Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Managing Your Protection<br />
Management of policies<br />
To...<br />
Delete a policy<br />
Assign a policy owner<br />
Export a policy<br />
Export all policies<br />
Import policies<br />
Do this...<br />
Click Delete (not available <strong>for</strong> default or preconfigured policies).<br />
NOTE: When you delete a policy, all groups to which it is currently applied<br />
inherit the policy of this category from their parent. Be<strong>for</strong>e deleting a policy,<br />
look at all of the nodes to which it is assigned, and assign a different policy<br />
if you don’t want the policy to inherit from the parent. If you delete a policy<br />
that is applied at the top level, the default policy of this category is applied.<br />
Click the owner of the policy and select another owner from a list (not available<br />
<strong>for</strong> default or preconfigured policies).<br />
Click Export, then name and save the policy (an XML file) to the desired<br />
location.<br />
Click Export all policies, then name and save the policy XML file to the<br />
desired location.<br />
Click Import at the top of the Policy Catalog page, select the policy XML file,<br />
then click OK.<br />
For details on any of these features, refer to the ePolicy Orchestrator <strong>4.0</strong> documentation.<br />
Configuring polices<br />
After you install the <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> software, <strong>McAfee</strong> recommends that you configure<br />
policies to provide the greatest amount of security while not conflicting with day-to-day activities.<br />
The default policies in <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> fit the broadest set of customer environments<br />
and may meet your needs. To tune policies to fit your particular setting, we recommend the<br />
following:<br />
• Carefully define your <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> security configuration. Evaluate who is<br />
responsible <strong>for</strong> configuring particular parts of the system and grant them appropriate<br />
permissions.<br />
• Change the default IPS Protection or Firewall Rules policies, which provide increasing levels<br />
of preset protection.<br />
• Modify severity levels of specific signatures. For example, when a signature is triggered by<br />
day-to-day work of users, adjust the severity level to a lower level.<br />
• Configure dashboards <strong>for</strong> a quick overview of compliance and issues.<br />
• Configure notifications to alert specific individuals when particular events occur. For example,<br />
a notification can be sent when an activity that triggers a High severity event occurs on a<br />
particular server.<br />
Clients and planning your deployment<br />
<strong>Host</strong> IPS clients are the element that provide protection in a <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong><br />
deployment. Ideally, every system in a working environment is protected by client software.<br />
<strong>McAfee</strong> recommends a phased approach to deployment:<br />
• Determine your initial client rollout plan. Although you will deploy <strong>Host</strong> <strong>Intrusion</strong><br />
<strong>Prevention</strong> clients to every host (servers, desktops, and laptops) in your company, <strong>McAfee</strong><br />
recommends that you start by installing clients on a limited number of representative systems<br />
and tuning their configuration. After you have fine-tuned the deployment, you can then<br />
deploy more clients and leverage the policies, exceptions, and client rules created in the<br />
initial rollout.<br />
18<br />
<strong>McAfee</strong> <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> 7.0 <strong>Product</strong> <strong>Guide</strong> <strong>for</strong> use with ePolicy Orchestrator <strong>4.0</strong>