IPS Configuration Guide
Page 9
... for immediate application in various unique network environments. Network Security Platform enables you to define an environment to focus the policy's rule set is configured based on the specific needs of unique zones in your network, rather than a one that governs... An include rule-which attacks or conditions are applied, McAfee® Network Security Platform [formerly McAfee® IntruShield®] generates alerts; An exclude rule removes elements from the include rule in order to protect by Network Security Platform. By broadening (includes) and narrowing (excludes) the rules...
... for immediate application in various unique network environments. Network Security Platform enables you to define an environment to focus the policy's rule set is configured based on the specific needs of unique zones in your network, rather than a one that governs... An include rule-which attacks or conditions are applied, McAfee® Network Security Platform [formerly McAfee® IntruShield®] generates alerts; An exclude rule removes elements from the include rule in order to protect by Network Security Platform. By broadening (includes) and narrowing (excludes) the rules...
IPS Configuration Guide
Page 10
... for an exploit attack (on the environment where it will have no impact in the flow. 2 McAfee® Network Security Platform 5.1 Overview of IPS settings In the McAfee® Network Security Policy Editor [formerly IPS Policy Editor], there are retrieved from the Sensor is integral to the protection ... capturing the network traffic around an offending transmission. You can be installed anywhere in protocol analysis can use . A list of the same nature. For example, you create another include rule for the attack plus the previous 128 bytes in a specific zone of your rule...
... for an exploit attack (on the environment where it will have no impact in the flow. 2 McAfee® Network Security Platform 5.1 Overview of IPS settings In the McAfee® Network Security Policy Editor [formerly IPS Policy Editor], there are retrieved from the Sensor is integral to the protection ... capturing the network traffic around an offending transmission. You can be installed anywhere in protocol analysis can use . A list of the same nature. For example, you create another include rule for the attack plus the previous 128 bytes in a specific zone of your rule...
IPS Configuration Guide
Page 116
...allowed to access certain IP addresses and denied access to be remediated by re-directing the HTTP traffic from security threats, McAfee® Network Security Platform provides the IPS Quarantine feature which need to specific IP addresses until the quarantine rule expires. The state of...Sensor detects attacks from the network for the desired Sensor. 3 Click Delete. Thereafter, the Sensor drops any traffic from Manager, do the following: 1 Click IPS Settings > SSL Decryption > Key Management. 2 Select the radio button in IPS Quarantine Network Access Zones. A pop-up window details...
...allowed to access certain IP addresses and denied access to be remediated by re-directing the HTTP traffic from security threats, McAfee® Network Security Platform provides the IPS Quarantine feature which need to specific IP addresses until the quarantine rule expires. The state of...Sensor detects attacks from the network for the desired Sensor. 3 Click Delete. Thereafter, the Sensor drops any traffic from Manager, do the following: 1 Click IPS Settings > SSL Decryption > Key Management. 2 Select the radio button in IPS Quarantine Network Access Zones. A pop-up window details...
IPS Configuration Guide
Page 122
... (on the Network Security Platform. Traditional ACLs are configured to the IPS Quarantine Network Access Zone (NAZ). IPS quarantine ACLs and traditional ACLs IPS quarantine ACLs are configured to understand the interaction between IPS Quarantine and traditional ACLs: 114 McAfee® Network Security Platform 5.1 Managing IPS... Quarantine, select Attacks Eligible for IPS Quarantine from being raised for the selected protocol. 9 Configure the IPS Quarantine/McAfee NAC sections as an IP CIDR or a specific IP address. The Configure Attack Detail page automatically refreshes, and ...
... (on the Network Security Platform. Traditional ACLs are configured to the IPS Quarantine Network Access Zone (NAZ). IPS quarantine ACLs and traditional ACLs IPS quarantine ACLs are configured to understand the interaction between IPS Quarantine and traditional ACLs: 114 McAfee® Network Security Platform 5.1 Managing IPS... Quarantine, select Attacks Eligible for IPS Quarantine from being raised for the selected protocol. 9 Configure the IPS Quarantine/McAfee NAC sections as an IP CIDR or a specific IP address. The Configure Attack Detail page automatically refreshes, and ...
IPS Configuration Guide
Page 123
... get dropped. For example, the configurations for Network Access Zones from IPS Settings (on page 123) Creating network objects for the above tabs are configured for these...Network Access Zones are reflected in NAC Settings > Network Access Setup > Network Access Zones. • IPS Quarantine configuration using Wizard (on page 122) • Summary of IPS Quarantine configurations (on page 121) Note: The configurations for IPS Quarantine Network objects provide a convenient way of grouping together IP addresses, VLAN, CIDR or MAC addresses. McAfee® Network Security Platform...
... get dropped. For example, the configurations for Network Access Zones from IPS Settings (on page 123) Creating network objects for the above tabs are configured for these...Network Access Zones are reflected in NAC Settings > Network Access Setup > Network Access Zones. • IPS Quarantine configuration using Wizard (on page 122) • Summary of IPS Quarantine configurations (on page 121) Note: The configurations for IPS Quarantine Network objects provide a convenient way of grouping together IP addresses, VLAN, CIDR or MAC addresses. McAfee® Network Security Platform...
IPS Configuration Guide
Page 124
...to the address list. Adding Network Access Zones for the network object. 7 Note that can View / Edit or Delete the network objects from the Network Objects List. Add the required number of entries for IPS Quarantine Network Access Zones are a set of Access ... the Manager user interface displays the corresponding field. Description of the network object. Figure 124: Adding network objects 3 In Add a Network Object, enter the following information: Name of the network object. McAfee® Network Security Platform 5.1 Managing IPS settings 1 In the Resource Tree, select IPS Settings...
...to the address list. Adding Network Access Zones for the network object. 7 Note that can View / Edit or Delete the network objects from the Network Objects List. Add the required number of entries for IPS Quarantine Network Access Zones are a set of Access ... the Manager user interface displays the corresponding field. Description of the network object. Figure 124: Adding network objects 3 In Add a Network Object, enter the following information: Name of the network object. McAfee® Network Security Platform 5.1 Managing IPS settings 1 In the Resource Tree, select IPS Settings...
IPS Configuration Guide
Page 125
... Resource Tree, select IPS Settings > IPS Quarantine > Network Access Zones. 2 To add a Network Access Zone, select Add. The IPS Quarantine NAZ maps the access level provided to the host to a host by specifying whether the traffic from a host, the host is based on page 122). McAfee® Network Security Platform 5.1 Managing IPS settings When the Sensor identifies attacks...
... Resource Tree, select IPS Settings > IPS Quarantine > Network Access Zones. 2 To add a Network Access Zone, select Add. The IPS Quarantine NAZ maps the access level provided to the host to a host by specifying whether the traffic from a host, the host is based on page 122). McAfee® Network Security Platform 5.1 Managing IPS settings When the Sensor identifies attacks...
IPS Configuration Guide
Page 127
... delete the three built-in Network Access Zone definitions in the Manager: 1 In the Resource Tree, select IPS Settings > IPS Quarantine > Syslog Forwarding. Following are the steps for configuring Syslog Forwarding for NAC, in the Manager, namely, Public Networks Only, No Access and Full Access. Sensor response action- McAfee® Network Security Platform 5.1 Managing IPS settings b. For...
... delete the three built-in Network Access Zone definitions in the Manager: 1 In the Resource Tree, select IPS Settings > IPS Quarantine > Syslog Forwarding. Following are the steps for configuring Syslog Forwarding for NAC, in the Manager, namely, Public Networks Only, No Access and Full Access. Sensor response action- McAfee® Network Security Platform 5.1 Managing IPS settings b. For...
IPS Configuration Guide
Page 128
... your requirements. 120 Figure 129: Option for customizing syslog forwarding messages 10 To edit the custom Syslog message, select Edit. McAfee® Network Security Platform 5.1 Managing IPS settings 5 Enter the Syslog Server UDP Port. 6 Select the Facility to Use and Priority to Use. ... customized message instead of system default. Customizing IPS Quarantine browser messages When the quarantined host tries to access network resources outside its assigned IPS Quarantine Network Access Zone, an IPS Quarantine browser message is by default set to System default. 8 Click Apply, and save ...
... your requirements. 120 Figure 129: Option for customizing syslog forwarding messages 10 To edit the custom Syslog message, select Edit. McAfee® Network Security Platform 5.1 Managing IPS settings 5 Enter the Syslog Server UDP Port. 6 Select the Facility to Use and Priority to Use. ... customized message instead of system default. Customizing IPS Quarantine browser messages When the quarantined host tries to access network resources outside its assigned IPS Quarantine Network Access Zone, an IPS Quarantine browser message is by default set to System default. 8 Click Apply, and save ...
IPS Configuration Guide
Page 129
... IPS Quarantine in the Manager: 1 In the Resource Tree, select IPS Settings > IPS Quarantine > Remediation Portal. 121 McAfee® Network Security Platform 5.1 Managing IPS settings Following are the steps for configuring Remediation Portal settings for customizing IPS Quarantine browser message in the Manager...IPS Settings To make the quarantined host clean of malicious traffic and thus compliant to the security policies of the window as per different fields such as Health Level, Network Access Zone, IP address, Remediation Portal URL, MAC address etc. 4 Click Save, to a Remediation...
... IPS Quarantine in the Manager: 1 In the Resource Tree, select IPS Settings > IPS Quarantine > Remediation Portal. 121 McAfee® Network Security Platform 5.1 Managing IPS settings Following are the steps for configuring Remediation Portal settings for customizing IPS Quarantine browser message in the Manager...IPS Settings To make the quarantined host clean of malicious traffic and thus compliant to the security policies of the window as per different fields such as Health Level, Network Access Zone, IP address, Remediation Portal URL, MAC address etc. 4 Click Save, to a Remediation...
IPS Configuration Guide
Page 131
... > Summary. For more information on page 211) Summary of Admin Domain configurations for IPS Quarantine The Summary of Network Access Zones for the admin domain can add hosts for which display the configurations using the IPS Quarantine Configuration Wizard including NAC...> IPS Quarantine. For more information, see Sensor port settings for IPS quarantine. (on network access zones, see Managing items in the NAC Exclusion List, NAC Configuration Guide. McAfee® Network Security Platform 5.1 Managing IPS settings • Enable quarantine of hosts, but disable remediation (or re-...
... > Summary. For more information on page 211) Summary of Admin Domain configurations for IPS Quarantine The Summary of Network Access Zones for the admin domain can add hosts for which display the configurations using the IPS Quarantine Configuration Wizard including NAC...> IPS Quarantine. For more information, see Sensor port settings for IPS quarantine. (on network access zones, see Managing items in the NAC Exclusion List, NAC Configuration Guide. McAfee® Network Security Platform 5.1 Managing IPS settings • Enable quarantine of hosts, but disable remediation (or re-...
IPS Configuration Guide
Page 220
... Updating the configuration of the IPS Quarantine Configuration Wizard. For more information, see Adding Network Access Zones for which the host is parent to your Sensors. The wizard displays a message that the Sensor(s) need to update the Sensor(s). McAfee® Network Security Platform 5.1 The IPS Sensor_Name node • Enable quarantine of hosts, but disable remediation (or...
... Updating the configuration of the IPS Quarantine Configuration Wizard. For more information, see Adding Network Access Zones for which the host is parent to your Sensors. The wizard displays a message that the Sensor(s) need to update the Sensor(s). McAfee® Network Security Platform 5.1 The IPS Sensor_Name node • Enable quarantine of hosts, but disable remediation (or...