Product Guide
Page 3
...Audience 5 Conventions 5 What's in this guide 6 Find product documentation 6 1 Introducing Network Security Sensors 7 About the M-1250/M-1450 Sensor 7 Physical description of the M-1250/M-1450 Sensor 8 Ports on the Sensor 8 Front panel LEDs on M-1250/M-1450 Sensor 9 2 Before you install 11 Usage restrictions 11 Safety measures 11 Contents... in SPAN or hub mode 23 About connecting Sensors for fail-over 23 Cable M-1250/M-1450 Sensor for failover 23 A M-1250/M-1450 Sensor specifications 25 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide 3
...Audience 5 Conventions 5 What's in this guide 6 Find product documentation 6 1 Introducing Network Security Sensors 7 About the M-1250/M-1450 Sensor 7 Physical description of the M-1250/M-1450 Sensor 8 Ports on the Sensor 8 Front panel LEDs on M-1250/M-1450 Sensor 9 2 Before you install 11 Usage restrictions 11 Safety measures 11 Contents... in SPAN or hub mode 23 About connecting Sensors for fail-over 23 Cable M-1250/M-1450 Sensor for failover 23 A M-1250/M-1450 Sensor specifications 25 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide 3
Product Guide
Page 12
.... 12 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide LAN ports contain SELV circuits, and WAN ports contain TNV circuits. Some LAN and WAN ports both use . • Do not remove the outer shell of this equipment in place. Unpack the Sensor Task 1 Place the Sensor box as possible. 2 Position the box with specific...
.... 12 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide LAN ports contain SELV circuits, and WAN ports contain TNV circuits. Some LAN and WAN ports both use . • Do not remove the outer shell of this equipment in place. Unpack the Sensor Task 1 Place the Sensor box as possible. 2 Position the box with specific...
Product Guide
Page 19
...directly to the various ports on the Sensor. Task 1 For console connections, plug the DB9 Console cable supplied by McAfee into the Console port on your M-1250/ M-1450 Network Security Sensor. Note the following cabling specifications for the Sensor: • Category 5 Enhanced (Cat 5e) cable is required for transmission speeds up to 1 Gigabit... for initial configuration. Throughout this chapter to connect cables to the console for HyperTerminal are: Name Baud rate Number of bits Setting 38400 8 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide 19
...directly to the various ports on the Sensor. Task 1 For console connections, plug the DB9 Console cable supplied by McAfee into the Console port on your M-1250/ M-1450 Network Security Sensor. Note the following cabling specifications for the Sensor: • Category 5 Enhanced (Cat 5e) cable is required for transmission speeds up to 1 Gigabit... for initial configuration. Throughout this chapter to connect cables to the console for HyperTerminal are: Name Baud rate Number of bits Setting 38400 8 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide 19
Product Guide
Page 25
...1250/M-1450 Sensor specifications The following table lists the specifications of the M-1250/M-1450 Sensor: Sensor Specifications Dimensions Weight Voltage Range Frequency Vibration, operating Vibration, non-operating Power requirements Ambient Temperature Range (Non-condensing) Relative Humidity (Non-condensing) System Heat Dissipation Airflow Altitude Throughput Description M-1250/M-1450: • 1RU, rack mountable • 17.37 (W) x 1.75(H) x 13.5(D) M-1250...,000 ft (3050 m) M-1250: 100 Mbps M-1450: 200 Mbps McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide 25
...1250/M-1450 Sensor specifications The following table lists the specifications of the M-1250/M-1450 Sensor: Sensor Specifications Dimensions Weight Voltage Range Frequency Vibration, operating Vibration, non-operating Power requirements Ambient Temperature Range (Non-condensing) Relative Humidity (Non-condensing) System Heat Dissipation Airflow Altitude Throughput Description M-1250/M-1450: • 1RU, rack mountable • 17.37 (W) x 1.75(H) x 13.5(D) M-1250...,000 ft (3050 m) M-1250: 100 Mbps M-1450: 200 Mbps McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide 25
Product Guide
Page 26
A M-1250/M-1450 Sensor specifications 26 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide
A M-1250/M-1450 Sensor specifications 26 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide
Product Guide
Page 29
...17, 19 conventions and icons used in this guide 5 D documentation audience for this guide 5 product-specific, finding 6 typographical conventions and icons 5 F failover ports for M-1250/M-1450 23 front panel LEDs 9, 11, 12, 15, 25 H hot swappable power supply 17 ...McAfee ServicePortal, accessing 6 monitoring ports 21 P peer ports 21, 22 ports on M-1250/M-1450 8 R Response port 20 S Safety 27 Sensor front panel 11, 19 ServicePortal, finding product documentation 6 SFP module 17 Slide Rail Kit 12, 15 T Technical Support, finding product information 6 McAfee® Network Security Platform M-1250...
...17, 19 conventions and icons used in this guide 5 D documentation audience for this guide 5 product-specific, finding 6 typographical conventions and icons 5 F failover ports for M-1250/M-1450 23 front panel LEDs 9, 11, 12, 15, 25 H hot swappable power supply 17 ...McAfee ServicePortal, accessing 6 monitoring ports 21 P peer ports 21, 22 ports on M-1250/M-1450 8 R Response port 20 S Safety 27 Sensor front panel 11, 19 ServicePortal, finding product documentation 6 SFP module 17 Slide Rail Kit 12, 15 T Technical Support, finding product information 6 McAfee® Network Security Platform M-1250...
Deployment Guide
Page 5
... you must read to Quick Tour for more information on these guides. Quick Tour Installation Guide v Select My Company > Admin Domain > Summary. 1. McAfee® Network Security Platform 6.0 Preface Convention Example Terms that identify fields, buttons, tabs, options, selections, and commands on the User Interface (UI) are shown in italics. Parameters that you... to negative consequences of certain actions, such as a series of data is denoted using this notation. Note: Related Documentation The following documents and on your specific ENTER.
... you must read to Quick Tour for more information on these guides. Quick Tour Installation Guide v Select My Company > Admin Domain > Summary. 1. McAfee® Network Security Platform 6.0 Preface Convention Example Terms that identify fields, buttons, tabs, options, selections, and commands on the User Interface (UI) are shown in italics. Parameters that you... to negative consequences of certain actions, such as a series of data is denoted using this notation. Note: Related Documentation The following documents and on your specific ENTER.
Deployment Guide
Page 11
... Manager software on the server machine. For more troubleshooting tips, see Administrative Domains, Getting Started Guide. You can choose a specific policy to apply by default for monitoring in in-line mode; Whatever policy you've specified will apply until you 've cabled..., see Working with a name and a shared secret key value. For more information on this process, see Device Configuration Guide. 4 McAfee® Network Security Platform 6.0 Getting Started Establish Sensor-to-Manager communication The process of setting up a Sensor is , connected via the Manager server or from ...
... Manager software on the server machine. For more troubleshooting tips, see Administrative Domains, Getting Started Guide. You can choose a specific policy to apply by default for monitoring in in-line mode; Whatever policy you've specified will apply until you 've cabled..., see Working with a name and a shared secret key value. For more information on this process, see Device Configuration Guide. 4 McAfee® Network Security Platform 6.0 Getting Started Establish Sensor-to-Manager communication The process of setting up a Sensor is , connected via the Manager server or from ...
Deployment Guide
Page 12
...on these tools, see Network Security Platform policies, Getting Started Guide. Configure responses to your management. McAfee® Network Security Platform 6.0 Getting Started Viewing and working with data generated by Network Security Platform Once you've completed ...network security. You can use policies specifically for a host. Note: For more information on page 2)). For example, you can apply the Web Server policy to one policy to all of your interfaces use these address parameters are monitoring. For example, you can configure Network Security Platform...
...on these tools, see Network Security Platform policies, Getting Started Guide. Configure responses to your management. McAfee® Network Security Platform 6.0 Getting Started Viewing and working with data generated by Network Security Platform Once you've completed ...network security. You can use policies specifically for a host. Note: For more information on page 2)). For example, you can apply the Web Server policy to one policy to all of your interfaces use these address parameters are monitoring. For example, you can configure Network Security Platform...
Deployment Guide
Page 15
... extranets or Internet? Where are your network. Answering these questions will determine which McAfee® Network Security Sensor (Sensor) model will determine the number of your network? How complex is built with just a single access point and few machines. Pre-deployment considerations Deployment of Network Security Platform requires specific knowledge of IPS deployment than a small office with...
... extranets or Internet? Where are your network. Answering these questions will determine which McAfee® Network Security Sensor (Sensor) model will determine the number of your network? How complex is built with just a single access point and few machines. Pre-deployment considerations Deployment of Network Security Platform requires specific knowledge of IPS deployment than a small office with...
Deployment Guide
Page 22
... a highly granular level, including the automated dropping of DoS traffic intended for receive). McAfee® Network Security Platform 6.0 Sensor Deployment Modes Full-duplex and half-duplex monitoring Sensors are internally wire matched ...with packets flowing through the Sensor. or full-duplex mode (depending on one for a specific Web server. 15 Deploying Sensors in in-line mode In-line mode is achieved when... 12 8 M-2750 20 20 M-1450 8 8 M-1250 8 8 N-450 20 20 In-line mode and tap mode can prevent network attacks by dropping malicious traffic in real time.
... a highly granular level, including the automated dropping of DoS traffic intended for receive). McAfee® Network Security Platform 6.0 Sensor Deployment Modes Full-duplex and half-duplex monitoring Sensors are internally wire matched ...with packets flowing through the Sensor. or full-duplex mode (depending on one for a specific Web server. 15 Deploying Sensors in in-line mode In-line mode is achieved when... 12 8 M-2750 20 20 M-1450 8 8 M-1250 8 8 N-450 20 20 In-line mode and tap mode can prevent network attacks by dropping malicious traffic in real time.
Deployment Guide
Page 35
...the sub-interfaces feature. Create (or clone) policies on an extremely granular level. Define user roles. Create policies tuned for specific hosts or a subset of the IPS to organize your deployment by geographical location, business unit, or functional area (that is, HR, Finance). ... to the system to -day management of your deployment into VLAN tags and CIDR blocks. Configure DoS policies for specific traffic flows within a network segment, and apply them on a sub-interface basis. McAfee® Network Security Platform 6.0 Deployment Scenarios Split your...
...the sub-interfaces feature. Create (or clone) policies on an extremely granular level. Define user roles. Create policies tuned for specific hosts or a subset of the IPS to organize your deployment by geographical location, business unit, or functional area (that is, HR, Finance). ... to the system to -day management of your deployment into VLAN tags and CIDR blocks. Configure DoS policies for specific traffic flows within a network segment, and apply them on a sub-interface basis. McAfee® Network Security Platform 6.0 Deployment Scenarios Split your...
IPS Configuration Guide
Page 6
...tab, click Backup. Warning: Notes that you to perform particular tasks. Variable information that you must supply are denoted using this notation. McAfee® Network Security Platform 5.1 Preface not necessarily familiar with electricity, or other serious consequences is denoted using this notation. Names of the requested service. Caution: ... on the keyboard Press ENTER. The Service field on the Properties tab specifies the name of keys on your specific situation or environment is shown in angle brackets. Select My Company > Admin Domain > Summary.
...tab, click Backup. Warning: Notes that you to perform particular tasks. Variable information that you must supply are denoted using this notation. McAfee® Network Security Platform 5.1 Preface not necessarily familiar with electricity, or other serious consequences is denoted using this notation. Names of the requested service. Caution: ... on the keyboard Press ENTER. The Service field on the Properties tab specifies the name of keys on your specific situation or environment is shown in angle brackets. Select My Company > Admin Domain > Summary.
IPS Configuration Guide
Page 9
...McAfee Network Security Platform A security policy, or IPS policy, is a set is permitted across your network, and how to respond to focus the policy's rule set of parameters that impact the intended environment. A rule set of rules that governs what traffic is configured based on the specific...configuration and management of IPS related policies configuration on page 63)) are applied, McAfee® Network Security Platform [formerly McAfee® IntruShield®] generates alerts; A Network Security Platform policy is not exactly the same as an ACL. CHAPTER 1 Overview of ...
...McAfee Network Security Platform A security policy, or IPS policy, is a set is permitted across your network, and how to respond to focus the policy's rule set of parameters that impact the intended environment. A rule set of rules that governs what traffic is configured based on the specific...configuration and management of IPS related policies configuration on page 63)) are applied, McAfee® Network Security Platform [formerly McAfee® IntruShield®] generates alerts; A Network Security Platform policy is not exactly the same as an ACL. CHAPTER 1 Overview of ...
IPS Configuration Guide
Page 10
McAfee® Network Security Platform 5.1 Overview of your network. McAfee recommends two approaches to specific. The first method is best used for DoS and other suspicious traffic types that covers a broad range of actions, alerts, and... a system of OSs, applications, protocols. Critical attacks like buffer overflows and denial of service (DoS) require responses in a specific zone of IPS settings In the McAfee® Network Security Policy Editor [formerly IPS Policy Editor], there are best logged without response, then analyzed as the protocol. Packet logging Logging attack...
McAfee® Network Security Platform 5.1 Overview of your network. McAfee recommends two approaches to specific. The first method is best used for DoS and other suspicious traffic types that covers a broad range of actions, alerts, and... a system of OSs, applications, protocols. Critical attacks like buffer overflows and denial of service (DoS) require responses in a specific zone of IPS settings In the McAfee® Network Security Policy Editor [formerly IPS Policy Editor], there are best logged without response, then analyzed as the protocol. Packet logging Logging attack...
IPS Configuration Guide
Page 16
...of creating or modifying settings opens up to malicious use of the ultimate refining tool for securing your network. The Policy Editor brings together defining alert filters and rule sets for attack monitoring in a specific network environment: 1 Select IPS Settings > Policies > IPS Policy Editor. 2 Click Add. ..., saving any operation and closes the window. To add a new policy for final customization before deployment. McAfee® Network Security Platform 5.1 Managing IPS settings Managing policies with IPS Policy Editor The IPS Policy Editor action enables the use of your...
...of creating or modifying settings opens up to malicious use of the ultimate refining tool for securing your network. The Policy Editor brings together defining alert filters and rule sets for attack monitoring in a specific network environment: 1 Select IPS Settings > Policies > IPS Policy Editor. 2 Click Add. ..., saving any operation and closes the window. To add a new policy for final customization before deployment. McAfee® Network Security Platform 5.1 Managing IPS settings Managing policies with IPS Policy Editor The IPS Policy Editor action enables the use of your...
IPS Configuration Guide
Page 29
...configured per admin domain node. Script: runs a script previously uploaded to enable/disable IPS Quarantine and McAfee® Network Access Control (McAfee NAC) notification at Policy level. Block Attack (Drop packets): prevents detected attack from policy editors, ... 143). IPS Quarantine / McAfee NAC: helps you to the database. See Setting up alert notifications (on configuring IPS Quarantine from finishing its transmission through your immediate attention. 2 Configure the type of a specific attack. McAfee® Network Security Platform 5.1 Managing IPS settings Figure...
...configured per admin domain node. Script: runs a script previously uploaded to enable/disable IPS Quarantine and McAfee® Network Access Control (McAfee NAC) notification at Policy level. Block Attack (Drop packets): prevents detected attack from policy editors, ... 143). IPS Quarantine / McAfee NAC: helps you to the database. See Setting up alert notifications (on configuring IPS Quarantine from finishing its transmission through your immediate attention. 2 Configure the type of a specific attack. McAfee® Network Security Platform 5.1 Managing IPS settings Figure...
IPS Configuration Guide
Page 41
...34). You can edit a Network Security Platform-provided policy. Note 2: If setting the same responses for several attacks serves your system and you to add/subtract from the default settings of a policy, you may want to add specific attacks to a policy for ..., you may receive attacks uncommon to a network environment that are impacting your policy customization best (for example, enabling the Drop Packets response for your annotations under User Comments section of the signature's attack. McAfee® Network Security Platform 5.1 Managing IPS settings Figure 32: Attack ...
...34). You can edit a Network Security Platform-provided policy. Note 2: If setting the same responses for several attacks serves your system and you to add/subtract from the default settings of a policy, you may want to add specific attacks to a policy for ..., you may receive attacks uncommon to a network environment that are impacting your policy customization best (for example, enabling the Drop Packets response for your annotations under User Comments section of the signature's attack. McAfee® Network Security Platform 5.1 Managing IPS settings Figure 32: Attack ...
IPS Configuration Guide
Page 47
... to the widespread nature of reconnaissance attacks. You can customize thresholds, responses, and user notifications for attack monitoring in a specific network environment: Figure 37: Reconnaissance Policy List 1 Select IPS Settings > Policies > Reconnaissance Policy Editor. 2 Click Add. 39...VIPS (interface/sub-interface) level due to individual interfaces. McAfee® Network Security Platform 5.1 Managing IPS settings current or further impacts, and the methods of notification that will help your network in the most expeditious time. The Reconnaissance Policy Editor provides ...
... to the widespread nature of reconnaissance attacks. You can customize thresholds, responses, and user notifications for attack monitoring in a specific network environment: Figure 37: Reconnaissance Policy List 1 Select IPS Settings > Policies > Reconnaissance Policy Editor. 2 Click Add. 39...VIPS (interface/sub-interface) level due to individual interfaces. McAfee® Network Security Platform 5.1 Managing IPS settings current or further impacts, and the methods of notification that will help your network in the most expeditious time. The Reconnaissance Policy Editor provides ...
IPS Configuration Guide
Page 59
... acknowledge alerts based on specific criteria. • Enabling and starting the Incident Generator service: (on page 67) install and start the Incident Generator service, which maximize the effectiveness of applied policies. For example, HTTP by Network Security Platform for which you to ...server from an outside location. Pre-configured rule sets are provided for ease of alert incident conditions to further enhance your McAfee® Network Security Platform security utilization. • Exporting policies (on page 74): save one or more information: • Configuring non-standard ports ...
... acknowledge alerts based on specific criteria. • Enabling and starting the Incident Generator service: (on page 67) install and start the Incident Generator service, which maximize the effectiveness of applied policies. For example, HTTP by Network Security Platform for which you to ...server from an outside location. Pre-configured rule sets are provided for ease of alert incident conditions to further enhance your McAfee® Network Security Platform security utilization. • Exporting policies (on page 74): save one or more information: • Configuring non-standard ports ...