McAfee HISCDE-AB-IA Product Guide - Page 66

FAQ — McAfee TrustedSource and the firewall, Minimal Risk Do Not Block

Get McAfee HISCDE-AB-IA - Host Intrusion Prevention PDF manuals and user guides View all McAfee HISCDE-AB-IA manuals
Add to My Manuals
Save this manual to your list of manuals

Page 66 highlights

Configuring Firewall Policies Enable firewall protection Task For option definitions, click ? on the page displaying the options. 1 Click Menu | Policy | Policy Catalog and select Host Intrusion Prevention: Firewall in the Product list and Firewall Options in the Category list. The list of policies appears. 2 In the Firewall Options policy list, click Edit under Actions to change the settings for a custom policy. NOTE: For editable policies, other options include Rename, Duplicate, Delete, and Export. For non-editable policies, options include View and Duplicate. 3 In the Firewall Options page that appears, change the default settings as needed, then click Save. FAQ - McAfee TrustedSource and the firewall Two options in the Firewall Options policy allow you to block incoming and outgoing traffic from a network connection that McAfee TrustedSource™ has rated high risk. This FAQ explains what TrustedSource does and how it affects the firewall. What is TrustedSource? TrustedSource is a global Internet reputation intelligence system that determines what is good and bad behavior on the Internet by using real-time analysis of worldwide behavioral and sending patterns for email, web activity, malware, and system-to-system behavior. Using data obtained from the analysis, TrustedSource dynamically calculates reputation scores that represent the level of risk posed to your network when you visit a web page. The result is a database of reputation scores for IP addresses, domains, specific messages, URLs, and images. How does it work? When the TrustedSource options are selected, two firewall rules are created: TrustedSource -Allow Host IPS Service and TrustedSource -- Get Rating. The first rule allows a connection to TrustedSource and the second rule blocks or allows traffic based on the the connection's reputation and the block threshold set. What do you mean by "reputation"? For each IP address on the Internet, TrustedSource calculates a reputation value based on sending or hosting behavior and various environmental data that TrustedSource automatically collects, aggregates and correlates from customers and partners about the state of Internet threat landscape. The reputation is expressed in four classes: • Minimal Risk (Do Not Block) - Our analysis indicates this is a legitimate source or destination of content/traffic. • Unverified - Our analysis indicates that this appears to be a legitimate source or destination of content/traffic, but also displays certain properties suggesting that further inspection is necessary. • Medium Risk - Our analysis indicates that this source/destination shows behavior we believe is suspicious and content/traffic to or from it requires special scrutiny. • High Risk - Our analysis indicates that this source/destination does or will send/host potentially malicious content/traffic and we believe it presents a serious risk. 66 McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
Task
For option definitions, click
?
on the page displaying the options.
1
Click
Menu | Policy | Policy Catalog
and select
Host Intrusion Prevention: Firewall
in the
Product
list and
Firewall Options
in the
Category
list. The list of policies appears.
2
In the
Firewall Options
policy list, click
Edit
under
Actions
to change the settings for a
custom policy.
NOTE:
For editable policies, other options include Rename, Duplicate, Delete, and Export.
For non-editable policies, options include View and Duplicate.
3
In the
Firewall Options
page that appears, change the default settings as needed, then
click
Save
.
FAQ — McAfee TrustedSource and the firewall
Two options in the Firewall Options policy allow you to block incoming and outgoing traffic from
a network connection that McAfee TrustedSource
has rated high risk. This FAQ explains what
TrustedSource does and how it affects the firewall.
What is TrustedSource?
TrustedSource is a global Internet reputation intelligence system that determines what is good
and bad behavior on the Internet by using real-time analysis of worldwide behavioral and
sending patterns for email, web activity, malware, and system-to-system behavior. Using data
obtained from the analysis, TrustedSource dynamically calculates reputation scores that represent
the level of risk posed to your network when you visit a web page. The result is a database of
reputation scores for IP addresses, domains, specific messages, URLs, and images.
How does it work?
When the TrustedSource options are selected, two firewall rules are created: TrustedSource --
Allow Host IPS Service and TrustedSource -- Get Rating. The first rule allows a connection to
TrustedSource and the second rule blocks or allows traffic based on the the connection's
reputation and the block threshold set.
What do you mean by "reputation"?
For each IP address on the Internet, TrustedSource calculates a reputation value based on
sending or hosting behavior and various environmental data that TrustedSource automatically
collects, aggregates and correlates from customers and partners about the state of Internet
threat landscape. The reputation is expressed in four classes:
Minimal Risk (Do Not Block)
— Our analysis indicates this is a legitimate source or
destination of content/traffic.
Unverified
— Our analysis indicates that this appears to be a legitimate source or destination
of content/traffic, but also displays certain properties suggesting that further inspection is
necessary.
Medium Risk
— Our analysis indicates that this source/destination shows behavior we
believe is suspicious and content/traffic to or from it requires special scrutiny.
High Risk
— Our analysis indicates that this source/destination does or will send/host
potentially malicious content/traffic and we believe it presents a serious risk.
Configuring Firewall Policies
Enable firewall protection
McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5
66