Product Guide
Page 3
... port speed settings 21 Cable types for routers, switches, hubs, and PCs 22 Cable the Sensor to monitor in in-line mode 22 Cable the Sensor to monitor in SPAN or hub mode 23 About connecting Sensors for fail-over 23 Cable M-1250/M-1450 Sensor for failover 23 A M-1250/M-1450 Sensor specifications 25 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide 3
... port speed settings 21 Cable types for routers, switches, hubs, and PCs 22 Cable the Sensor to monitor in in-line mode 22 Cable the Sensor to monitor in SPAN or hub mode 23 About connecting Sensors for fail-over 23 Cable M-1250/M-1450 Sensor for failover 23 A M-1250/M-1450 Sensor specifications 25 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide 3
Product Guide
Page 7
... first subjected to DHCP-NAC and then Standard NAC at different ports of the same Sensor. Network Access Control of hosts is described in detail. Throughout this guide. McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide 7 The IPS functionality involves real-time detection and prevention of hosts. For more information on host System Health level (Standard...
... first subjected to DHCP-NAC and then Standard NAC at different ports of the same Sensor. Network Access Control of hosts is described in detail. Throughout this guide. McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide 7 The IPS functionality involves real-time detection and prevention of hosts. For more information on host System Health level (Standard...
Product Guide
Page 8
..., which , when you to intruders. these ports operate in the SPAN mode, enable you are 1A/1B, 2A/2B, 3A/3B and 4A/4B. 8 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide The Response port is also used in the tap mode. 3 One RS-232C Console port, which may be assigned IP addresses. Communication...
..., which , when you to intruders. these ports operate in the SPAN mode, enable you are 1A/1B, 2A/2B, 3A/3B and 4A/4B. 8 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide The Response port is also used in the tap mode. 3 One RS-232C Console port, which may be assigned IP addresses. Communication...
Product Guide
Page 9
...). International customers are provided with a country-appropriate power cable. Off The Sensor is 10 Mbps. Management Port Link Green The link is disconnected. Off No activity on its ports. Off The link is connected. McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide 9 Sys Green Sensor is 100 Mbps. Monitoring Ports Speed Amber The port speed is...
...). International customers are provided with a country-appropriate power cable. Off The Sensor is 10 Mbps. Management Port Link Green The link is disconnected. Off No activity on its ports. Off The link is connected. McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide 9 Sys Green Sensor is 100 Mbps. Monitoring Ports Speed Amber The port speed is...
Product Guide
Page 10
... pair is in-line, normal traffic. TS Tap/SPAN: The Sensor port receives traffic, traffic dropped. 10 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide TS processing Tap/SPAN: The Sensor port receives traffic, normal traffic. BP Bypass: The Sensor port pair is not in-line and traffic is in -line, traffic dropped Green - FC Fail-close...
... pair is in-line, normal traffic. TS Tap/SPAN: The Sensor port receives traffic, traffic dropped. 10 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide TS processing Tap/SPAN: The Sensor port receives traffic, normal traffic. BP Bypass: The Sensor port pair is not in-line and traffic is in -line, traffic dropped Green - FC Fail-close...
Product Guide
Page 19
...-line mode Cable the Sensor to monitor in this guide, cabling specifications is labeled as Cat 5/Cat 5e. Required settings for example, a PC running at 10 or 100 Mbps, Category 5 (Cat 5) OR Cat 5e cable can be used for setup and configuration of bits Setting 38400 8 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide 19
...-line mode Cable the Sensor to monitor in this guide, cabling specifications is labeled as Cat 5/Cat 5e. Required settings for example, a PC running at 10 or 100 Mbps, Category 5 (Cat 5) OR Cat 5e cable can be used for setup and configuration of bits Setting 38400 8 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide 19
Deployment Guide
Page 4
.... Included are installed and managed through the network in real time, thus complementing the NAC and IPS capabilities in a scenario in this guide and how to employ each McAfee Network Security Sensor (Sensor) port. Conventions used in which operating mode you can determine which McAfee® Network Security Sensor model(s) will need to contact McAfee Technical Support. It also provides information...
.... Included are installed and managed through the network in real time, thus complementing the NAC and IPS capabilities in a scenario in this guide and how to employ each McAfee Network Security Sensor (Sensor) port. Conventions used in which operating mode you can determine which McAfee® Network Security Sensor model(s) will need to contact McAfee Technical Support. It also provides information...
Deployment Guide
Page 8
... detailed information in the alert data generated by Network Security Platform 7 Tuning your Sensors. CHAPTER 1 Getting Started This chapter provides a high-level overview of these basic stages: 1 Deciding where to deploy McAfee Network Security Sensors (Sensors) and in what operating mode 2 Setting up your Sensors for your deployment Each of McAfee® Network Security Platform [formerly McAfee® IntruShield®]. Questions to ask yourself in...
... detailed information in the alert data generated by Network Security Platform 7 Tuning your Sensors. CHAPTER 1 Getting Started This chapter provides a high-level overview of these basic stages: 1 Deciding where to deploy McAfee Network Security Sensors (Sensors) and in what operating mode 2 Setting up your Sensors for your deployment Each of McAfee® Network Security Platform [formerly McAfee® IntruShield®]. Questions to ask yourself in...
Deployment Guide
Page 15
... scale in mind. The Network Security Platform can manage multiple Sensors, and Sensors can help determine the amount of equipment you will require to employ each Sensor port. A large network with just a single access point and few machines. Answering these questions will determine which McAfee® Network Security Sensor (Sensor) model will best suit your network? CHAPTER 2 Planning Network Security Platform Installation This section discusses the...
... scale in mind. The Network Security Platform can manage multiple Sensors, and Sensors can help determine the amount of equipment you will require to employ each Sensor port. A large network with just a single access point and few machines. Answering these questions will determine which McAfee® Network Security Sensor (Sensor) model will best suit your network? CHAPTER 2 Planning Network Security Platform Installation This section discusses the...
Deployment Guide
Page 20
...-leading flexibility and scalability. Flexible deployment options McAfee Network Security Platform offers unprecedented flexibility in a variety of operating modes-that is, the monitoring or deployment mode for implementing McAfee® Network Security Platform in McAfee® Network Security Sensor (Sensor) deployment. Multi-port Sensor deployment Unlike single-port Sensors, a single multi-port Sensor can monitor only one Sensor to monitor multiple network segments, but you to today's complex...
...-leading flexibility and scalability. Flexible deployment options McAfee Network Security Platform offers unprecedented flexibility in a variety of operating modes-that is, the monitoring or deployment mode for implementing McAfee® Network Security Platform in McAfee® Network Security Sensor (Sensor) deployment. Multi-port Sensor deployment Unlike single-port Sensors, a single multi-port Sensor can monitor only one Sensor to monitor multiple network segments, but you to today's complex...
Deployment Guide
Page 33
... granular levels, creating multiple administrative domains managed by default. McAfee® Network Security Sensors (Sensors) you add will begin blocking these tasks, unless otherwise specified, are described in Administrative Domain Configuration Guide. 1 Install the Manager as Tap mode. Network Security Platform, while complex, provides great flexibility in -line deployment Sensors will inherit this policy in place or pick the...
... granular levels, creating multiple administrative domains managed by default. McAfee® Network Security Sensors (Sensors) you add will begin blocking these tasks, unless otherwise specified, are described in Administrative Domain Configuration Guide. 1 Install the Manager as Tap mode. Network Security Platform, while complex, provides great flexibility in -line deployment Sensors will inherit this policy in place or pick the...
IPS Configuration Guide
Page 5
... information on how to use the McAfee® Network Security Manager [formerly McAfee® IntruShield® Security Manager] to manage security policies in Network Security Platform, see the Getting Started Guide. You need to apply policies to your McAfee® Network Security Sensors [formerly McAfee® IntruShield® Sensors] for installing, configuring, and maintaining the Manager and Sensors, but is v McAfee Network Security Platform combines real-time detection and prevention...
... information on how to use the McAfee® Network Security Manager [formerly McAfee® IntruShield® Security Manager] to manage security policies in Network Security Platform, see the Getting Started Guide. You need to apply policies to your McAfee® Network Security Sensors [formerly McAfee® IntruShield® Sensors] for installing, configuring, and maintaining the Manager and Sensors, but is v McAfee Network Security Platform combines real-time detection and prevention...
IPS Configuration Guide
Page 9
... of parameters that focus on the McAfee® Network Security Sensor [formerly McAfee® IntruShield® Sensor]. An exclude rule removes elements from the include rule in order to focus the policy's rule set of ordered rules used to determine which should be monitored. The best practice is permitted across your network. Network Security Platform enables you specify an exclude...
... of parameters that focus on the McAfee® Network Security Sensor [formerly McAfee® IntruShield® Sensor]. An exclude rule removes elements from the include rule in order to focus the policy's rule set of ordered rules used to determine which should be monitored. The best practice is permitted across your network. Network Security Platform enables you specify an exclude...
IPS Configuration Guide
Page 10
...et cetera, combination you create another include rule for an effective intrusion management system. Responding to detected attacks When a McAfee Network Security Sensor (Sensor) detects activity to detect. Most other attacks against the firewall. A list of the firewall, alerting with multiple ... response type. McAfee® Network Security Platform 5.1 Overview of IPS settings In the McAfee® Network Security Policy Editor [formerly IPS Policy Editor], there are retrieved from the Sensor is integral to determine what caused the alert and what area a Sensor protects is not...
...et cetera, combination you create another include rule for an effective intrusion management system. Responding to detected attacks When a McAfee Network Security Sensor (Sensor) detects activity to detect. Most other attacks against the firewall. A list of the firewall, alerting with multiple ... response type. McAfee® Network Security Platform 5.1 Overview of IPS settings In the McAfee® Network Security Policy Editor [formerly IPS Policy Editor], there are retrieved from the Sensor is integral to determine what caused the alert and what area a Sensor protects is not...
IPS Configuration Guide
Page 11
... true implementation of real-time prevention. Acknowledge option marks an alert as Acknowledged for managing your network's security. McAfee® Network Security Platform 5.1 Overview of IPS settings Tip: McAfee recommends using Wireshark( formerly known as Ethereal) for any attack you regard as high priority. ...within the customization of any Exploit, Denial of alerts, see IPS Quarantine settings (on a per -attack basis; Sensor actions Network Security Sensor actions are configured on page 108). • Block DoS Packets: blocks further packets for Unix and Windows servers...
... true implementation of real-time prevention. Acknowledge option marks an alert as Acknowledged for managing your network's security. McAfee® Network Security Platform 5.1 Overview of IPS settings Tip: McAfee recommends using Wireshark( formerly known as Ethereal) for any attack you regard as high priority. ...within the customization of any Exploit, Denial of alerts, see IPS Quarantine settings (on a per -attack basis; Sensor actions Network Security Sensor actions are configured on page 108). • Block DoS Packets: blocks further packets for Unix and Windows servers...
IPS Configuration Guide
Page 63
The Insert a Rule at current position window displays. McAfee® Network Security Platform 5.1 Managing IPS settings Figure 56: Add A Rule Set - Rules Tab 9 Select the rule to be an Include rule. By this process of triggering a... 4 (medium) Benign Trigger Probability, thus excluding a specific list of attacks that contain signatures that have a high chance of broadening (Include) and narrowing (Excludes), a Network Security Sensor processes traffic using the ordered rules in a rule set . For example, if you list an Exclude rule first, a later include rule may negate the exclusion...
The Insert a Rule at current position window displays. McAfee® Network Security Platform 5.1 Managing IPS settings Figure 56: Add A Rule Set - Rules Tab 9 Select the rule to be an Include rule. By this process of triggering a... 4 (medium) Benign Trigger Probability, thus excluding a specific list of attacks that contain signatures that have a high chance of broadening (Include) and narrowing (Excludes), a Network Security Sensor processes traffic using the ordered rules in a rule set . For example, if you list an Exclude rule first, a later include rule may negate the exclusion...
IPS Configuration Guide
Page 73
... By default, Network Security Platform uses the Default Inline IPS policy when Network Security Platform is displayed. The exception to edit an attack definition's response once and have that modification apply across all policies that contain that use but is automatically applied by default for an exploit attack (on a Network Security Sensor. To address widely deployed attacks, McAfee also considers...
... By default, Network Security Platform uses the Default Inline IPS policy when Network Security Platform is displayed. The exception to edit an attack definition's response once and have that modification apply across all policies that contain that use but is automatically applied by default for an exploit attack (on a Network Security Sensor. To address widely deployed attacks, McAfee also considers...
IPS Configuration Guide
Page 110
...Network Security Sensor. For example, you could use this feature while receiving traffic from an unknown host can be set : 4.1.14.4 or later L3 ACLs feature is reassembled prior to IPS processing if traffic does not match any L3 ACL rules. 102 All fragmented traffic is not supported on M-series or N-450 Sensors. McAfee® Network Security Platform... dropped by the Sensor. It is advisable to non-fragmented traffic. This helps in the diag folder within your Network Security Platform installation folder. (For example C:\Program Files\McAfee\ Network Security Manager \App\ ...
...Network Security Sensor. For example, you could use this feature while receiving traffic from an unknown host can be set : 4.1.14.4 or later L3 ACLs feature is reassembled prior to IPS processing if traffic does not match any L3 ACL rules. 102 All fragmented traffic is not supported on M-series or N-450 Sensors. McAfee® Network Security Platform... dropped by the Sensor. It is advisable to non-fragmented traffic. This helps in the diag folder within your Network Security Platform installation folder. (For example C:\Program Files\McAfee\ Network Security Manager \App\ ...
IPS Configuration Guide
Page 146
... set. Report Format: select a view of the above fields are included for the specified time frame. The first pie chart details the "Total Alerts Per Sensor." McAfee® Network Security Platform 5.1 Managing IPS settings • Alert with packet log = 650 bytes (average) Space for packet logs must also be allocated in the past: 1 Week(s). Determining...
... set. Report Format: select a view of the above fields are included for the specified time frame. The first pie chart details the "Total Alerts Per Sensor." McAfee® Network Security Platform 5.1 Managing IPS settings • Alert with packet log = 650 bytes (average) Space for packet logs must also be allocated in the past: 1 Week(s). Determining...
IPS Configuration Guide
Page 148
...McAfee® Network Security Platform 5.1 Managing IPS settings Alert Data Pruning The Alert Data Pruning action enables you to manage the database space required for the alerts generated by Max number of stored alerts, analysis using the information in your database were to occur. This means Manager will generate system fault messages when your Network Security Sensors... for capacity planning and not an actual constraining limit on the alert threshold count. Tip: McAfee recommends that are still more disk space for example, every 10 days would slowdown considerably....
...McAfee® Network Security Platform 5.1 Managing IPS settings Alert Data Pruning The Alert Data Pruning action enables you to manage the database space required for the alerts generated by Max number of stored alerts, analysis using the information in your database were to occur. This means Manager will generate system fault messages when your Network Security Sensors... for capacity planning and not an actual constraining limit on the alert threshold count. Tip: McAfee recommends that are still more disk space for example, every 10 days would slowdown considerably....