Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Configuring Firewall Policies<br />
Working with Firewall Rules policies<br />
• Allows Windows file sharing requests from computers in the same subnet, and blocks file<br />
sharing requests from anyone else. (The Trusted Networks policy must have Include Local<br />
Subnet Automatically selected.)<br />
• Allows you to browse Windows domains, workgroups, and computers.<br />
• Allows all high incoming and outgoing UDP traffic.<br />
• Allows traffic that uses BOOTP, DNS, and Net Time UDP ports.<br />
Learning Starter<br />
• Blocks incoming ICMP traffic that an attacker could use to gather in<strong>for</strong>mation about your<br />
computer. <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> allows all other ICMP traffic.<br />
• Allows Windows file sharing requests from computers in the same subnet, and blocks file<br />
sharing requests from anyone else. (The Trusted Networks policy must have Include Local<br />
Subnet Automatically selected.)<br />
• Allows you to browse Windows domains, workgroups, and computers.<br />
• Allows traffic that uses BOOTP, DNS, and Net Time UDP ports.<br />
Client High<br />
Use this protection level if you are under attack or at high risk of an attack. This protection level<br />
allows only minimal traffic in and out of your system.<br />
• Allows only ICMP traffic necessary <strong>for</strong> proper networking. This protection blocks both incoming<br />
and outgoing pings.<br />
• Allows only UDP traffic necessary <strong>for</strong> accessing IP in<strong>for</strong>mation (such as your own IP address<br />
or the network time).<br />
• Blocks Windows file sharing.<br />
Minimal (Default)<br />
• Blocks any incoming ICMP traffic that an attacker could use to gather in<strong>for</strong>mation about<br />
your computer. <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> allows all other ICMP traffic.<br />
• Allows Windows file sharing requests from computers in the same subnet, and blocks file<br />
sharing requests from anyone else. (The Trusted Networks policy must have Include Local<br />
Subnet Automatically selected.)<br />
• Allows you to browse Windows domains, workgroups, and computers.<br />
• Allows all high incoming and outgoing UDP traffic.<br />
• Allows traffic that uses BOOTP, DNS, and Net Time UDP ports.<br />
Learning Starter<br />
• Blocks incoming ICMP traffic that an attacker could use to gather in<strong>for</strong>mation about your<br />
computer. <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> allows all other ICMP traffic.<br />
• Allows Windows file sharing requests from computers in the same subnet, and blocks file<br />
sharing requests from anyone else. (The Trusted Networks policy must have Include Local<br />
Subnet Automatically selected.)<br />
• Allows you to browse Windows domains, workgroups, and computers.<br />
• Allows traffic that uses BOOTP, DNS, and Net Time UDP ports.<br />
Client High<br />
Use this protection level if you are under attack or at high risk of an attack. This protection level<br />
allows only minimal traffic in and out of your system.<br />
• Allows only ICMP traffic necessary <strong>for</strong> proper networking. This protection blocks both incoming<br />
and outgoing pings.<br />
58<br />
<strong>McAfee</strong> <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> 7.0 <strong>Product</strong> <strong>Guide</strong> <strong>for</strong> use with ePolicy Orchestrator <strong>4.0</strong>