hosts tab 96
- About the Activity Log tab 98
- Solaris client issues 100
- Client installation issues 100
- Client operations issues 100
- Stopping the Solaris client 101
- Overview of the Linux client 102
- Notes about the Linux client 103
- Linux client issues 103
- Stopping the Linux client 105
- Restarting the Linux client 105
- (continued) 107
Relacionado con productos y manuales para Software McAfee UTILITIES 4.0
Software McAfee QUICKCLEAN 3.0 Guía de usuario
(41 paginas)
(41 paginas)
Software McAfee UNINSTALLER 6.0 Guía de usuario
(99 paginas)
(99 paginas)
Software McAfee QUICKCLEAN 1.0 Guía de instalación
(29 paginas)
(29 paginas)
Software McAfee ENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE Especificaciones
(120 paginas)
(120 paginas)
Software McAfee QUICKCLEAN 1.0 Guía de usuario
(41 paginas)
(41 paginas)
Software McAfee UTILITIES 4.0 Manual de usuario
(11 paginas)
(11 paginas)
Software McAfee QUICKCLEAN 1.0 Manual de usuario
(22 paginas)
(22 paginas)
Software McAfee GUARD DOG 2 Guía de usuario
(128 paginas)
(128 paginas)
© 2020, manymanuals.es. Todos los derechos reservados | 0.042 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales