McAfee HISCDE-AB-IA Product Guide - Page 18

Creating a new policy, Changing policy assignment, Default protection and tuning

Get McAfee HISCDE-AB-IA - Host Intrusion Prevention PDF manuals and user guides View all McAfee HISCDE-AB-IA manuals
Add to My Manuals
Save this manual to your list of manuals

Page 18 highlights

Managing Your Protection Policy management Creating a new policy To create a new policy, you copy of an existing one and name the new copy. You can do this either in the Policy Catalog or from a Policy page. Task For option definitions, click ? in the interface. • Do one of the following from the Policy Catalog: • Click the New Policy button. Select the policy you want to make a copy of, type the name of the new policy, and click OK. • Click the Duplicate link for a policy. Type the name of the new policy, and click OK. • Click the View or Edit link for a policy, then on the Policy page, click the Duplicate button. Type the name of the new policy, and click OK. The duplicated policy appears. Edit the policy and click Save. Changing policy assignment Use this task to change the Host Intrusion Prevention policy assignment for a group or a single system in the ePolicy Orchestrator System Tree. Task For option definitions, click ? in the interface. • Do one of the following: • For a group, go to Systems | System Tree, select a group, and then on the Assigned Policies tab click Edit Assignment. • For a system go to Systems | System Tree, select a group that contains the system, and then on the System tab, select the system and select Actions | Agents | Modify Policies on a Single System. Default protection and tuning Host Intrusion Prevention works with default policies for basic protection. It allows greater protection through custom settings obtained through manual or automatic tuning. Default protection Host Intrusion Prevention ships with a set of default policies that provide basic protection for your environment. Both IPS and firewall protection are off by default and must enabled to allow default rules policies to be enforced. For advanced protection, switch from the default IPS policies to stronger preset policies, or create custom policies. Start with a sample deployment to monitor and tune the new settings. Tuning involves balancing intrusion prevention protection and access to required information and applications per group type. Manual tuning Manual tuning requires direct monitoring for a set period of time of events and client rules that are created. 18 McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
Creating a new policy
To create a new policy, you copy of an existing one and name the new copy. You can do this
either in the Policy Catalog or from a Policy page.
Task
For option definitions, click
?
in the interface.
Do one of the following from the Policy Catalog:
Click the
New Policy
button. Select the policy you want to make a copy of, type the
name of the new policy, and click
OK
.
Click the
Duplicate
link for a policy. Type the name of the new policy, and click
OK
.
Click the
View
or
Edit
link for a policy, then on the Policy page, click the
Duplicate
button. Type the name of the new policy, and click
OK
. The duplicated policy appears.
Edit the policy and click
Save
.
Changing policy assignment
Use this task to change the Host Intrusion Prevention policy assignment for a group or a single
system in the ePolicy Orchestrator System Tree.
Task
For option definitions, click
?
in the interface.
Do one of the following:
For a group, go to
Systems | System Tree
, select a group, and then on the
Assigned
Policies
tab click
Edit Assignment
.
For a system go to
Systems | System Tree
, select a group that contains the system,
and then on the
System
tab, select the system and select
Actions | Agents | Modify
Policies on a Single System
.
Default protection and tuning
Host Intrusion Prevention works with default policies for basic protection. It allows greater
protection through custom settings obtained through manual or automatic tuning.
Default protection
Host Intrusion Prevention ships with a set of default policies that provide basic protection for
your environment. Both IPS and firewall protection are off by default and must enabled to allow
default rules policies to be enforced.
For advanced protection, switch from the default IPS policies to stronger preset policies, or
create custom policies.
Start with a sample deployment to monitor and tune the new settings. Tuning involves balancing
intrusion prevention protection and access to required information and applications per group
type.
Manual tuning
Manual tuning requires direct monitoring for a set period of time of events and client rules that
are created.
Managing Your Protection
Policy management
McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5
18