search

McAfee GUARD DOG 2 Guía de instalación Pagina 15

  • Descarga
  • Añadir a mis manuales
  • Imprimir
  • Pagina
    / 25
  • Tabla de contenidos
  • SOLUCIÓN DE PROBLEMAS
    •
  • MARCADORES
    • Valorado. / 5. Basado en revisión del cliente
Vista de pagina 14
11
McAfee
®
IntruShield
®
IPS System IntruShield Best Practices
Special Topics: Best Practices Initial tuning
1
Sensor actions
There are multiple sensor actions that are available for configuration per attack. These
include:
Dropping Further Packets: Only works in in-line mode. Will drop a detected attack
packet and all subsequent packets in the same flow.
Firewall Action: Sensor will communicate with a designated firewall to dynamically
configure ACL's. This feature works with a limited number of firewalls and is rarely
used in the field. Future software releases will add the implementation of ACL's to
sensor capabilities
.
Response management
When an IntruShield sensor detects activity to be in violation of a configured policy, a
preset response from the sensor is integral to the protection or prevention process.
Proper configuration of responses is crucial to maintaining effective protection. Critical
attacks like buffer overflows and DoS attacks require responses in real time, while
scans and probes can be logged and researched to determine compromise potential
and the source of the attack.
Developing a system of actions, alerts, and logs based on specific attacks or attack
parameters (such as severity) is recommended for effective network security. For
example, since IntruShield can be customized to protect any zone in a network,
knowing what needs to be protected can help to determine the response type. If
monitoring outside of the firewall in in-line mode, preventing DoS attacks and attacks
against the firewall is crucial. Most other suspicious traffic intended for the internal
network, including scans and low-impact well-known exploits, are best logged and
analyzed as the impact is not immediate and a better understanding of the potential
attack purpose can be determined. Thus, if you are monitoring outside of a firewall in
in-line mode, it is important to not set the policies and responses so fine that they
disrupt the flow of traffic and slow down the system; rather, prevent the crippling traffic
from disrupting your network.
Remember that response actions are decoupled from alerting. Pay particular attention
to this with the Recommended For Blocking (RFB) category of attacks, lest you enable
blocking for an attack, but disable alerting, causing the attack to be blocked without your
knowledge. (Unless that is your goal.)
Note
See Chapter 7 of the Manager Administrator’s Guide for more details on sensor
actions.
Vista de pagina 14
1 2 ... 10 11 12 13 14 15 16 17 18 19 20 ... 24 25

Comentarios a estos manuales

Sin comentarios
Relacionado con productos y manuales para No McAfee GUARD DOG 2
No McAfee M3050 - Network Security Platform Guía de instalación   (44 paginas)
No McAfee VIRUSSCAN ENTERPRISE 8.7I PATCH 2 - S 31-08-2009 Manual de usuario   (13 paginas)
No McAfee GOLD - SUPPORT Manual de usuario   (38 paginas)
No McAfee VIRUSSCAN 5.1 Información técnica   (8 paginas)
  • Master Bilt Ceriatone Camry Etec Borri
  • Panasonic Piezas de juguetes Fisher Auriculares para móvil ICC Placas de cubierta de salida Hiteker Reproductores de dvd SIIG Tarjetas de interfaz / adaptadores
  • Halo RA5606930WHR Binatone HB-7330 Zebra ZD500 Gpx CC208S ASROCK X99 WS-E
  • Samsung SyncMaster TC240 Manual de usuario Samsung SM-A500F Manual de usuario Sony CPD-E100E Manual de usuario Toshiba SD-6980SY Manual de usuario