McAfee HISCDE-AB-IA Product Guide - Page 8
Host IPS policies
View all McAfee HISCDE-AB-IA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 8 highlights
Introducing Host Intrusion Prevention Host IPS policies • Basic network connectivity is allowed NOTE: When Host Intrusion Prevention 8.0 is first installed no protection is enabled. You must enable protection in the IPS Options or Firewall Options policy and apply the policy to the client. Advanced protection For advanced protection, switch from the default settings to stronger preset settings, or create custom settings. Start with a sample deployment to monitor and tune the new settings. Tuning involves balancing intrusion prevention protection and access to required information and applications per group type. Host IPS policies A policy is a collection of settings that you configure and enforce through the ePolicy Orchestrator console. Applying policies ensures that your security needs on managed systems are met. Host Intrusion Prevention provides three policy features, each with a set of security options. These are: IPS, Firewall, and General. IPS and firewall features contain a "rules" policy with rules that define behavior, and an "options" policy that enables or disables the rules. Ownership of policies is assigned in the Policy Catalog. After a policy is created, it can be edited or deleted only by the creator of the policy, the person associated as an owner of the policy, or the global administrator. Deleting a policy can be done only in the Policy Catalog. IPS policies The IPS feature contains three policies that protect both Windows and non-Windows computers. It details exceptions, signatures, application protection rules, events, and client-generated exceptions. • IPS Options (All platforms). Turns on or off IPS protection and application of adaptive mode for tuning. • IPS Protection (All platforms). Defines the protection reaction to events that signatures generate. • IPS Rules (All platforms). Defines signatures, exceptions, and application protection rules. This policy is a multiple instance policy, which allows for several IPS Rules policies, instead of a single policy, to be assigned to a system. The effective policy is then the result of the merged contents of the policies. If there are conflicting settings, the most protective explicit setting is applied. Firewall policies The Firewall feature contains three policies that protect Windows computers only. It filters network traffic, allowing legitimate traffic through the firewall and blocking the rest. • Firewall Options (Windows only). Turns on or off firewall protection and application of adaptive or learn mode for tuning. • Firewall Rules (Windows only). Defines firewall rules. • Firewall DNS Blocking (Windows only). Defines the domain name servers that are to be blocked. 8 McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5