Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Working with <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> Clients<br />
Overview of the Linux client<br />
• Set IPS Options to Off in the <strong>ePO</strong> console and apply the policy to the client.<br />
• Run the command: hipts engines MISC:off.<br />
2 Run the command: /etc/rc2.d/S99hip stop.<br />
Restarting the Solaris client<br />
You may need to stop a running client and restart it as part of troubleshooting.<br />
Task<br />
1 To restart a client, run the command: /etc/rc2.d/S99hip restart.<br />
2 Enable IPS protection. Use one of these procedures, depending on which you used to stop<br />
the client:<br />
• Set IPS Options to On in the <strong>ePO</strong> console and apply the policy to the client.<br />
• Run the command: hipts engines MISC:on.<br />
Overview of the Linux client<br />
The <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> Linux client identifies and prevents potentially harmful attempts<br />
to compromise a Linux server’s files and applications. It leverages the native SELinux protection<br />
mechanism, translating IPS policies into SELinux rules and SELinux events back to IPS events,<br />
and provides easy management from the <strong>ePO</strong> console.<br />
Policy en<strong>for</strong>cement with the Linux client<br />
Not all policies that protect a Windows client are available <strong>for</strong> the Linux client. In brief, <strong>Host</strong><br />
<strong>Intrusion</strong> <strong>Prevention</strong> protects the host server from harmful attacks but does not offer network<br />
intrusion protection, including buffer overflow. The policies that are valid are listed here.<br />
With this policy...<br />
These options are available...<br />
HIP 7.0 GENERAL:<br />
Client UI<br />
Trusted Networks<br />
Trusted Applications<br />
None except admin or time-based password to allow use of the<br />
troubleshooting tool.<br />
None<br />
Only Mark as trusted <strong>for</strong> IPS and New Process Name to add trusted<br />
applications.<br />
HIP 7.0 IPS:<br />
IPS Options • Enable HIPS<br />
• Enable Adaptive Mode<br />
• Retain existing Client Rules<br />
IPS Protection<br />
All<br />
IPS Rules • Exception Rules<br />
• Signatures (default and custom HIPS rules only)<br />
Note: NIPS signatures and Application Protection Rules are not<br />
available.<br />
IPS Events<br />
All<br />
102<br />
<strong>McAfee</strong> <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> 7.0 <strong>Product</strong> <strong>Guide</strong> <strong>for</strong> use with ePolicy Orchestrator <strong>4.0</strong>