Product Guide
Page 3
...Audience 5 Conventions 5 What's in this guide 6 Find product documentation 6 1 Introducing Network Security Sensors 7 About the M-1250/M-1450 Sensor 7 Physical description of the M-1250/M-1450 Sensor 8 Ports on the Sensor 8 Front panel LEDs on M-1250/M-1450 Sensor 9 2 Before you install 11 Usage restrictions 11 Safety measures 11 Contents... in SPAN or hub mode 23 About connecting Sensors for fail-over 23 Cable M-1250/M-1450 Sensor for failover 23 A M-1250/M-1450 Sensor specifications 25 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide 3
...Audience 5 Conventions 5 What's in this guide 6 Find product documentation 6 1 Introducing Network Security Sensors 7 About the M-1250/M-1450 Sensor 7 Physical description of the M-1250/M-1450 Sensor 8 Ports on the Sensor 8 Front panel LEDs on M-1250/M-1450 Sensor 9 2 Before you install 11 Usage restrictions 11 Safety measures 11 Contents... in SPAN or hub mode 23 About connecting Sensors for fail-over 23 Cable M-1250/M-1450 Sensor for failover 23 A M-1250/M-1450 Sensor specifications 25 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide 3
Product Guide
Page 12
...and direct the flow of the Sensor box. 6 Remove the Slide Rail Kit. 7 Pull out the packing material surrounding the Sensor. 12 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide Unpack the Sensor Task 1 Place the Sensor box as possible. 2 Position the box with the text upright. 3...unless all parts. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with specific V/A ratings. • One set of the Sensor. Blank faceplates and cover panels prevent exposure to hazardous voltages and currents inside the ...
...and direct the flow of the Sensor box. 6 Remove the Slide Rail Kit. 7 Pull out the packing material surrounding the Sensor. 12 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide Unpack the Sensor Task 1 Place the Sensor box as possible. 2 Position the box with the text upright. 3...unless all parts. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with specific V/A ratings. • One set of the Sensor. Blank faceplates and cover panels prevent exposure to hazardous voltages and currents inside the ...
Product Guide
Page 19
...labeled as Cat 5/Cat 5e. Task 1 For console connections, plug the DB9 Console cable supplied by McAfee into the Console port on your M-1250/ M-1450 Network Security Sensor. You must connect directly to the console for HyperTerminal are: Name Baud rate Number of the...the various ports on the Sensor. Note the following cabling specifications for the Sensor: • Category 5 Enhanced (Cat 5e) cable is required for setup and configuration of bits Setting 38400 8 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide 19 Required settings for initial configuration...
...labeled as Cat 5/Cat 5e. Task 1 For console connections, plug the DB9 Console cable supplied by McAfee into the Console port on your M-1250/ M-1450 Network Security Sensor. You must connect directly to the console for HyperTerminal are: Name Baud rate Number of the...the various ports on the Sensor. Note the following cabling specifications for the Sensor: • Category 5 Enhanced (Cat 5e) cable is required for setup and configuration of bits Setting 38400 8 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide 19 Required settings for initial configuration...
Product Guide
Page 25
...1250/M-1450 Sensor specifications The following table lists the specifications of the M-1250/M-1450 Sensor: Sensor Specifications Dimensions Weight Voltage Range Frequency Vibration, operating Vibration, non-operating Power requirements Ambient Temperature Range (Non-condensing) Relative Humidity (Non-condensing) System Heat Dissipation Airflow Altitude Throughput Description M-1250/M-1450: • 1RU, rack mountable • 17.37 (W) x 1.75(H) x 13.5(D) M-1250...,000 ft (3050 m) M-1250: 100 Mbps M-1450: 200 Mbps McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide 25
...1250/M-1450 Sensor specifications The following table lists the specifications of the M-1250/M-1450 Sensor: Sensor Specifications Dimensions Weight Voltage Range Frequency Vibration, operating Vibration, non-operating Power requirements Ambient Temperature Range (Non-condensing) Relative Humidity (Non-condensing) System Heat Dissipation Airflow Altitude Throughput Description M-1250/M-1450: • 1RU, rack mountable • 17.37 (W) x 1.75(H) x 13.5(D) M-1250...,000 ft (3050 m) M-1250: 100 Mbps M-1450: 200 Mbps McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide 25
Product Guide
Page 26
A M-1250/M-1450 Sensor specifications 26 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide
A M-1250/M-1450 Sensor specifications 26 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide
Product Guide
Page 29
...17, 19 conventions and icons used in this guide 5 D documentation audience for this guide 5 product-specific, finding 6 typographical conventions and icons 5 F failover ports for M-1250/M-1450 23 front panel LEDs 9, 11, 12, 15, 25 H hot swappable power supply 17 ...McAfee ServicePortal, accessing 6 monitoring ports 21 P peer ports 21, 22 ports on M-1250/M-1450 8 R Response port 20 S Safety 27 Sensor front panel 11, 19 ServicePortal, finding product documentation 6 SFP module 17 Slide Rail Kit 12, 15 T Technical Support, finding product information 6 McAfee® Network Security Platform M-1250...
...17, 19 conventions and icons used in this guide 5 D documentation audience for this guide 5 product-specific, finding 6 typographical conventions and icons 5 F failover ports for M-1250/M-1450 23 front panel LEDs 9, 11, 12, 15, 25 H hot swappable power supply 17 ...McAfee ServicePortal, accessing 6 monitoring ports 21 P peer ports 21, 22 ports on M-1250/M-1450 8 R Response port 20 S Safety 27 Sensor front panel 11, 19 ServicePortal, finding product documentation 6 SFP module 17 Slide Rail Kit 12, 15 T Technical Support, finding product information 6 McAfee® Network Security Platform M-1250...
Deployment Guide
Page 5
... companions to Quick Tour for more information on these guides. Quick Tour Installation Guide v McAfee® Network Security Platform 6.0 Preface Convention Example Terms that you must Type: Sensor-IP-address and then press type based on your specific ENTER. Select My Company > Admin Domain > Summary. 1. Text such as a series of data is denoted...
... companions to Quick Tour for more information on these guides. Quick Tour Installation Guide v McAfee® Network Security Platform 6.0 Preface Convention Example Terms that you must Type: Sensor-IP-address and then press type based on your specific ENTER. Select My Company > Admin Domain > Summary. 1. Text such as a series of data is denoted...
Deployment Guide
Page 11
...on policies, see Troubleshooting Guide. 5 Verify the operating mode of the ports on the Sensor to all monitoring interfaces on the Sensor). McAfee® Network Security Platform 6.0 Getting Started Establish Sensor-to the Root Admin Domain (and thus all of your Sensor ports upon Sensor addition. Most users tune ...is , connected via the Manager server or from a separate client machine to perform your configuration tasks. You can choose a specific policy to apply by default for monitoring in in-line mode; the Default policy gets you 've cabled the Sensor to best suit their...
...on policies, see Troubleshooting Guide. 5 Verify the operating mode of the ports on the Sensor to all monitoring interfaces on the Sensor). McAfee® Network Security Platform 6.0 Getting Started Establish Sensor-to the Root Admin Domain (and thus all of your Sensor ports upon Sensor addition. Most users tune ...is , connected via the Manager server or from a separate client machine to perform your configuration tasks. You can choose a specific policy to apply by default for monitoring in in-line mode; the Default policy gets you 've cabled the Sensor to best suit their...
Deployment Guide
Page 12
... specifically for the areas of your management. If these reports to communicate incidents to other members of your team and to your network they are detected in a packet, the packet is not analyzed further (and is in violation of the set security policy. McAfee® Network Security Platform 6.0 Getting Started Viewing and working with data generated by Network Security Platform...
... specifically for the areas of your management. If these reports to communicate incidents to other members of your team and to your network they are detected in a packet, the packet is not analyzed further (and is in violation of the set security policy. McAfee® Network Security Platform 6.0 Getting Started Viewing and working with data generated by Network Security Platform...
Deployment Guide
Page 15
...network? How complex is your network topology? How much traffic typically crosses your network? Where are your security operations located? Where should also read Deployment Scenarios (on page 26). Pre-deployment considerations Deployment of Network Security Platform requires specific knowledge of your Network Security Platform... Knowing how your business will require to multi gigabits per second for deploying McAfee Network Security Platform, you plan your network? Tip: If you are the critical servers that require planning and completion ...
...network? How complex is your network topology? How much traffic typically crosses your network? Where are your security operations located? Where should also read Deployment Scenarios (on page 26). Pre-deployment considerations Deployment of Network Security Platform requires specific knowledge of your Network Security Platform... Knowing how your business will require to multi gigabits per second for deploying McAfee Network Security Platform, you plan your network? Tip: If you are the critical servers that require planning and completion ...
Deployment Guide
Page 22
...Response ports. Preventative actions can respond via the same port (if the switch supports this mode, the Sensor can both directions. McAfee® Network Security Platform 6.0 Sensor Deployment Modes Full-duplex and half-duplex monitoring Sensors are internally wire matched (that is, 1A and 1B) to... M-2750 20 20 M-1450 8 8 M-1250 8 8 N-450 20 20 In-line mode and tap mode can prevent network attacks by dropping malicious traffic in In-line or Tap mode, you use two Sensor ports (one port for transmit, one for a specific Web server. 15 In this feature). Sensor...
...Response ports. Preventative actions can respond via the same port (if the switch supports this mode, the Sensor can both directions. McAfee® Network Security Platform 6.0 Sensor Deployment Modes Full-duplex and half-duplex monitoring Sensors are internally wire matched (that is, 1A and 1B) to... M-2750 20 20 M-1450 8 8 M-1250 8 8 N-450 20 20 In-line mode and tap mode can prevent network attacks by dropping malicious traffic in In-line or Tap mode, you use two Sensor ports (one port for transmit, one for a specific Web server. 15 In this feature). Sensor...
Deployment Guide
Page 35
... feature. Create (or clone) policies on an extremely granular level. Define user roles. McAfee® Network Security Platform 6.0 Deployment Scenarios Split your deployment into VLAN tags and CIDR blocks. Configure DoS policies for specific traffic flows within a network segment, and apply them on a sub-interface basis. Delegate the day-to-day management of...
... feature. Create (or clone) policies on an extremely granular level. Define user roles. McAfee® Network Security Platform 6.0 Deployment Scenarios Split your deployment into VLAN tags and CIDR blocks. Configure DoS policies for specific traffic flows within a network segment, and apply them on a sub-interface basis. Delegate the day-to-day management of...
IPS Configuration Guide
Page 6
... on your specific situation or environment is denoted using Courier New font. Caution: Information that you must read before beginning a procedure or that you to negative consequences of certain actions, such as syntax, keywords, and values that provide related, but non-critical, information are shown enclosed in angle brackets. McAfee® Network Security Platform 5.1 Preface...
... on your specific situation or environment is denoted using Courier New font. Caution: Information that you must read before beginning a procedure or that you to negative consequences of certain actions, such as syntax, keywords, and values that provide related, but non-critical, information are shown enclosed in angle brackets. McAfee® Network Security Platform 5.1 Preface...
IPS Configuration Guide
Page 9
... used to determine which should be monitored. Several pre-configured policies (Pre-configured rule sets and policies (on the specific needs of unique zones in McAfee Network Security Platform A security policy, or IPS policy, is a set with a Security Expert or Super User role. Creating a policy enables you can then use the Threat Analyzer to users with an...
... used to determine which should be monitored. Several pre-configured policies (Pre-configured rule sets and policies (on the specific needs of unique zones in McAfee Network Security Platform A security policy, or IPS policy, is a set with a Security Expert or Super User role. Creating a policy enables you can then use the Threat Analyzer to users with an...
IPS Configuration Guide
Page 10
... Sensors can be opened and examined using a program called Ethereal. Packet logging Logging attack packets for analysis is crucial to specific. A packet log is not immediate and a better understanding of the potential attack purpose can be installed anywhere in order ...impact severity is collaboration. Packet logs are retrieved from the Sensor is important for future attacks. McAfee® Network Security Platform 5.1 Overview of IPS settings In the McAfee® Network Security Policy Editor [formerly IPS Policy Editor], there are best logged without response, then analyzed as ...
... Sensors can be opened and examined using a program called Ethereal. Packet logging Logging attack packets for analysis is crucial to specific. A packet log is not immediate and a better understanding of the potential attack purpose can be installed anywhere in order ...impact severity is collaboration. Packet logs are retrieved from the Sensor is important for future attacks. McAfee® Network Security Platform 5.1 Overview of IPS settings In the McAfee® Network Security Policy Editor [formerly IPS Policy Editor], there are best logged without response, then analyzed as ...
IPS Configuration Guide
Page 16
..., and the methods of notification that sub-window. To add a new policy for final customization before deployment. This procedure is detailed in a specific network environment: 1 Select IPS Settings > Policies > IPS Policy Editor. 2 Click Add. 8 Each window has either Commit Changes or OK until you...IPS policy management. Clicking OK closes the sub-window that has been opened from within Exploit attack customization. McAfee® Network Security Platform 5.1 Managing IPS settings Managing policies with IPS Policy Editor The IPS Policy Editor action enables the use of your...
..., and the methods of notification that sub-window. To add a new policy for final customization before deployment. This procedure is detailed in a specific network environment: 1 Select IPS Settings > Policies > IPS Policy Editor. 2 Click Add. 8 Each window has either Commit Changes or OK until you...IPS policy management. Clicking OK closes the sub-window that has been opened from within Exploit attack customization. McAfee® Network Security Platform 5.1 Managing IPS settings Managing policies with IPS Policy Editor The IPS Policy Editor action enables the use of your...
IPS Configuration Guide
Page 29
...: The email, pager, and script lists are : Email: sends an email to receive upon the detection of a specific attack. McAfee® Network Security Platform 5.1 Managing IPS settings Figure 16: Edit Attack Details For Attack - Auto. The choices are configured per admin domain ...selected attack to a configured email pager number. Script: runs a script previously uploaded to enable/disable IPS Quarantine and McAfee® Network Access Control (McAfee NAC) notification at Policy level. See Setting up alert notifications (on page 109). Ack: automatically marks the attack...
...: The email, pager, and script lists are : Email: sends an email to receive upon the detection of a specific attack. McAfee® Network Security Platform 5.1 Managing IPS settings Figure 16: Edit Attack Details For Attack - Auto. The choices are configured per admin domain ...selected attack to a configured email pager number. Script: runs a script previously uploaded to enable/disable IPS Quarantine and McAfee® Network Access Control (McAfee NAC) notification at Policy level. See Setting up alert notifications (on page 109). Ack: automatically marks the attack...
IPS Configuration Guide
Page 41
...customize it for your system and you want to edit a copy of the signature's attack. McAfee® Network Security Platform 5.1 Managing IPS settings Figure 32: Attack Information & Description Click Attack Desc to view your policy...specific attacks to add/subtract from the default settings of the Attack encyclopedia. This procedure is detailed in order to a policy you created, try the Bulk Edit feature within Exploit attack customization. However, if you intend to make permanent changes to further refine the policy for added security. You can edit a Network Security Platform...
...customize it for your system and you want to edit a copy of the signature's attack. McAfee® Network Security Platform 5.1 Managing IPS settings Figure 32: Attack Information & Description Click Attack Desc to view your policy...specific attacks to add/subtract from the default settings of the Attack encyclopedia. This procedure is detailed in order to a policy you created, try the Bulk Edit feature within Exploit attack customization. However, if you intend to make permanent changes to further refine the policy for added security. You can edit a Network Security Platform...
IPS Configuration Guide
Page 47
... are applied to throttle all Sensor interfaces by a Sensor's interfaces. Thus, the Sensor performs correlation for attack monitoring in a specific network environment: Figure 37: Reconnaissance Policy List 1 Select IPS Settings > Policies > Reconnaissance Policy Editor. 2 Click Add. 39 Adding... source into one or more reconnaissance attacks. You can cover a broad range of network segments and addresses, and therefore not visible a single interface; McAfee® Network Security Platform 5.1 Managing IPS settings current or further impacts, and the methods of notification that ...
... are applied to throttle all Sensor interfaces by a Sensor's interfaces. Thus, the Sensor performs correlation for attack monitoring in a specific network environment: Figure 37: Reconnaissance Policy List 1 Select IPS Settings > Policies > Reconnaissance Policy Editor. 2 Click Add. 39 Adding... source into one or more reconnaissance attacks. You can cover a broad range of network segments and addresses, and therefore not visible a single interface; McAfee® Network Security Platform 5.1 Managing IPS settings current or further impacts, and the methods of notification that ...
IPS Configuration Guide
Page 59
...specific criteria. • Enabling and starting the Incident Generator service: (on page 67) install and start the Incident Generator service, which you to create custom signatures for new attacks or those activities not detected by default uses Port 80 or 8080; For example, HTTP by Network Security Platform...server on page 74): create attack instances with signatures for ease of alert incident conditions to further enhance your McAfee® Network Security Platform security utilization. • Exporting policies (on page 74): save one or more information: • Configuring non-...
...specific criteria. • Enabling and starting the Incident Generator service: (on page 67) install and start the Incident Generator service, which you to create custom signatures for new attacks or those activities not detected by default uses Port 80 or 8080; For example, HTTP by Network Security Platform...server on page 74): create attack instances with signatures for ease of alert incident conditions to further enhance your McAfee® Network Security Platform security utilization. • Exporting policies (on page 74): save one or more information: • Configuring non-...