Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Configuring Firewall Policies<br />
Overview of Firewall policies<br />
network architecture is built on the seven-layer Open System Interconnection (OSI) model,<br />
where each layer handles specific network protocols.<br />
Figure 16: Network layers and protocols<br />
The firewall in <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> provides both stateful packet filtering and stateful<br />
packet inspection.<br />
NOTE: When using IPv6, stateful functionality is only supported on Vista.<br />
Stateful packet filtering<br />
Stateful packet filtering is the stateful tracking of TCP/UDP/ICMP protocol in<strong>for</strong>mation at Transport<br />
Layer 4 and lower of the OSI network stack. Each packet is examined and if the inspected<br />
packet matches an existing firewall allow rule, the packet is allowed and an entry is made in a<br />
state table. The state table dynamically tracks connections previously matched against a static<br />
rule set, and reflects the current connection state of the TCP/UDP/ICMP protocols. If an inspected<br />
packet matches an existing entry in the state table, the packet is allowed without further scrutiny.<br />
When a connection is closed or times out, its entry is removed from the state table.<br />
Stateful packet inspection<br />
Stateful packet inspection is the process of stateful packet filtering and tracking commands at<br />
Application Layer 7 of the network stack. This combination offers a strong definition of the<br />
46<br />
<strong>McAfee</strong> <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> 7.0 <strong>Product</strong> <strong>Guide</strong> <strong>for</strong> use with ePolicy Orchestrator <strong>4.0</strong>