McAfee EPOLICY ORCHESTRATOR 4.0.2 - Guide de l'utilisateur Page 191
- Page / 228
- Table des matières
- MARQUE LIVRES
Noté. / 5. Basé sur avis des utilisateurs
• The sensor implements aging on the MAC filter. After a specified time, MAC addresses for
systems that have already been detected are removed from the filter, causing those systems
to be re-detected and reported to the server. This process ensures that you receive accurate
and current information about detected systems.
Data gathering and communications to the server
Once the sensor detects a system on the local network, it gathers information about that system
from the data contained in the network packet. This information includes:
• DNS name.
• Operating system version.
• NetBIOS information (domain membership, system name, and the list of currently logged-on
users).
All of the NetBIOS-related information gathered is subject to standard limitations of authorization
and other limitations, as documented in the Microsoft management API.
The sensor packages the gathered information into an XML message, then sends the message
via secure HTTPS to the ePolicy Orchestrator server for processing. The server then uses the
ePolicy Orchestrator data to determine whether the system is a rogue system.
Bandwidth use and sensor configuration
To save bandwidth in large deployments, you can configure how often the sensor sends detection
messages to the server. You can configure the sensor to cache detection events for a given
time period, such as one hour, then to send a single message containing all the events from
that time period. For more information, see
Configuring Rogue System Detection policy settings
.
Systems that host sensors
Install sensors on systems that are likely to remain on and connected to the network at all
times, such as servers. If you don’t have a server running in a given broadcast segment, install
sensors on several workstations to ensure that at least one sensor is connected to the network
at all times.
TIP: To guarantee that your Rogue System Detection coverage is complete, you must install
at least one sensor in each broadcast segment of your network. Installing more than one sensor
in a broadcast segment does not create issues around duplicate messages because the server
filters any duplicates. However, additional active sensors in each subnet results in traffic sent
from each sensor to the server. While maintaining as many as five or ten sensors in a broadcast
segment should not cause any bandwidth issues, you should not maintain more sensors in a
broadcast segment than is necessary to guarantee coverage.
DHCP servers
If you use DHCP servers in your network, you can install sensors on them. Sensors installed on
DHCP servers (or spanned ports on DHCP servers) report on all subnets connected to it by
listening for DHCP responses. Using sensors on DHCP servers reduces the number of sensors
you need to install and manage on your network to ensure coverage, but it does not eliminate
the need to install sensors to systems that use static IP address.
TIP: Installing sensors on DHCP servers can improve coverage of your network. However, it is
still necessary to install sensors in broadcast segments that use static IP address, or that have
Detecting Rogue Systems
How the Rogue System Sensor works
191McAfee ePolicy Orchestrator 4.0.2 Product Guide
- Product Guide 1
- Contents 3
- The ePO server 13
- Using this guide 14
- Audience 15
- How permission sets work 17
- Contacts 18
- The Audit Log 20
- The Event Log 20
- MyAVERT Security Threats 22
- Working with user accounts 23
- Working with permission sets 24
- Duplicating permission sets 25
- Working with contacts 26
- Working with server settings 27
- Specifying an email server 28
- Viewing the Server Task Log 30
- Filtering the Server Task Log 30
- Working with the Audit Log 31
- Purging the Audit Log 32
- Working with the Event Log 33
- Viewing threat notifications 35
- Deleting threat notifications 35
- The System Tree 39
- Administrator access 40
- Subnets and IP address ranges 41
- Tags and how they work 42
- Systems and structure 44
- Systems only 44
- Criteria-based sorting 45
- How settings affect sorting 46
- IP address sorting criteria 46
- Tag-based sorting criteria 47
- Group order and sorting 47
- Catch-all groups 47
- Working with tags 48
- Creating groups manually 52
- GroupA\system1 54
- GroupA\system2 54
- GroupA\system3 54
- GroupA\system4 54
- Sorting systems manually 56
- Agents and SuperAgents 65
- Agent-server communication 66
- /P command-line option 67
- Agent activity logs 69
- Agent policy settings 69
- Security Keys 71
- Methods of agent distribution 72
- Distributing agents 73
- Installing the agent manually 77
- C:\TEMP 78
- Upgrading existing agents 79
- Removing the agent 81
- Maintaining the agent 82
- Running an update manually 86
- Updating policies 87
- Enforcing policies 87
- Viewing agent settings 87
- Working with security keys 88
- Deleting ASSC keys 91
- Backing up all security keys 93
- Agent command-line options 94
- Creating Repositories 100
- Creating source sites 104
- Extensions and what they do 114
- Policy management 115
- Policy application 116
- Client tasks and what they do 117
- Viewing policy information 118
- Viewing policy ownership 119
- Sales Europe) 122
- Working with policies 123
- Exporting a single policy 124
- Importing policies 125
- Working with client tasks 128
- Editing client tasks 129
- Deleting client tasks 129
- Frequently asked questions 130
- Product and update deployment 133
- Deployment tasks 134
- Update tasks 134
- Global updating 135
- Pull tasks 136
- Replication tasks 137
- Repository selection 137
- Checking in packages manually 138
- Running a Pull Now task 144
- Running a Replicate Now task 146
- Sending Notifications 152
- Throttling and aggregation 153
- Planning 155
- Setting up ePO Notifications 157
- Working with SNMP servers 158
- Duplicating SNMP servers 159
- Editing SNMP servers 159
- Deleting an SNMP server 159
- Importing .MIB files 159
- Adding registered executables 160
- Editing external commands 162
- Deleting external commands 162
- Describing the rule 163
- Setting filters for the rule 164
- Purging the Notifications Log 167
- Product and component list 168
- Querying the Database 170
- Public and personal queries 171
- Query permissions 171
- Query Builder 172
- Multi-server roll-up querying 173
- Registering ePO servers 174
- Working with queries 175
- Running an existing query 176
- Running a query on a schedule 176
- Duplicating queries 178
- Importing queries 179
- Dashboards and how they work 184
- Working with Dashboards 186
- Making a dashboard public 187
- Detecting Rogue Systems 189
- Systems that host sensors 191
- Rogue System Detection states 192
- Overall system status 193
- Rogue System Sensor status 194
- Rogue Sensor Blacklist 195
- Distributing 198
- Detection 199
- Editing sensor settings 200
- Detection events 201
- Working with detected systems 202
- Editing system comments 203
- Exporting the Exceptions list 203
- Merging detected systems 204
- Working with sensors 206
- Installing sensors 207
- Editing sensor descriptions 208
- Removing sensors 209
- Working with subnets 210
- Ignoring subnets 211
- Including subnets 211
- Renaming subnets 211
- Dashboards 213
- -UpdOptiStats 15 215
- Backing up an MSDE database 216
- C:\PROGRAM FILES\MCAFEE\EPO 218
- (continued) 219
Produits connexes et manuels pour Logiciel McAfee EPOLICY ORCHESTRATOR 4.0.2 -
(19 pages)© 2020, manymanuals.fr. Tous droits réservés | 0.035 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commentaires sur ces manuels