McAfee EPOCDE-AA-BA Product Guide - Page 265
Detecting Rogue Systems, What are rogue systems, In addition to Rogue System Detection
View all McAfee EPOCDE-AA-BA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 265 highlights
21 Detecting Rogue Systems Unprotected systems are often the weak spot of any security strategy, creating entry points through which viruses and other potentially harmful programs can access your network. Even in a managed network environment, some systems might not have an active McAfee Agent on them. These can be systems that frequently log on and off the network, including test servers, laptops, or wireless devices. Rogue System Detection provides real-time discovery of rogue systems through the use of a Rogue System Sensor installed throughout your network. The sensor listens to network broadcast messages and DHCP responses to detect systems connected to the network. When a sensor detects a system on the network, it sends a message to the ePolicy Orchestrator server. The server then checks whether the system has an active agent installed and managed. If the system is unknown to the McAfee ePO server, Rogue System Detection provides information to ePolicy Orchestrator to allow you to take remediation steps, which include alerting network and anti-virus administrators or automatically deploying an agent to the system. In addition to Rogue System Detection, other McAfee products, like McAfee Network Access Control, add detected systems control to ePolicy Orchestrator. Contents What are rogue systems How the Rogue System Sensor works How detected systems are matched and merged Working with detected systems Working with sensors Working with subnets Rogue System Detection command-line options Default Rogue System Detection queries What are rogue systems Rogue systems are systems that access your network, but are not managed by your McAfee ePO server. Unprotected systems are often the weak spot of any security strategy, creating entry points through which viruses and other potentially harmful programs can access your network. Even in a managed network environment, some systems might not have an active McAfee Agent on them. These can be systems that frequently log on and off the network, including test servers, laptops, or wireless devices. A rogue system is any device on your network with a network interface card (NIC). On systems with multiple NICs, each resulting interface is identified as a separate system. When these interfaces are detected, they appear as multiple rogue interfaces. McAfee® ePolicy Orchestrator® 4.6.0 Software Product Guide 265