Product Guide
Page 3
...Audience 5 Conventions 5 What's in this guide 6 Find product documentation 6 1 Introducing Network Security Sensors 7 About the M-1250/M-1450 Sensor 7 Physical description of the M-1250/M-1450 Sensor 8 Ports on the Sensor 8 Front panel LEDs on M-1250/M-1450 Sensor 9 2 Before you install 11 Usage restrictions 11 Safety measures 11 Contents... in SPAN or hub mode 23 About connecting Sensors for fail-over 23 Cable M-1250/M-1450 Sensor for failover 23 A M-1250/M-1450 Sensor specifications 25 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide 3
...Audience 5 Conventions 5 What's in this guide 6 Find product documentation 6 1 Introducing Network Security Sensors 7 About the M-1250/M-1450 Sensor 7 Physical description of the M-1250/M-1450 Sensor 8 Ports on the Sensor 8 Front panel LEDs on M-1250/M-1450 Sensor 9 2 Before you install 11 Usage restrictions 11 Safety measures 11 Contents... in SPAN or hub mode 23 About connecting Sensors for fail-over 23 Cable M-1250/M-1450 Sensor for failover 23 A M-1250/M-1450 Sensor specifications 25 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide 3
Product Guide
Page 12
...outer shell of the Sensor. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with specific V/A ratings. • One set of the box. 4 Remove the accessory box within the Sensor box. 5 Verify you install Contents of...Part 15 of the Sensor box. 6 Remove the Slide Rail Kit. 7 Pull out the packing material surrounding the Sensor. 12 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide These parts are designed to earth ground during normal use RJ-45 connectors. Doing so will be grounded. ...
...outer shell of the Sensor. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with specific V/A ratings. • One set of the box. 4 Remove the accessory box within the Sensor box. 5 Verify you install Contents of...Part 15 of the Sensor box. 6 Remove the Slide Rail Kit. 7 Pull out the packing material surrounding the Sensor. 12 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide These parts are designed to earth ground during normal use RJ-45 connectors. Doing so will be grounded. ...
Product Guide
Page 19
...the Management port Cable Monitoring ports Cable the Sensor to monitor in in-line mode Cable the Sensor to monitor in this guide, cabling specifications is mentioned as Console on the Sensor front panel. 2 Connect the other end of the Console port cable directly to a COM port...at 10 or 100 Mbps, Category 5 (Cat 5) OR Cat 5e cable can be used for setup and configuration of bits Setting 38400 8 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide 19 4 Attaching cables to the Sensor Follow the steps outlined in SPAN or hub mode About connecting Sensors for fail-over...
...the Management port Cable Monitoring ports Cable the Sensor to monitor in in-line mode Cable the Sensor to monitor in this guide, cabling specifications is mentioned as Console on the Sensor front panel. 2 Connect the other end of the Console port cable directly to a COM port...at 10 or 100 Mbps, Category 5 (Cat 5) OR Cat 5e cable can be used for setup and configuration of bits Setting 38400 8 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide 19 4 Attaching cables to the Sensor Follow the steps outlined in SPAN or hub mode About connecting Sensors for fail-over...
Product Guide
Page 25
...1250/M-1450 Sensor specifications The following table lists the specifications of the M-1250/M-1450 Sensor: Sensor Specifications Dimensions Weight Voltage Range Frequency Vibration, operating Vibration, non-operating Power requirements Ambient Temperature Range (Non-condensing) Relative Humidity (Non-condensing) System Heat Dissipation Airflow Altitude Throughput Description M-1250/M-1450: • 1RU, rack mountable • 17.37 (W) x 1.75(H) x 13.5(D) M-1250...,000 ft (3050 m) M-1250: 100 Mbps M-1450: 200 Mbps McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide 25
...1250/M-1450 Sensor specifications The following table lists the specifications of the M-1250/M-1450 Sensor: Sensor Specifications Dimensions Weight Voltage Range Frequency Vibration, operating Vibration, non-operating Power requirements Ambient Temperature Range (Non-condensing) Relative Humidity (Non-condensing) System Heat Dissipation Airflow Altitude Throughput Description M-1250/M-1450: • 1RU, rack mountable • 17.37 (W) x 1.75(H) x 13.5(D) M-1250...,000 ft (3050 m) M-1250: 100 Mbps M-1450: 200 Mbps McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide 25
Product Guide
Page 26
A M-1250/M-1450 Sensor specifications 26 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide
A M-1250/M-1450 Sensor specifications 26 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide
Product Guide
Page 29
...17, 19 conventions and icons used in this guide 5 D documentation audience for this guide 5 product-specific, finding 6 typographical conventions and icons 5 F failover ports for M-1250/M-1450 23 front panel LEDs 9, 11, 12, 15, 25 H hot swappable power supply 17 ...McAfee ServicePortal, accessing 6 monitoring ports 21 P peer ports 21, 22 ports on M-1250/M-1450 8 R Response port 20 S Safety 27 Sensor front panel 11, 19 ServicePortal, finding product documentation 6 SFP module 17 Slide Rail Kit 12, 15 T Technical Support, finding product information 6 McAfee® Network Security Platform M-1250...
...17, 19 conventions and icons used in this guide 5 D documentation audience for this guide 5 product-specific, finding 6 typographical conventions and icons 5 F failover ports for M-1250/M-1450 23 front panel LEDs 9, 11, 12, 15, 25 H hot swappable power supply 17 ...McAfee ServicePortal, accessing 6 monitoring ports 21 P peer ports 21, 22 ports on M-1250/M-1450 8 R Response port 20 S Safety 27 Sensor front panel 11, 19 ServicePortal, finding product documentation 6 SFP module 17 Slide Rail Kit 12, 15 T Technical Support, finding product information 6 McAfee® Network Security Platform M-1250...
Deployment Guide
Page 5
McAfee® Network Security Platform 6.0 Preface Convention Example Terms that identify fields, buttons, tabs, options, selections, and commands on the User Interface (UI) are denoted using this notation. Select My ... Installation Guide v Parameters that provide related, but non-critical, information are shown in angle brackets. Refer to this notation. The Service field on your specific ENTER. Menu or action group selections are denoted using this guide. Procedures are presented as syntax, key words, and values that you must Type: Sensor...
McAfee® Network Security Platform 6.0 Preface Convention Example Terms that identify fields, buttons, tabs, options, selections, and commands on the User Interface (UI) are denoted using this notation. Select My ... Installation Guide v Parameters that provide related, but non-critical, information are shown in angle brackets. Refer to this notation. The Service field on your specific ENTER. Menu or action group selections are denoted using this guide. Procedures are presented as syntax, key words, and values that you must Type: Sensor...
Deployment Guide
Page 11
... Your Sensor ports are configured by default to the Root Admin Domain (and thus all of your Sensor ports upon Sensor addition. McAfee® Network Security Platform 6.0 Getting Started Establish Sensor-to-Manager communication The process of setting up a Sensor is , connected via a port pair on ... the Manager software on the server machine. Install the Manager software on ), and configure it with network identification information (that can connect to make specific changes; This process is described in Device Configuration Guide. 2 Configure the Sensor. From a serial ...
... Your Sensor ports are configured by default to the Root Admin Domain (and thus all of your Sensor ports upon Sensor addition. McAfee® Network Security Platform 6.0 Getting Started Establish Sensor-to-Manager communication The process of setting up a Sensor is , connected via a port pair on ... the Manager software on the server machine. Install the Manager software on ), and configure it with network identification information (that can connect to make specific changes; This process is described in Device Configuration Guide. 2 Configure the Sensor. From a serial ...
Deployment Guide
Page 12
... for a host. For more information on attack filters, see Administrative Domain Configuration Guide. 5 McAfee® Network Security Platform 6.0 Getting Started Viewing and working with data generated by the system, you can further configure and...network traffic, your management. Network Security Platform provides two tools for effective network security. You use the Threat Analyzer to perform forensic analysis on the alert to help you tune the Network Security Platform system, provide better responses to the details of an alert such as when you can use policies specifically...
... for a host. For more information on attack filters, see Administrative Domain Configuration Guide. 5 McAfee® Network Security Platform 6.0 Getting Started Viewing and working with data generated by the system, you can further configure and...network traffic, your management. Network Security Platform provides two tools for effective network security. You use the Threat Analyzer to perform forensic analysis on the alert to help you tune the Network Security Platform system, provide better responses to the details of an alert such as when you can use policies specifically...
Deployment Guide
Page 15
Pre-deployment considerations Deployment of Network Security Platform requires specific knowledge of your network's security needs. What is your network topology? How much traffic typically crosses your network? Where are a beginner and want some strategies for deploying McAfee Network Security Platform, you should I deploy Sensors? Network Security Platform is built with just a single access point and few machines. Consider the following questions as you...
Pre-deployment considerations Deployment of Network Security Platform requires specific knowledge of your network's security needs. What is your network topology? How much traffic typically crosses your network? Where are a beginner and want some strategies for deploying McAfee Network Security Platform, you should I deploy Sensors? Network Security Platform is built with just a single access point and few machines. Consider the following questions as you...
Deployment Guide
Page 22
... M-4050 12 8 M-3050 12 8 M-2750 20 20 M-1450 8 8 M-1250 8 8 N-450 20 20 In-line mode and tap mode can prevent network attacks by dropping malicious traffic in real time. Deploying Sensors in in-line mode In... monitor full-duplex links. SPAN monitoring works in either half- In this feature). McAfee® Network Security Platform 6.0 Sensor Deployment Modes Full-duplex and half-duplex monitoring Sensors are internally wire matched (that is placed directly...both directions. or full-duplex mode (depending on one for a specific Web server. 15
... M-4050 12 8 M-3050 12 8 M-2750 20 20 M-1450 8 8 M-1250 8 8 N-450 20 20 In-line mode and tap mode can prevent network attacks by dropping malicious traffic in real time. Deploying Sensors in in-line mode In... monitor full-duplex links. SPAN monitoring works in either half- In this feature). McAfee® Network Security Platform 6.0 Sensor Deployment Modes Full-duplex and half-duplex monitoring Sensors are internally wire matched (that is placed directly...both directions. or full-duplex mode (depending on one for a specific Web server. 15
Deployment Guide
Page 35
...day-to-day management of your network. 28 Configure DoS policies for specific traffic flows within a network segment, and apply them on a sub-interface basis. Create policies tuned for specific hosts or a subset of the IPS to specific individuals, providing each person with distinct...by geographical location, business unit, or functional area (that is, HR, Finance). Segment your network traffic into multiple Admin Domains. McAfee® Network Security Platform 6.0 Deployment Scenarios Split your deployment into VLAN tags and CIDR blocks. You may want to ...
...day-to-day management of your network. 28 Configure DoS policies for specific traffic flows within a network segment, and apply them on a sub-interface basis. Create policies tuned for specific hosts or a subset of the IPS to specific individuals, providing each person with distinct...by geographical location, business unit, or functional area (that is, HR, Finance). Segment your network traffic into multiple Admin Domains. McAfee® Network Security Platform 6.0 Deployment Scenarios Split your deployment into VLAN tags and CIDR blocks. You may want to ...
IPS Configuration Guide
Page 6
...between tasks, or the commands necessary to perform particular tasks. set Sensor ip Information that you must type based on your specific situation or environment is shown in italics. Text such as loss of numbered steps. 1. Type: setup and then press ...Example Terms that provide related, but non-critical, information are presented as a series of data is denoted using this notation. McAfee® Network Security Platform 5.1 Preface not necessarily familiar with electricity, or other serious consequences is denoted using this notation. Procedures are denoted using this...
...between tasks, or the commands necessary to perform particular tasks. set Sensor ip Information that you must type based on your specific situation or environment is shown in italics. Text such as loss of numbered steps. 1. Type: setup and then press ...Example Terms that provide related, but non-critical, information are presented as a series of data is denoted using this notation. McAfee® Network Security Platform 5.1 Preface not necessarily familiar with electricity, or other serious consequences is denoted using this notation. Procedures are denoted using this...
IPS Configuration Guide
Page 9
... multiple, specific policies that governs what traffic is available to the network environment being monitored. An exclude rule removes elements from the include rule in order to all policy for your network. Policies in McAfee Network Security Platform A security policy, or IPS policy, is a set of rules that focus on page 63)) are applied, McAfee® Network Security Platform [formerly McAfee® IntruShield...
... multiple, specific policies that governs what traffic is available to the network environment being monitored. An exclude rule removes elements from the include rule in order to all policy for your network. Policies in McAfee Network Security Platform A security policy, or IPS policy, is a set of rules that focus on page 63)) are applied, McAfee® Network Security Platform [formerly McAfee® IntruShield...
IPS Configuration Guide
Page 10
...exploit attack (on the environment where it will have no impact in a specific zone of service (DoS) require responses in violation of IPS settings In the McAfee® Network Security Policy Editor [formerly IPS Policy Editor], there are several provided rule sets...be determined. McAfee® Network Security Platform 5.1 Overview of a configured policy, a preset response from the database via the Threat Analyzer and can be logged and researched to determine compromise potential and the source of OSs, applications, protocols. McAfee recommends two approaches to specific. You ...
...exploit attack (on the environment where it will have no impact in a specific zone of service (DoS) require responses in violation of IPS settings In the McAfee® Network Security Policy Editor [formerly IPS Policy Editor], there are several provided rule sets...be determined. McAfee® Network Security Platform 5.1 Overview of a configured policy, a preset response from the database via the Threat Analyzer and can be logged and researched to determine compromise potential and the source of OSs, applications, protocols. McAfee recommends two approaches to specific. You ...
IPS Configuration Guide
Page 16
... changes made in Modifying selected IPS policies using the Policy Editor takes you have completed every tab, step, or action available in a specific network environment: 1 Select IPS Settings > Policies > IPS Policy Editor. 2 Click Add. 8 Adding an IPS policy Adding a new policy... Commit Changes or OK button as well as a Cancel button. To add a new policy for final customization before deployment. McAfee® Network Security Platform 5.1 Managing IPS settings Managing policies with IPS Policy Editor The IPS Policy Editor action enables the use of your policy customization best...
... changes made in Modifying selected IPS policies using the Policy Editor takes you have completed every tab, step, or action available in a specific network environment: 1 Select IPS Settings > Policies > IPS Policy Editor. 2 Click Add. 8 Adding an IPS policy Adding a new policy... Commit Changes or OK button as well as a Cancel button. To add a new policy for final customization before deployment. McAfee® Network Security Platform 5.1 Managing IPS settings Managing policies with IPS Policy Editor The IPS Policy Editor action enables the use of your policy customization best...
IPS Configuration Guide
Page 29
McAfee® Network Security Platform 5.1 Managing IPS settings Figure 16: Edit Attack Details For ...page 143). Dialog / Sensor Actions Tab Customize Blocking Setting: allows blocking settings for every attack; IPS Quarantine / McAfee NAC: helps you only set a notification for the currently selected attack to be viewed in In-line mode....to enable/disable IPS Quarantine and McAfee® Network Access Control (McAfee NAC) notification at Policy level. Note: The email, pager, and script lists are : Email: sends an email to receive upon the detection of a specific attack. Script: runs a ...
McAfee® Network Security Platform 5.1 Managing IPS settings Figure 16: Edit Attack Details For ...page 143). Dialog / Sensor Actions Tab Customize Blocking Setting: allows blocking settings for every attack; IPS Quarantine / McAfee NAC: helps you only set a notification for the currently selected attack to be viewed in In-line mode....to enable/disable IPS Quarantine and McAfee® Network Access Control (McAfee NAC) notification at Policy level. Note: The email, pager, and script lists are : Email: sends an email to receive upon the detection of a specific attack. Script: runs a ...
IPS Configuration Guide
Page 41
...best (for example, enabling the Drop Packets response for all High severity attacks once you want to add specific attacks to a policy for added security. However, if you have enabled In-line Mode), try Editing an IPS policy (on page 34). This... false positives, thus you may receive attacks uncommon to a network environment that are impacting your system and you can edit a Network Security Platform-provided policy. You can clone a provided policy, save as" function. McAfee® Network Security Platform 5.1 Managing IPS settings Figure 32: Attack Information & Description Click...
...best (for example, enabling the Drop Packets response for all High severity attacks once you want to add specific attacks to a policy for added security. However, if you have enabled In-line Mode), try Editing an IPS policy (on page 34). This... false positives, thus you may receive attacks uncommon to a network environment that are impacting your system and you can edit a Network Security Platform-provided policy. You can clone a provided policy, save as" function. McAfee® Network Security Platform 5.1 Managing IPS settings Figure 32: Attack Information & Description Click...
IPS Configuration Guide
Page 47
... Sensor interfaces by a Sensor's interfaces. McAfee® Network Security Platform 5.1 Managing IPS settings current or further impacts, and the methods of notification that will help your team respond to malicious use of network segments and addresses, and therefore not visible a single interface; You can cover a broad range of your network in a specific network environment: Figure 37: Reconnaissance Policy...
... Sensor interfaces by a Sensor's interfaces. McAfee® Network Security Platform 5.1 Managing IPS settings current or further impacts, and the methods of notification that will help your team respond to malicious use of network segments and addresses, and therefore not visible a single interface; You can cover a broad range of your network in a specific network environment: Figure 37: Reconnaissance Policy...
IPS Configuration Guide
Page 59
... is listening for more custom (created/cloned) IPS policies and Reconnaissance policies from your Manager server to your Network Security Platform policy enforcement process. McAfee® Network Security Platform 5.1 Managing IPS settings Go to the following links for a protocol on a port that is not standard,...alerted. • Setting up Global Auto Acknowledgement (on page 66): set up Manager to automatically acknowledge alerts based on specific criteria. • Enabling and starting the Incident Generator service: (on page 67) install and start the Incident Generator service...
... is listening for more custom (created/cloned) IPS policies and Reconnaissance policies from your Manager server to your Network Security Platform policy enforcement process. McAfee® Network Security Platform 5.1 Managing IPS settings Go to the following links for a protocol on a port that is not standard,...alerted. • Setting up Global Auto Acknowledgement (on page 66): set up Manager to automatically acknowledge alerts based on specific criteria. • Enabling and starting the Incident Generator service: (on page 67) install and start the Incident Generator service...