Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee

More documents

Recommendations

Info

Contents Unlocking the Windows client interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 Setting client UI options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 Client error reporting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 Troubleshooting the Windows client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 Windows client alerts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 About the IPS Policy tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 About the Firewall Policy tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 About the Application Policy tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 About the Blocked Hosts tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 Editing the Blocked Hosts list. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 About the Application Protection tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 About the Activity Log tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 Overview of the Solaris client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 Policy enforcement with the Solaris client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 Solaris client issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 Client installation issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 Client operations issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 Verifying Solaris installation files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 Overview of the Linux client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 Policy enforcement with the Linux client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 Notes about the Linux client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 Linux client issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 Verifying Linux installation files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 Verifying the Linux client is running. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 Troubleshooting the Linux client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 6 McAfee Host Intrusion Prevention 7.0 Product Guide for use with ePolicy Orchestrator 4.0
Introducing Host Intrusion Prevention 7.0 McAfee Host Intrusion Prevention is a host-based intrusion detection and prevention system that protects system resources and applications from external and internal attacks. It delivers a manageable and scalable intrusion prevention solution for workstations, notebooks, and critical servers, including web and database servers. It proactively blocks zero-day and known attacks with patented technology. Host Intrusion Prevention protects against unauthorized viewing, copying, modifying, and deleting of information and the compromising of system and network resources and applications that store and deliver information. It accomplishes this through a combination of behavioral rules, host and network signatures, and a system firewall to block attacks and reduce the urgency of patches for new threats. As soon as Host Intrusion Prevention is installed, you are protected. The default settings allow for a rapid, large-scale deployment. For greater protection, you can apply stricter preset or custom policies. Host Intrusion Prevention is fully integrated with ePolicy Orchestrator and uses the ePolicy Orchestrator framework for delivering and enforcing policies. This approach provides a single management solution that allows for mass deployment — up to 100,000 systems — in multiple languages across an entire enterprise for true global coverage. Host Intrusion Prevention functionality is divided into IPS, Firewall, Application Blocking, and General features to provide greater control in delivering protection to users. Contents Host Intrusion Prevention protection Types of Host Intrusion Prevention policies Policy management Policy tracking and tuning Host Intrusion Prevention protection As soon as the Host Intrusion Prevention client is installed, intrusion prevention protection is in effect. Communication with the ePO server is required for monitoring and policy and content updates. ePolicy Orchestrator communicates policy information to Host Intrusion Prevention clients on a regular interval through the ePolicy Orchestrator agent. Host Intrusion Prevention clients enforce the policies, collect event information, and transmit the information back to ePolicy Orchestrator. Client-side management is available through a client console for Windows clients and a troubleshooting utility for non-Windows clients, where you monitor and change protection, including turning features on and off, manually creating client rules, and viewing logs. McAfee Host Intrusion Prevention 7.0 Product Guide for use with ePolicy Orchestrator 4.0 7
Page 1 and 2: McAfee Host Intrusion Prevention 7.
Page 3 and 4: Contents Introducing Host Intrusion
Page 5: Contents Creating firewall rule gro
Page 9 and 10: Introducing Host Intrusion Preventi
Page 11 and 12: Introducing Host Intrusion Preventi
Page 13 and 14: Managing Your Protection Management
Page 25 and 26: Configuring IPS Policies Overview o
Page 27 and 28: Configuring IPS Policies Working wi
Page 45 and 46: Configuring Firewall Policies The F
Page 47 and 48: Configuring Firewall Policies Overv
Page 57 and 58:
Configuring Firewall Policies Worki
Page 59 and 60:
Page 61 and 62:
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Configuring Application Blocking Po
Page 71 and 72:
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
Configuring General Policies Workin
Page 79 and 80:
Page 81 and 82:
Page 83 and 84:
Page 85 and 86:
Page 87 and 88:
Working with Host Intrusion Prevent
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Index clients (continued) updating
Page 109 and 110:
Index McAfee Default policy (contin
Page 111 and 112:
Index T troubleshooting, Host IPS C
show all

Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee

Create successful ePaper yourself

Delete template?

Save as template?