McAfee UTILITIES 4.0 Guide de l'utilisateur Page 31
- Page / 112
- Table des matières
- MARQUE LIVRES
Noté. / 5. Basé sur avis des utilisateurs
• Low — Signatures that are behavioral in nature and shield applications. Shielding means
locking down application and system resources so that they cannot be changed. Preventing
these signatures increases the security of the underlying system, but requires additional
fine-tuning.
• Information — Indicates a modification to the system configuration that might create a
benign security risk or an attempt to access sensitive system information. Events at this
level occur during normal system activity and generally are not evidence of an attack.
Types of signatures
The IPS Rules policy can contain three types of signatures:
• Host signatures — Default host intrusion prevention signatures.
• Custom host signatures — Custom host intrusion prevention signatures that you create.
• Network signatures — Default network intrusion prevention signatures.
Default host IP signatures
Host-based intrusion prevention signatures detect and prevent system operations activity attacks,
and includes File, Registry, Service, and HTTP rules. They are developed by the Host Intrusion
Prevention security experts and are delivered with the product and with content updates.
Each signature has a description and a default severity level. With appropriate privilege levels,
an administrator can modify the severity level of a signature.
When triggered, host-based signatures generate an IPS event that appears in the Events tab
of the Host IPS tab under Reporting.
Custom host IP signatures
Custom signatures are host-based signatures that you can create for protection beyond the
default protection. For example, when you create a new folder with important files, you can
create a custom signature to protect it.
NOTE: You cannot create network-based custom signatures.
Network IP signatures
Network-based intrusion prevention signatures detect and prevent known network-based attacks
that arrive on the host system. They appear in the same list of signatures as the host-based
signatures.
Each signature has a description and a default severity level. With appropriate privilege levels,
an administrator can modify the severity level of a signature.
You can create exceptions for network-based signatures; however, you cannot specify any
additional parameter attributes such as operating system user or process name. Advanced
details contain network-specific parameters, for example IP addresses, which you can specify.
Events generated by network-based signatures are displayed along with the host-based events
in the Events tab and exhibit the same behavior as host-based events.
To work with signatures, click the Signatures tab in the IPS Rules policy.
Tasks
Configuring IPS Rules signatures
Creating signatures
Creating signatures using the wizard
Configuring IPS Policies
Working with IPS Rules policies
31McAfee Host Intrusion Prevention 7.0 Product Guide for use with ePolicy Orchestrator 4.0
- Product Guide 1
- Basic protection 8
- Advanced protection 8
- IPS policies 8
- Firewall policies 8
- Policy management 9
- Policy tracking and tuning 10
- Preset protection 11
- Adaptive and learn mode 11
- Dashboards and queries 12
- Managing Your Protection 13
- Management of policies 16
- Where to find policies 17
- Configuring polices 18
- Automatic tuning with clients 19
- Management of systems 20
- Host IPS server tasks 21
- Host IPS protection updates 22
- Checking in update packages 23
- Updating clients with content 23
- Configuring IPS Policies 24
- Behavioral rules 25
- Reactions 26
- Exception rules 26
- Working with IPS signatures 30
- Creating signatures 33
- Creating exception rules 39
- Working with IPS events 40
- Managing IPS events 41
- Managing IPS client rules 43
- Configuring Firewall Policies 45
- Stateful packet filtering 46
- Stateful packet inspection 46
- State table 47
- State table functionality 47
- How firewall rules work 47
- How stateful filtering works 48
- Stateful protocol tracking 49
- Overview of Firewall policies 51
- Firewall client rules 55
- Quarantine policies and rules 55
- 4 Click Save to save changes 60
- Creating firewall rule groups 61
- Configuring General Policies 76
- Unlocking the Windows client 78
- Working with Host Intrusion 81
- Prevention Clients 81
- Creating 85
- System tray icon 86
- Setting client UI options 87
- Client error reporting 88
- Windows client alerts 90
- Responding to Firewall alerts 91
- About the IPS Policy tab 93
- About the Firewall Policy tab 94
- About the Blocked Hosts tab 96
- About the Activity Log tab 98
- Solaris client issues 100
- Client installation issues 100
- Client operations issues 100
- Stopping the Solaris client 101
- Overview of the Linux client 102
- Notes about the Linux client 103
- Linux client issues 103
- Stopping the Linux client 105
- Restarting the Linux client 105
- (continued) 107
Produits connexes et manuels pour Logiciel McAfee UTILITIES 4.0
(13 pages)© 2020, manymanuals.fr. Tous droits réservés | 0.060 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commentaires sur ces manuels