Deployment Guide
Page 12
... to perform forensic analysis on the alert to help you tune the Network Security Platform system, provide better responses to attacks, and otherwise shore up and running and reviewing the data generated by excluding certain Source and Destination IP address parameters.... 5 For more information on your team and to alerts. McAfee® Network Security Platform 6.0 Getting Started Viewing and working with data generated by severity (High, Medium, Low, and Informational). For example, you can configure Network Security Platform to send a page or an email notification, execute a ...
... to perform forensic analysis on the alert to help you tune the Network Security Platform system, provide better responses to attacks, and otherwise shore up and running and reviewing the data generated by excluding certain Source and Destination IP address parameters.... 5 For more information on your team and to alerts. McAfee® Network Security Platform 6.0 Getting Started Viewing and working with data generated by severity (High, Medium, Low, and Informational). For example, you can configure Network Security Platform to send a page or an email notification, execute a ...
IPS Configuration Guide
Page 44
... OK at the bottom of the following: Click the Enable Alert check box. You must click both logging responses. A review page displays your customizations. 36 However, all attacks marked as the Notifications area are multiple attacks with different severities, respectively,...the next step. 6 Click the Logging tab. 7 Select the Logging responses you want active for Attack Category: " table remain enabled. McAfee® Network Security Platform 5.1 Managing IPS settings 4 (Optional) Select the Severity for all response parameter descriptions. Note that the Response > Logging sub-tab as...
... OK at the bottom of the following: Click the Enable Alert check box. You must click both logging responses. A review page displays your customizations. 36 However, all attacks marked as the Notifications area are multiple attacks with different severities, respectively,...the next step. 6 Click the Logging tab. 7 Select the Logging responses you want active for Attack Category: " table remain enabled. McAfee® Network Security Platform 5.1 Managing IPS settings 4 (Optional) Select the Severity for all response parameter descriptions. Note that the Response > Logging sub-tab as...
IPS Configuration Guide
Page 45
...have created, do the following : 1 Select IPS Settings > Policies > IPS Policy Editor. 2 Select the policy for Attack Category window. Review Page Click Cancel to exit Bulk Editing without changes. 12 Click OK to confirm and save up to 30 versions of the policy. Deleting an... time. This is a user-configurable value, and can save your Bulk Edit changes. You can be changed using the ems.properties file. McAfee® Network Security Platform 5.1 Managing IPS settings Figure 36: Bulk Edit - To create a new version of the policy. Version Control helps you create a new policy...
...have created, do the following : 1 Select IPS Settings > Policies > IPS Policy Editor. 2 Select the policy for Attack Category window. Review Page Click Cancel to exit Bulk Editing without changes. 12 Click OK to confirm and save up to 30 versions of the policy. Deleting an... time. This is a user-configurable value, and can save your Bulk Edit changes. You can be changed using the ems.properties file. McAfee® Network Security Platform 5.1 Managing IPS settings Figure 36: Bulk Edit - To create a new version of the policy. Version Control helps you create a new policy...
IPS Configuration Guide
Page 46
...; Delete: Delete any two revisions to protect against, the types of automatic responses you can delete one of the policy. After reviewing, you modify revision #2 and save the changes, a new revision number is enabled after you attempt to the selected revision of the...action enables the use of the ultimate refining tool for each policy revision: Field Description Revision Indicates the revision number of the policy. McAfee® Network Security Platform 5.1 Managing IPS settings 1 Select IPS Settings > Policies > IPS Policy Editor. 2 Select a policy. 3 Click Version Control....
...; Delete: Delete any two revisions to protect against, the types of automatic responses you can delete one of the policy. After reviewing, you modify revision #2 and save the changes, a new revision number is enabled after you attempt to the selected revision of the...action enables the use of the ultimate refining tool for each policy revision: Field Description Revision Indicates the revision number of the policy. McAfee® Network Security Platform 5.1 Managing IPS settings 1 Select IPS Settings > Policies > IPS Policy Editor. 2 Select a policy. 3 Click Version Control....
IPS Configuration Guide
Page 122
... the IPS Quarantine/McAfee NAC sections as an IP CIDR or a specific IP address. Thus if the alert filter sorts the alert, the IPS quarantine action is part of the Configure Attack Detail page. Review the following to monitor traffic in IPS Policy Editor (on the Network Security Platform. IPS quarantine ACLs...IPS Quarantine 8 To list the attacks which prevents the alert from being raised for IPS Quarantine from an IPS quarantined host. McAfee® Network Security Platform 5.1 Managing IPS settings Figure 122: Configure Attack Detail page 7 Select the drop-down list.
... the IPS Quarantine/McAfee NAC sections as an IP CIDR or a specific IP address. Thus if the alert filter sorts the alert, the IPS quarantine action is part of the Configure Attack Detail page. Review the following to monitor traffic in IPS Policy Editor (on the Network Security Platform. IPS quarantine ACLs...IPS Quarantine 8 To list the attacks which prevents the alert from being raised for IPS Quarantine from an IPS quarantined host. McAfee® Network Security Platform 5.1 Managing IPS settings Figure 122: Configure Attack Detail page 7 Select the drop-down list.
IPS Configuration Guide
Page 238
... Edit. 3 Open a policy and make changes. 4 Click Commit Changes. 5 Click Version Control to track or review changes made to customize DoS policy for a sub-interface, see Setting policy for a sub-interface (on page 239). McAfee® Network Security Platform 5.1 The IPS Sensor_Name node Note: DoS policy cannot be customized to the VLAN/CIDR IDs within...
... Edit. 3 Open a policy and make changes. 4 Click Commit Changes. 5 Click Version Control to track or review changes made to customize DoS policy for a sub-interface, see Setting policy for a sub-interface (on page 239). McAfee® Network Security Platform 5.1 The IPS Sensor_Name node Note: DoS policy cannot be customized to the VLAN/CIDR IDs within...
Upgrade Guide
Page 3
... Manager license file requirement 24 Preparing for the upgrade 24 Backing up Network Security Platform data 25 Reviewing the Upgrade Considerations 25 Central Manager and OS upgrade 26 Approach 2: ...Reviewing the Upgrade Considerations 33 Backing up Network Security Platform data 35 MDR Manager upgrade 36 Manager and OS upgrade 37 Approach 2: Using a new hardware 38 Stand-alone Manager upgrade 39 Running additional scripts 40 5 Performing Signature Set and Sensor Software upgrade 43 Difference between an update and an upgrade 43 McAfee® Network Security Platform...
... Manager license file requirement 24 Preparing for the upgrade 24 Backing up Network Security Platform data 25 Reviewing the Upgrade Considerations 25 Central Manager and OS upgrade 26 Approach 2: ...Reviewing the Upgrade Considerations 33 Backing up Network Security Platform data 35 MDR Manager upgrade 36 Manager and OS upgrade 37 Approach 2: Using a new hardware 38 Stand-alone Manager upgrade 39 Running additional scripts 40 5 Performing Signature Set and Sensor Software upgrade 43 Difference between an update and an upgrade 43 McAfee® Network Security Platform...
Upgrade Guide
Page 4
TFTP server 46 Sensor Software and Signature Set Upgrade using Manager 6.0 46 Sensor software upgrade using a TFTP server 48 Updating Sensor software in a failover pair 50 6 Performing NTBA Appliance software upgrade 53 7 Information on downgrade 55 Index 57 4 McAfee® Network Security Platform 6.1 Upgrade Guide Contents Sensor upgrade requirements 43 Reviewing the upgrade considerations 44 Updating Sensor software image 44 Sensor software upgrade: Manager vs.
TFTP server 46 Sensor Software and Signature Set Upgrade using Manager 6.0 46 Sensor software upgrade using a TFTP server 48 Updating Sensor software in a failover pair 50 6 Performing NTBA Appliance software upgrade 53 7 Information on downgrade 55 Index 57 4 McAfee® Network Security Platform 6.1 Upgrade Guide Contents Sensor upgrade requirements 43 Reviewing the upgrade considerations 44 Updating Sensor software image 44 Sensor software upgrade: Manager vs.
Upgrade Guide
Page 10
...with yours to the upgraded 6.0 Manager. 2 Managing a Heterogeneous Environment When would you upgrade all your deployment. 10 McAfee® Network Security Platform 6.1 Upgrade Guide Similarly, the Central Manager must always be of the Managers or the Sensors happens in case of... and above. For example, a 6.0 Central Manager that are supported only across two successive major versions. So, in Network Security Platform. See also Reviewing the upgrade requirements on 5.1.x.x. Recall that you use of the same major version. • Heterogeneous Manager environment: At...
...with yours to the upgraded 6.0 Manager. 2 Managing a Heterogeneous Environment When would you upgrade all your deployment. 10 McAfee® Network Security Platform 6.1 Upgrade Guide Similarly, the Central Manager must always be of the Managers or the Sensors happens in case of... and above. For example, a 6.0 Central Manager that are supported only across two successive major versions. So, in Network Security Platform. See also Reviewing the upgrade requirements on 5.1.x.x. Recall that you use of the same major version. • Heterogeneous Manager environment: At...
Upgrade Guide
Page 23
... database capacity requirements. Minimum required Central Manager version To be of 6.0, also review the corresponding Release Notes. This section discusses the minimum hardware and software requirements that exceeds the minimum system requirements outlined below. McAfee® Network Security Platform 6.1 Upgrade Guide 23 Contents Reviewing the upgrade requirements Preparing for the upgrade Central Manager and OS upgrade...
... database capacity requirements. Minimum required Central Manager version To be of 6.0, also review the corresponding Release Notes. This section discusses the minimum hardware and software requirements that exceeds the minimum system requirements outlined below. McAfee® Network Security Platform 6.1 Upgrade Guide 23 Contents Reviewing the upgrade requirements Preparing for the upgrade Central Manager and OS upgrade...
Upgrade Guide
Page 25
... You can use alphanumeric characters including hyphens and underscores (for the upgrade 3 Backing up Network Security Platform data Before you upgrade, back up your tables and save any McAfee Custom Attacks (formerly UDS) that you have a very large number of alerts and packet ... Edition) 64-bit English and Japanese. The standalone tool opens. 3 Select All Tables as well. McAfee® Network Security Platform 6.1 Upgrade Guide 25 Reviewing the Upgrade Considerations Review this in a different location than the current Central Manager or Manager to upgrade the OS, then factor...
... You can use alphanumeric characters including hyphens and underscores (for the upgrade 3 Backing up Network Security Platform data Before you upgrade, back up your tables and save any McAfee Custom Attacks (formerly UDS) that you have a very large number of alerts and packet ... Edition) 64-bit English and Japanese. The standalone tool opens. 3 Select All Tables as well. McAfee® Network Security Platform 6.1 Upgrade Guide 25 Reviewing the Upgrade Considerations Review this in a different location than the current Central Manager or Manager to upgrade the OS, then factor...
Upgrade Guide
Page 27
...Reviewing the upgrade requirements. See Stand-alone Central Manager upgrade. 2 Post-upgrade, back up the 6.0 database of the existing one . If the IP is different, then the Managers cannot communicate with the new one . See the Installation Guide for Manager Disaster Recovery (MDR): McAfee® Network Security Platform... of the Central Manager server. Tasks • Approach 2: Using a new hardware on page 27 See also Backing up Network Security Platform data on page 25 Stand-alone Central Manager upgrade on page 28 Approach 2: Using a new hardware Important points regarding this...
...Reviewing the upgrade requirements. See Stand-alone Central Manager upgrade. 2 Post-upgrade, back up the 6.0 database of the existing one . If the IP is different, then the Managers cannot communicate with the new one . See the Installation Guide for Manager Disaster Recovery (MDR): McAfee® Network Security Platform... of the Central Manager server. Tasks • Approach 2: Using a new hardware on page 27 See also Backing up Network Security Platform data on page 25 Stand-alone Central Manager upgrade on page 28 Approach 2: Using a new hardware Important points regarding this...
Upgrade Guide
Page 28
...primary to 6.0. See Backing up in an MDR pair, then you should switch it from the McAfee Update Server. To upgrade a stand-alone Central Manager: 28 McAfee® Network Security Platform 6.1 Upgrade Guide 3 Upgrading the Central Manager Stand-alone Central Manager upgrade Task 1 Using the Switch.... The primary is especially important that you upgrade the Central Manager to standby mode before you are following the steps in Reviewing the Upgrade Considerations. • You have your 5.1 Central Manager data. See Downloading the Manager/Central Manager executable, Installation ...
...primary to 6.0. See Backing up in an MDR pair, then you should switch it from the McAfee Update Server. To upgrade a stand-alone Central Manager: 28 McAfee® Network Security Platform 6.1 Upgrade Guide 3 Upgrading the Central Manager Stand-alone Central Manager upgrade Task 1 Using the Switch.... The primary is especially important that you upgrade the Central Manager to standby mode before you are following the steps in Reviewing the Upgrade Considerations. • You have your 5.1 Central Manager data. See Downloading the Manager/Central Manager executable, Installation ...
Upgrade Guide
Page 29
... present already. 10 Log on page 30 McAfee® Network Security Platform 6.1 Upgrade Guide 29 See Upgrading the Signature Set for the Central Manager on page 30 See also Reviewing the upgrade requirements on page 23 Reviewing the Upgrade Considerations on page 25 Backing up . The reports are up Network Security Platform data on page 25 MDR Central Manager...
... present already. 10 Log on page 30 McAfee® Network Security Platform 6.1 Upgrade Guide 29 See Upgrading the Signature Set for the Central Manager on page 30 See also Reviewing the upgrade requirements on page 23 Reviewing the Upgrade Considerations on page 25 Backing up . The reports are up Network Security Platform data on page 25 MDR Central Manager...
Upgrade Guide
Page 31
... Configuration Guide for a successful ManagerManager upgrade. This section discusses the minimum and recommended hardware and software requirements that exceeds the minimum system requirements outlined below. McAfee® Network Security Platform 6.1 Upgrade Guide 31 Contents Reviewing the upgrade requirements Preparing for the upgrade MDR Manager upgrade Manager and OS upgrade Stand-alone Manager upgrade...
... Configuration Guide for a successful ManagerManager upgrade. This section discusses the minimum and recommended hardware and software requirements that exceeds the minimum system requirements outlined below. McAfee® Network Security Platform 6.1 Upgrade Guide 31 Contents Reviewing the upgrade requirements Preparing for the upgrade MDR Manager upgrade Manager and OS upgrade Stand-alone Manager upgrade...
Upgrade Guide
Page 33
Upgrading the Manager Preparing for the upgrade 4 Reviewing the Upgrade Considerations Review this in extended downtime for NAC. After you upgrade the Manager, you upgrade the Manager to 6.0 and push the configuration update to the Sensor. See ... needs to an OS upgrade are discussed in 5.1, does not enforce NAC when you need to upgrade the Sensor software to 6.0 as well during upgrade. McAfee® Network Security Platform 6.1 Upgrade Guide 33 Two approaches to be required. In case of 32-bit systems, a hardware upgrade may be a 64-bit system. If you plan...
Upgrading the Manager Preparing for the upgrade 4 Reviewing the Upgrade Considerations Review this in extended downtime for NAC. After you upgrade the Manager, you upgrade the Manager to 6.0 and push the configuration update to the Sensor. See ... needs to an OS upgrade are discussed in 5.1, does not enforce NAC when you need to upgrade the Sensor software to 6.0 as well during upgrade. McAfee® Network Security Platform 6.1 Upgrade Guide 33 Two approaches to be required. In case of 32-bit systems, a hardware upgrade may be a 64-bit system. If you plan...
Upgrade Guide
Page 34
.... The UDS Editor is critical that you review the latest version of the NAC Configuration Guide to understand the effects of these data, then disable the integration with a particular McAfee Custom Attack, you need to send at ...Follow the steps below: 34 McAfee® Network Security Platform 6.1 Upgrade Guide However, note that a direct upgrade of your NAC implementation. Notes regarding Network Security Platform extension on your 5.1 McAfee Custom Attacks (including the McAfee-supplied ones) and the current 6.0 McAfee signature set , McAfee Custom Attacks, or Snort Custom...
.... The UDS Editor is critical that you review the latest version of the NAC Configuration Guide to understand the effects of these data, then disable the integration with a particular McAfee Custom Attack, you need to send at ...Follow the steps below: 34 McAfee® Network Security Platform 6.1 Upgrade Guide However, note that a direct upgrade of your NAC implementation. Notes regarding Network Security Platform extension on your 5.1 McAfee Custom Attacks (including the McAfee-supplied ones) and the current 6.0 McAfee signature set , McAfee Custom Attacks, or Snort Custom...
Upgrade Guide
Page 38
... Task 1 Upgrade the existing Manager to 6.0. Tasks • Approach 2: Using a new hardware on page 38 See also Backing up Network Security Platform data on page 25 Stand-alone Central Manager upgrade on page 28 Stand-alone Manager upgrade on page 39 Approach 2: Using a new ...For information on the new machine. See also Reviewing the upgrade requirements on page 23 Stand-alone Manager upgrade on page 39 Performing a database backup on page 25 Manager license file requirement on page 32 38 McAfee® Network Security Platform 6.1 Upgrade Guide 4 Upgrading the Manager Manager and...
... Task 1 Upgrade the existing Manager to 6.0. Tasks • Approach 2: Using a new hardware on page 38 See also Backing up Network Security Platform data on page 25 Stand-alone Central Manager upgrade on page 28 Stand-alone Manager upgrade on page 39 Approach 2: Using a new ...For information on the new machine. See also Reviewing the upgrade requirements on page 23 Stand-alone Manager upgrade on page 39 Performing a database backup on page 25 Manager license file requirement on page 32 38 McAfee® Network Security Platform 6.1 Upgrade Guide 4 Upgrading the Manager Manager and...
Upgrade Guide
Page 39
... started. 4 Exit the Manager tray from the McAfee Update Server. To upgrade a stand-alone Manager: Task 1 Stop the Manager service. The system prompts you upgrade the Manager. • Your current Network Security Platform infrastructure meets all the requirements discussed in Reviewing the upgrade requirements. • You have reviewed and understood the implications of Java Runtime Environment...
... started. 4 Exit the Manager tray from the McAfee Update Server. To upgrade a stand-alone Manager: Task 1 Stop the Manager service. The system prompts you upgrade the Manager. • Your current Network Security Platform infrastructure meets all the requirements discussed in Reviewing the upgrade requirements. • You have reviewed and understood the implications of Java Runtime Environment...
Upgrade Guide
Page 40
...upgrade 11 Log on to do so. In this case, contact McAfee Technical Support with the details of the message. Tasks • Running additional scripts on page 40 See also Reviewing the upgrade requirements on page 31 Reviewing the Upgrade Considerations on page 33 Backing up . Run alertproc_offline_1.sql... select a relatively idle time to run the sql scripts soon after the Manager upgrade is displayed, stop proceeding further and contact McAfee Technical Support with the details of the message. 4 Shut down the Manager. 40 McAfee® Network Security Platform 6.1 Upgrade Guide
...upgrade 11 Log on to do so. In this case, contact McAfee Technical Support with the details of the message. Tasks • Running additional scripts on page 40 See also Reviewing the upgrade requirements on page 31 Reviewing the Upgrade Considerations on page 33 Backing up . Run alertproc_offline_1.sql... select a relatively idle time to run the sql scripts soon after the Manager upgrade is displayed, stop proceeding further and contact McAfee Technical Support with the details of the message. 4 Shut down the Manager. 40 McAfee® Network Security Platform 6.1 Upgrade Guide