McAfee M-1250 Deployment Guide

McAfee M-1250 - Network Security Platform Manual

Get McAfee M-1250 - Network Security Platform PDF manuals and user guides View all McAfee M-1250 manuals
Add to My Manuals
Save this manual to your list of manuals

McAfee M-1250 manual content summary:

  • McAfee M-1250 | Deployment Guide - Page 1
    IPS Deployment Guide revision 2.0 McAfee® Network Security Platform version 6.0 McAfee® Network Protection Industry-leading network security solutions
  • McAfee M-1250 | Deployment Guide - Page 2
    INTRUSHIELD, INTRUSION PREVENTION THROUGH INNOVATION, McAfee, McAfee (AND IN KATAKANA), McAfee AND DESIGN, McAfee.COM, McAfee security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property IPS Deployment Guide 700-2366-00/ 2.0 - English
  • McAfee M-1250 | Deployment Guide - Page 3
    Contents Preface ...iv Introducing McAfee Network Security Platform iv About this Guide...iv Audience ...iv Conventions used in this guide ...iv Related Documentation...v Contacting Technical Support ...vii Chapter 1 Getting Started 1 Deciding where to deploy Sensors and in what operating mode 1
  • McAfee M-1250 | Deployment Guide - Page 4
    this guide and how to contact McAfee Technical Support. Introducing McAfee Network Security Platform McAfee® Network Security Platform [formerly McAfee® IntruShield®] delivers the most comprehensive, accurate, and scalable Network Access Control (NAC), network Intrusion Prevention System (IPS) and
  • McAfee M-1250 | Deployment Guide - Page 5
    McAfee® Network Security Platform 6.0 Preface Convention Example Terms that identify fields, buttons, tabs, options, selections, and commands on the User Interface (UI) are shown in Arial Narrow bold font. The Service field on the Properties tab specifies the name of the requested service.
  • McAfee M-1250 | Deployment Guide - Page 6
    McAfee® Network Security Platform 6.0  Upgrade Guide  Getting Started Guide  Manager Configuration Basics Guide  I-1200 Sensor Product Guide  I-1400 Sensor Product Guide  I-2700 Sensor Product Guide  I-3000 Sensor Product Guide  I-4000 Sensor Product Guide  I-4010 Sensor Product Guide  M-
  • McAfee M-1250 | Deployment Guide - Page 7
    McAfee® Network Security Platform 6.0 Preface  NTBA Appliance T-500 Quick Start Guide Contacting Technical Support If you have any questions, contact McAfee for assistance: Online Contact McAfee Technical Support http://mysupport.mcafee.com Registered customers can obtain up-to-date documentation
  • McAfee M-1250 | Deployment Guide - Page 8
    IntruShield®]. The tasks described in this chapter provide pointers to more detailed information in the other books of the McAfee Network Security Platform documentation set. Note: Most of your interaction with Network Security Platform is through McAfee® Network Security Manager. Some configuration
  • McAfee M-1250 | Deployment Guide - Page 9
    McAfee® Network Security Platform 6.0 Getting Started Setting up your Sensors The process of setting up a Sensor is described below at a high level. You perform these tasks on the Sensor. For more information on these tasks, see CLI Guide. 1 Position the Sensor.  Unpack the Sensor and place on a
  • McAfee M-1250 | Deployment Guide - Page 10
    separately 1 internal M-1250 1 internal N-450 1 included 1 redundant available separately 5 Cable the Sensor for configuration.  Attach network cables to the Sensor as described in each Sensor model's Sensor Product Guide. You must cable the Sensor Management and Console ports, respectively
  • McAfee M-1250 | Deployment Guide - Page 11
    secret key value. This process is described in Device Configuration Guide. 2 Configure the Sensor.  From a serial console connected physically or logically to the Sensor, configure the Sensor with network identification information (that is, IP address, IP address of the Manager server, and so on
  • McAfee M-1250 | Deployment Guide - Page 12
    McAfee® Network Security Platform 6.0 Getting Started Viewing and working with data generated by Network Security Platform Once you've completed the steps in the previous sections, you're up and running. While actively monitoring network traffic, your Sensor will generate alerts for traffic that
  • McAfee M-1250 | Deployment Guide - Page 13
    for a port on a Sensor. The data collected is a reflection of the traffic that has passed through the port. For more information, see Device Configuration Guide.  Back up all or part of your Manager configuration information to your server or other location. Network Security Platform provides three
  • McAfee M-1250 | Deployment Guide - Page 14
    Managing Users in Network Security Platform, Getting Started Guide.  Adding admin domains for resource management. For more information, see Administrative Domains, Getting Started Guide.  Changing your interface type to CIDR or VLAN depending on your network configuration. For more information
  • McAfee M-1250 | Deployment Guide - Page 15
    Scenarios (on page 26). Pre-deployment considerations Deployment of Network Security Platform requires specific knowledge of your network's security needs. Answering these questions will determine which McAfee® Network Security Sensor (Sensor) model will best suit your environment, and what in
  • McAfee M-1250 | Deployment Guide - Page 16
    McAfee® Network Security Platform 6.0 Planning Network Security Platform Installation How many access points are there between your network and the extranets or Internet? Large corporations have several points of access that can be exploited by parties with malicious intent. Protecting the various
  • McAfee M-1250 | Deployment Guide - Page 17
    segments that you need to monitor will determine what type of Sensor will work best for you. Network Security Platform offers multiple Sensors providing different bandwidths: Sensor bandwidth Sensor Aggregate Performance I-1200 I-1400 I-2700 I-3000 I-4000 I-4010 100Mbps 200Mbps 600Mbps 1Gbps
  • McAfee M-1250 | Deployment Guide - Page 18
    McAfee® Network Security Platform 6.0 Planning Network Security Platform Installation Sensor Aggregate Performance M-8000 M-6050 M-4050 M-3050 M-2750 M-1450 M-1250 N-450 10 Gbps 5 Gbps 3 Gbps 1.5 Gbps 600 Mbps 200 Mbps 100 Mbps 2 Gbps Where are your security operations located? To successfully
  • McAfee M-1250 | Deployment Guide - Page 19
    McAfee® Network Security Platform 6.0 Planning Network Security Platform Installation an attack on the blocked the attack. When using the existing, single monitoring port products available today, you would have to deploy multiple Sensors to get the required coverage (as shown on the left side
  • McAfee M-1250 | Deployment Guide - Page 20
    also can configure the Sensor to run whatever mode best suits each network segment. Supported deployment modes Every port on the Sensor supports the following deployment modes:  SPAN or Hub  Tap  In-line, fail-closed  In-line, fail-open Additionally, Network Security Platform provides features
  • McAfee M-1250 | Deployment Guide - Page 21
    , Extranet connections, and internal attacks on critical department servers such as Finance and HR. Figure 5: Network Security Platform protecting enterprise network In this example, the ports on this I-2700 Sensor might be configured as such:  Tap 1: Ports 1A and 1B run in Tap mode and respond to
  • McAfee M-1250 | Deployment Guide - Page 22
    McAfee® Network Security Platform 6.0 Sensor Deployment Modes Full-duplex and half-duplex monitoring Sensors are equipped with multiple Monitoring and Response ports. By default, the Sensor ports are internally wire matched (that is, 1A and 1B) to monitor traffic in full-duplex pairs, that is, two
  • McAfee M-1250 | Deployment Guide - Page 23
    configurable). One of the problems with using firewall reconfiguration actions with current IDS products is that an attacker can spoof large address ranges and mislead you into blocking legitimate traffic with the firewall, creating your own denial of service condition. Network Security Platform
  • McAfee M-1250 | Deployment Guide - Page 24
    McAfee® Network Security Platform 6.0 Sensor Deployment Modes  High-availability. In in-line mode, the Sensor does become a single point of failure, so the Sensors support complete stateful fail-over, delivering the industry's first true highavailability IPS deployment, similar to what you'd find
  • McAfee M-1250 | Deployment Guide - Page 25
    fail-open, or passthru, mode by configuring the Layer 2 Passthru (L2) feature from the Network Security Platform user interface. This feature enables you to set a threshold on the number of critical failures within a configured period of time that the Sensor can experience before being forced into
  • McAfee M-1250 | Deployment Guide - Page 26
    McAfee® Network Security Platform 6.0 Sensor Deployment Modes Tap monitoring (Figure Tap mode) can work in one of two ways for the 10/100 Monitoring ports on the I-1200 and I-2700 Sensors: the internal tap can be enabled, or the interface can be connected to an external tap. Sensor ports supported
  • McAfee M-1250 | Deployment Guide - Page 27
    McAfee® Network Security Platform 6.0 Sensor Deployment Modes The internal taps of these three Sensors fail open; thus if the Sensor McAfee® Network Security Manager (Manager). This process is described in the section, Shifting from tap mode to in-line mode (on page 21). When in-line, the Sensor
  • McAfee M-1250 | Deployment Guide - Page 28
    port on a hub. Most vendors' IDS Sensors are deployed in this manner, and many beginning Network Security Platform users choose to deploy in this mode. The Switch Port Analyzer (SPAN) port is designed for troubleshooting and network analysis so that an attached network analyzer can receive a copy of
  • McAfee M-1250 | Deployment Guide - Page 29
    McAfee® Network Security Platform 6.0 Sensor Deployment Modes SPAN port and hub monitoring When monitoring a SPAN or hub port, Sensors with internal taps disabled. Note: McAfee recommends cabling your Fast Ethernet ports with fail-closed dongles if deploying in SPAN or Hub mode. In Figure SPAN
  • McAfee M-1250 | Deployment Guide - Page 30
    McAfee® Network Security Platform 6.0 Sensor Deployment Modes Understanding failover in Network Security Platform In typical failover configurations, one device is the "Active" device while the other is the "Standby." As its name implies, the active device performs normal network functions while
  • McAfee M-1250 | Deployment Guide - Page 31
    monitoring and interconnect ports. This Active-Active configuration provides the added benefit of supporting asymmetric traffic flows (that is, when packets belonging to the same TCP/UDP flow are divided across Sensors). Thus, the Network Security Platform failover pair will detect attacks even when
  • McAfee M-1250 | Deployment Guide - Page 32
    McAfee® Network Security Platform 6.0 Sensor Deployment Modes Sensors' multiple interfaces make the monitoring of asymmetric traffic possible. For example, as shown in Figure Interface groups in an asymmetric network , an I-4000 has four ports that are wired in pairs by default, and therefore two
  • McAfee M-1250 | Deployment Guide - Page 33
    4 Deployment Scenarios This section provides some guidance on how to deploy McAfee® Network Security Platform using the most simple, or out-of-the-box method, and then gear up to more complex scenarios. Deployment flexibility IPS deployment can be daunting, and a complex product can be difficult to
  • McAfee M-1250 | Deployment Guide - Page 34
    McAfee® Network Security Platform 6.0 Deployment Scenarios 3 Configure the Sensor and add it to the Manager as described in CLI Guide, Device Configuration Guide. 4 On the Manager, check the Sensor's port configuration to be sure that it matches the way you have deployed the Sensor. Make changes
  • McAfee M-1250 | Deployment Guide - Page 35
    McAfee® Network Security Platform 6.0 Deployment Scenarios  Split your deployment into multiple Admin Domains. You may want to organize your deployment by geographical location, business unit, or functional area (that is, HR, Finance).  Segment your network traffic into VLAN tags and CIDR blocks
  • McAfee M-1250 | Deployment Guide - Page 36
    deployment Sensor deployment 15, 17, 18, 19, 22, 23 N Network Security Platform sensor deployment modes 13 S SPAN port 19 SPAN port and hub monitoring 19 SPAN/hub operating mode 19 deploying the I-1200 in 13, 17, 23 T tap mode shifting from tap mode to in-line mode 19 technical support vii
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
IPS Deployment Guide
revision 2.0
McAfee
®
Network Protection
Industry-leading network security solutions
McAfee® Network Security Platform
version 6.0