McAfee HISCDE-AB-IA Product Guide - Page 66
FAQ — McAfee TrustedSource and the firewall, Minimal Risk Do Not Block
View all McAfee HISCDE-AB-IA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 66 highlights
Configuring Firewall Policies Enable firewall protection Task For option definitions, click ? on the page displaying the options. 1 Click Menu | Policy | Policy Catalog and select Host Intrusion Prevention: Firewall in the Product list and Firewall Options in the Category list. The list of policies appears. 2 In the Firewall Options policy list, click Edit under Actions to change the settings for a custom policy. NOTE: For editable policies, other options include Rename, Duplicate, Delete, and Export. For non-editable policies, options include View and Duplicate. 3 In the Firewall Options page that appears, change the default settings as needed, then click Save. FAQ - McAfee TrustedSource and the firewall Two options in the Firewall Options policy allow you to block incoming and outgoing traffic from a network connection that McAfee TrustedSource™ has rated high risk. This FAQ explains what TrustedSource does and how it affects the firewall. What is TrustedSource? TrustedSource is a global Internet reputation intelligence system that determines what is good and bad behavior on the Internet by using real-time analysis of worldwide behavioral and sending patterns for email, web activity, malware, and system-to-system behavior. Using data obtained from the analysis, TrustedSource dynamically calculates reputation scores that represent the level of risk posed to your network when you visit a web page. The result is a database of reputation scores for IP addresses, domains, specific messages, URLs, and images. How does it work? When the TrustedSource options are selected, two firewall rules are created: TrustedSource -Allow Host IPS Service and TrustedSource -- Get Rating. The first rule allows a connection to TrustedSource and the second rule blocks or allows traffic based on the the connection's reputation and the block threshold set. What do you mean by "reputation"? For each IP address on the Internet, TrustedSource calculates a reputation value based on sending or hosting behavior and various environmental data that TrustedSource automatically collects, aggregates and correlates from customers and partners about the state of Internet threat landscape. The reputation is expressed in four classes: • Minimal Risk (Do Not Block) - Our analysis indicates this is a legitimate source or destination of content/traffic. • Unverified - Our analysis indicates that this appears to be a legitimate source or destination of content/traffic, but also displays certain properties suggesting that further inspection is necessary. • Medium Risk - Our analysis indicates that this source/destination shows behavior we believe is suspicious and content/traffic to or from it requires special scrutiny. • High Risk - Our analysis indicates that this source/destination does or will send/host potentially malicious content/traffic and we believe it presents a serious risk. 66 McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5