Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee

More documents

Recommendations

Info

Working with Host Intrusion Prevention Clients Overview of the Windows client About the Activity Log tab Use the Activity Log tab to configure the logging feature and track Host Intrusion Prevention actions. The Activity Log contains a running log of activity. Most recent activity appears at the bottom of the list. Column Time Event Source What it shows The date and time of the Host Intrusion Prevention action. The feature that performed the action. • Traffic indicates a firewall action. • Application indicates an application blocking action. • Intrusion indicates an IPS action. • System indicates an event relating to the software"s internal components. • Service indicates an event relating to the software"s service or drivers. The remote address that this communication was either sent to, or sent from. Intrusion Data NOTE: This column only appears if you select Create Sniffer Capture... in the McAfee Host Intrusion Prevention Options dialog box. An icon indicating that Host Intrusion Prevention saved the packet data associated with this attack. (This icon only appears for IPS log entries.) You can export the packet data associated with this log entry. Right-click the log entry to save the data to a Sniffer file. Application Message The program that caused the action. A description of the action, with as much detail as possible. You can clear the list either by deleting the log contents or saving it to a .txt file. To... Permanently delete the contents of the log Save the contents of the log and delete the list from the tab Do this... Click Clear. Click Save. In the Save Log File To dialog box that appears, name and save the .txt file. Customizing Activity Log options Use this task to customise activity log opions. Task 1 In the Host IPS client console, click the Activity Log tab. 2 Select or deselect an option as needed. Select... Traffic Logging - Log All Blocked Traffic Logging - Log All Allowed Filter Options - Traffic To do this... Log all blocked firewall traffic. Log all allowed firewall traffic. Filter the data to display blocked and allowed firewall traffic. 98 McAfee Host Intrusion Prevention 7.0 Product Guide for use with ePolicy Orchestrator 4.0
Working with Host Intrusion Prevention Clients Overview of the Solaris client Select... Filter Options - Applications Filter Options - Intrusions To do this... Filter the data to display events caused by applications. Filter the data to display intrusions. NOTE: You can enable and disable logging for the firewall traffic, but not for the IPS or application blocking features. However, you can choose to hide these events in the log by filtering them out. Overview of the Solaris client The Host Intrusion Prevention Solaris client identifies and prevents potentially harmful attempts to compromise a Solaris server’s files and applications. It protects the server’s operating system along with Apache and Sun web servers, with an emphasis on preventing buffer overflow attacks. Policy enforcement with the Solaris client Not all policies that protect a Windows client are available for the Solaris client. In brief, Host Intrusion Prevention protects the host server from harmful attacks but does not offer firewall protection. The valid policies are listed here. With this policy... These options are available... HIP 7.0 GENERAL: Client UI Trusted Networks Trusted Applications None except admin or time-based password to allow use of the troubleshooting tool. None Only Mark as trusted for IPS and New Process Name to add trusted applications. HIP 7.0 IPS: IPS Options • Enable HIPS • Enable Adaptive Mode • Retain existing Client Rules IPS Protection All IPS Rules • Exception Rules • Signatures (default and custom HIPS rules only) Note: NIPS signatures and Application Protection Rules are not available. IPS Events IPS Client Rules Search IPS Exception Rules HIP7.0 FIREWALL HIP 7.0 APPLICATION BLOCKING All All All None None McAfee Host Intrusion Prevention 7.0 Product Guide for use with ePolicy Orchestrator 4.0 99
Page 1 and 2:
McAfee Host Intrusion Prevention 7.
Page 3 and 4:
Contents Introducing Host Intrusion
Page 5 and 6:
Contents Creating firewall rule gro
Page 7 and 8:
Introducing Host Intrusion Preventi
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Managing Your Protection Management
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Configuring IPS Policies Overview o
Page 27 and 28:
Configuring IPS Policies Working wi
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
Page 41 and 42:
Page 43 and 44:
Page 45 and 46:
Configuring Firewall Policies The F
Page 47 and 48: Configuring Firewall Policies Overv
Page 57 and 58: Configuring Firewall Policies Worki
Page 69 and 70: Configuring Application Blocking Po
Page 77 and 78: Configuring General Policies Workin
Page 87 and 88: Working with Host Intrusion Prevent
Page 97: Working with Host Intrusion Prevent
Page 107 and 108: Index clients (continued) updating
Page 109 and 110: Index McAfee Default policy (contin
Page 111 and 112: Index T troubleshooting, Host IPS C
show all

Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee

Create successful ePaper yourself

Delete template?

Save as template?