Product Guide
Page 7
... the McAfee Network Security Manager (Manager) server. The IPS functionality involves real-time detection and prevention of attack responses, including generating alerts and packet logs, resetting TCP connections, "scrubbing" malicious packets, and even blocking attack packets entirely before they reach the intended target. Network Access Control of hosts is described in detail in detail. McAfee® Network Security Platform M-1250...
... the McAfee Network Security Manager (Manager) server. The IPS functionality involves real-time detection and prevention of attack responses, including generating alerts and packet logs, resetting TCP connections, "scrubbing" malicious packets, and even blocking attack packets entirely before they reach the intended target. Network Access Control of hosts is described in detail in detail. McAfee® Network Security Platform M-1250...
Product Guide
Page 8
...RS-232C Console port, which may be assigned IP addresses. This renders them completely invisible to IPS detection techniques. 1 Introducing Network Security Sensors Physical description of the M-1250/M-1450 Sensor Physical description of aggregated traffic respectively. M-1250 can monitor four 10/100/1000 Mbps Ethernet... One 10/100/1000 Management port, which , when you are 1A/1B, 2A/2B, 3A/3B and 4A/4B. 8 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide that is used to set up to this Ethernet port during installation. 2 One Response port, which is ...
...RS-232C Console port, which may be assigned IP addresses. This renders them completely invisible to IPS detection techniques. 1 Introducing Network Security Sensors Physical description of the M-1250/M-1450 Sensor Physical description of aggregated traffic respectively. M-1250 can monitor four 10/100/1000 Mbps Ethernet... One 10/100/1000 Management port, which , when you are 1A/1B, 2A/2B, 3A/3B and 4A/4B. 8 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide that is used to set up to this Ethernet port during installation. 2 One Response port, which is ...
Quick Start Guide
Page 5
... An add-on M-series Sensors. e Download the zip file to Device List | Add-On Licenses page. For more information, see McAfee Network Security Platform Device Administration Guide. You do not require a license file for using Manager/Central Manager version 5.1.17.2 or above, and 6.0.7.x or above.... 6 Adding the Sensor to enable IPS on license is admin123. a Log on to enable NAC on screen prompts. 5 Start the Manager Click Start | Programs | McAfee | Network Security Manager | Network Security Manager. The default Login ID is admin and the default Password ...
... An add-on M-series Sensors. e Download the zip file to Device List | Add-On Licenses page. For more information, see McAfee Network Security Platform Device Administration Guide. You do not require a license file for using Manager/Central Manager version 5.1.17.2 or above, and 6.0.7.x or above.... 6 Adding the Sensor to enable IPS on license is admin123. a Log on to enable NAC on screen prompts. 5 Start the Manager Click Start | Programs | McAfee | Network Security Manager | Network Security Manager. The default Login ID is admin and the default Password ...
Quick Start Guide
Page 7
... using four octets separated by a subnet mask in the Manager interface. 7 At the prompt, type: set sensor gateway 192.168.3.68 f Set the IP address of the Manager server. Type: reboot. At the prompt, type: set sensor name . Example: At the prompt, type: set sensor sharedsecretkey. The string ... minutes to complete its reboot. Example: set command, you can be between the Sensor and the Manager. e If the Sensor is not on the network. d Set the name of the Sensor: You can enter the setup command at the prompt and this point have successfully established the Sensor on the...
... using four octets separated by a subnet mask in the Manager interface. 7 At the prompt, type: set sensor gateway 192.168.3.68 f Set the IP address of the Manager server. Type: reboot. At the prompt, type: set sensor name . Example: At the prompt, type: set sensor sharedsecretkey. The string ... minutes to complete its reboot. Example: set command, you can be between the Sensor and the Manager. e If the Sensor is not on the network. d Set the name of the Sensor: You can enter the setup command at the prompt and this point have successfully established the Sensor on the...
Quick Start Guide
Page 9
... system. To view this or any attack in the Manager. g Click the button representing the ports on port settings, see McAfee Network Security Platform Device Administration Guide, or click the Detailed Help buttons in the McAfee Network Security Platform IPS Administration Guide. Your Sensor is actively monitoring connected segments and communicating with a "blocking" Sensor response action; The Default Inline...
... system. To view this or any attack in the Manager. g Click the button representing the ports on port settings, see McAfee Network Security Platform Device Administration Guide, or click the Detailed Help buttons in the McAfee Network Security Platform IPS Administration Guide. Your Sensor is actively monitoring connected segments and communicating with a "blocking" Sensor response action; The Default Inline...
Deployment Guide
Page 1
IPS Deployment Guide revision 2.0 McAfee® Network Security Platform version 6.0 McAfee® Network Protection Industry-leading network security solutions
IPS Deployment Guide revision 2.0 McAfee® Network Security Platform version 6.0 McAfee® Network Protection Industry-leading network security solutions
Deployment Guide
Page 2
...1999. * Software copyrighted by Michael A. COPYRIGHT Copyright ® 2001 - 2009 McAfee, Inc. TRADEMARKS ACTIVE FIREWALL, ACTIVE SECURITY, ACTIVESECURITY (AND IN KATAKANA), ACTIVESHIELD, CLEAN-UP, DESIGN (STYLIZED E), DESIGN (.... * Software copyrighted by Gunnar Ritter. * Software copyrighted by Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, U.S.A., (C) 2003. * Software copyrighted by Gisle Aas....Looijaard, (C) 1997. * Software copyrighted by Sean M. Issued NOVEMBER 2010 / IPS Deployment Guide 700-2366-00/ 2.0 - and/or its suppliers or affiliate companies...
...1999. * Software copyrighted by Michael A. COPYRIGHT Copyright ® 2001 - 2009 McAfee, Inc. TRADEMARKS ACTIVE FIREWALL, ACTIVE SECURITY, ACTIVESECURITY (AND IN KATAKANA), ACTIVESHIELD, CLEAN-UP, DESIGN (STYLIZED E), DESIGN (.... * Software copyrighted by Gunnar Ritter. * Software copyrighted by Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, U.S.A., (C) 2003. * Software copyrighted by Gisle Aas....Looijaard, (C) 1997. * Software copyrighted by Sean M. Issued NOVEMBER 2010 / IPS Deployment Guide 700-2366-00/ 2.0 - and/or its suppliers or affiliate companies...
Deployment Guide
Page 4
...-day, and encrypted attacks. Audience This guide is organized. Introducing McAfee Network Security Platform McAfee® Network Security Platform [formerly McAfee® IntruShield®] delivers the most comprehensive, accurate, and scalable Network Access Control (NAC), network Intrusion Prevention System (IPS) and Network Threat Behavior Analysis (NTBA) for this guide and how to contact McAfee Technical Support. It also provides information such as data center...
...-day, and encrypted attacks. Audience This guide is organized. Introducing McAfee Network Security Platform McAfee® Network Security Platform [formerly McAfee® IntruShield®] delivers the most comprehensive, accurate, and scalable Network Access Control (NAC), network Intrusion Prevention System (IPS) and Network Threat Behavior Analysis (NTBA) for this guide and how to contact McAfee Technical Support. It also provides information such as data center...
Deployment Guide
Page 5
...that you must read to negative consequences of certain actions, such as a series of numbered steps. Refer to this notation. McAfee® Network Security Platform 6.0 Preface Convention Example Terms that identify fields, buttons, tabs, options, selections, and commands on the User Interface (UI)...angle bracket. situation or environment is shown in Arial Narrow bold font. Warning: Notes that you must supply set Sensor ip are denoted using this notation. Procedures are denoted using UPPER CASE. are shown enclosed in angle brackets. Parameters that ...
...that you must read to negative consequences of certain actions, such as a series of numbered steps. Refer to this notation. McAfee® Network Security Platform 6.0 Preface Convention Example Terms that identify fields, buttons, tabs, options, selections, and commands on the User Interface (UI)...angle bracket. situation or environment is shown in Arial Narrow bold font. Warning: Notes that you must supply set Sensor ip are denoted using this notation. Procedures are denoted using UPPER CASE. are shown enclosed in angle brackets. Parameters that ...
Deployment Guide
Page 11
... Sensor via the Manager server or from a browser on a client machine that can establish communication with Security Policies, Getting Started Guide. Viewing the Resource Tree is , IP address, IP address of the Manager server, and so on), and configure it with a name and a shared ...a high level. 1 Set up the Manager software on the server machine. Install the Manager software on the server machine. McAfee® Network Security Platform 6.0 Getting Started Establish Sensor-to-Manager communication The process of setting up a Sensor is , connected via a port pair on the Sensor...
... Sensor via the Manager server or from a browser on a client machine that can establish communication with Security Policies, Getting Started Guide. Viewing the Resource Tree is , IP address, IP address of the Manager server, and so on), and configure it with a name and a shared ...a high level. 1 Set up the Manager software on the server machine. Install the Manager software on the server machine. McAfee® Network Security Platform 6.0 Getting Started Establish Sensor-to-Manager communication The process of setting up a Sensor is , connected via a port pair on the Sensor...
Deployment Guide
Page 12
... configuring an IPS quarantine response, see Administrative Domain Configuration Guide. 5 For more information on attack filters, see Administrative Domain Configuration Guide and Device Configuration Guide. Filter alerts. For more information on your Sensor will generate alerts for a host. McAfee® Network Security Platform 6.0 Getting Started Viewing and working with data generated by Network Security Platform Once you...
... configuring an IPS quarantine response, see Administrative Domain Configuration Guide. 5 For more information on attack filters, see Administrative Domain Configuration Guide and Device Configuration Guide. Filter alerts. For more information on your Sensor will generate alerts for a host. McAfee® Network Security Platform 6.0 Getting Started Viewing and working with data generated by Network Security Platform Once you...
Deployment Guide
Page 13
...Status page details the functional status for all information related to detail system faults experienced by your server or other location. McAfee® Network Security Platform 6.0 Getting Started View the system's health. Figure 1: Sensor software update methods Field 1 2 Description Update Server...McAfee periodically releases new Manager software and Sensor signature and software images, and makes these types of your Manager configuration information to system configuration, such as port configuration, users, admin domains, policies for a port on how to a reliable IPS...
...Status page details the functional status for all information related to detail system faults experienced by your server or other location. McAfee® Network Security Platform 6.0 Getting Started View the system's health. Figure 1: Sensor software update methods Field 1 2 Description Update Server...McAfee periodically releases new Manager software and Sensor signature and software images, and makes these types of your Manager configuration information to system configuration, such as port configuration, users, admin domains, policies for a port on how to a reliable IPS...
Deployment Guide
Page 15
... each Sensor port. Answering these questions will determine which McAfee® Network Security Sensor (Sensor) model will determine the number of Sensors you 'll need to multi gigabits per second for deploying McAfee Network Security Platform, you deploy the McAfee® Network Security Platform. Tip: If you are your network's security needs. CHAPTER 2 Planning Network Security Platform Installation This section discusses the considerations and pre-installment...
... each Sensor port. Answering these questions will determine which McAfee® Network Security Sensor (Sensor) model will determine the number of Sensors you 'll need to multi gigabits per second for deploying McAfee Network Security Platform, you deploy the McAfee® Network Security Platform. Tip: If you are your network's security needs. CHAPTER 2 Planning Network Security Platform Installation This section discusses the considerations and pre-installment...
Deployment Guide
Page 18
Where are your security operations located? The IPS simply will make the security solution complete and effective. A common question when installing Sensors around firewalls to see all deployed Sensors. Should you ... segment monitoring is , incoming traffic comes through New York and outgoing traffic goes out through San Jose). McAfee® Network Security Platform 6.0 Planning Network Security Platform Installation Sensor Aggregate Performance M-8000 M-6050 M-4050 M-3050 M-2750 M-1450 M-1250 N-450 10 Gbps 5 Gbps 3 Gbps 1.5 Gbps 600 Mbps 200 Mbps 100 Mbps 2 Gbps Where are...
Where are your security operations located? The IPS simply will make the security solution complete and effective. A common question when installing Sensors around firewalls to see all deployed Sensors. Should you ... segment monitoring is , incoming traffic comes through New York and outgoing traffic goes out through San Jose). McAfee® Network Security Platform 6.0 Planning Network Security Platform Installation Sensor Aggregate Performance M-8000 M-6050 M-4050 M-3050 M-2750 M-1450 M-1250 N-450 10 Gbps 5 Gbps 3 Gbps 1.5 Gbps 600 Mbps 200 Mbps 100 Mbps 2 Gbps Where are...
Deployment Guide
Page 20
... modes-that is, the monitoring or deployment mode for implementing McAfee® Network Security Platform in McAfee® Network Security Sensor (Sensor) deployment. Most PC-based IDS Sensors on the market today can you use one network segment at a time, and only via the SPAN port... Sensor to monitor multiple network segments, but you would need multiple Sensors. Additionally, Network Security Platform's Virtual IPS (VIPS) feature enables you to further segment a port on a Sensor into many network segments (up to run whatever mode best suits each network segment. Multi-port Sensor...
... modes-that is, the monitoring or deployment mode for implementing McAfee® Network Security Platform in McAfee® Network Security Sensor (Sensor) deployment. Most PC-based IDS Sensors on the market today can you use one network segment at a time, and only via the SPAN port... Sensor to monitor multiple network segments, but you would need multiple Sensors. Additionally, Network Security Platform's Virtual IPS (VIPS) feature enables you to further segment a port on a Sensor into many network segments (up to run whatever mode best suits each network segment. Multi-port Sensor...
Deployment Guide
Page 23
... of the problems with using firewall reconfiguration actions with the firewall, creating your own denial of service condition. McAfee® Network Security Platform 6.0 Sensor Deployment Modes Note: Sensors are configured by default to in-line mode. Basically, if you into ... TCP segment overlaps. An obvious requirement with your IDS Sensor becoming a bottleneck. In addition to dropping malicious traffic, Network Security Platform can reassemble the IP fragments and TCP segments and enforce a reassembly mode of this attempt is user configurable). This acts sort of like ...
... of the problems with using firewall reconfiguration actions with the firewall, creating your own denial of service condition. McAfee® Network Security Platform 6.0 Sensor Deployment Modes Note: Sensors are configured by default to in-line mode. Basically, if you into ... TCP segment overlaps. An obvious requirement with your IDS Sensor becoming a bottleneck. In addition to dropping malicious traffic, Network Security Platform can reassemble the IP fragments and TCP segments and enforce a reassembly mode of this attempt is user configurable). This acts sort of like ...
Deployment Guide
Page 24
McAfee® Network Security Platform 6.0 Sensor Deployment Modes High-availability. In in -line, you must specify whether the Sensor port is monitoring inside and outside of failure, so the Sensors support complete stateful fail-over, delivering the industry's first true highavailability IPS deployment, similar to... ports are configured to flow. For example, the Sensor shown in the figure in -line, McAfee recommends that you 're running in How complex is your network topology? (on page 9) is protecting. Unlike bridges, routers, or switches, the Sensor does not need ...
McAfee® Network Security Platform 6.0 Sensor Deployment Modes High-availability. In in -line, you must specify whether the Sensor port is monitoring inside and outside of failure, so the Sensors support complete stateful fail-over, delivering the industry's first true highavailability IPS deployment, similar to... ports are configured to flow. For example, the Sensor shown in the figure in -line, McAfee recommends that you 're running in How complex is your network topology? (on page 9) is protecting. Unlike bridges, routers, or switches, the Sensor does not need ...
Deployment Guide
Page 29
... Redundancy is a key element for any network requiring 24x7 uptime. Two distinct network links from the SPAN port of SwitchA. Port 1B gets data from the SPAN port of SwitchB. McAfee® Network Security Platform 6.0 Sensor Deployment Modes SPAN port and ...hub monitoring When monitoring a SPAN or hub port, Sensors with a 1Gbps rate per link to the Sensor, allowing a total of 2Gbps traffic to the IPS...
... Redundancy is a key element for any network requiring 24x7 uptime. Two distinct network links from the SPAN port of SwitchA. Port 1B gets data from the SPAN port of SwitchB. McAfee® Network Security Platform 6.0 Sensor Deployment Modes SPAN port and ...hub monitoring When monitoring a SPAN or hub port, Sensors with a 1Gbps rate per link to the Sensor, allowing a total of 2Gbps traffic to the IPS...
Deployment Guide
Page 33
... granular levels, creating multiple administrative domains managed by default. Deployment flexibility IPS deployment can be difficult to start monitoring your network even while you familiarize yourself with Network Security Platform Resources, Getting Started Guide) enable you can leave this policy and pass...policies (defined in Working with its features and capabilities and tune your network right away. CHAPTER 4 Deployment Scenarios This section provides some guidance on how to deploy McAfee® Network Security Platform using the most simple, or out-of-the-box method, and...
... granular levels, creating multiple administrative domains managed by default. Deployment flexibility IPS deployment can be difficult to start monitoring your network even while you familiarize yourself with Network Security Platform Resources, Getting Started Guide) enable you can leave this policy and pass...policies (defined in Working with its features and capabilities and tune your network right away. CHAPTER 4 Deployment Scenarios This section provides some guidance on how to deploy McAfee® Network Security Platform using the most simple, or out-of-the-box method, and...
Deployment Guide
Page 35
... and CIDR blocks. Configure DoS policies for specific traffic flows within a network segment, and apply them on a sub-interface basis. McAfee® Network Security Platform 6.0 Deployment Scenarios Split your network. 28 Create policies tuned for specific hosts or a subset of the IPS to specific individuals, providing each person with distinct policies using the sub-...enough access to the system to organize your deployment by geographical location, business unit, or functional area (that is, HR, Finance). Segment your network traffic into multiple Admin Domains.
... and CIDR blocks. Configure DoS policies for specific traffic flows within a network segment, and apply them on a sub-interface basis. McAfee® Network Security Platform 6.0 Deployment Scenarios Split your network. 28 Create policies tuned for specific hosts or a subset of the IPS to specific individuals, providing each person with distinct policies using the sub-...enough access to the system to organize your deployment by geographical location, business unit, or functional area (that is, HR, Finance). Segment your network traffic into multiple Admin Domains.