McAfee M-1250 Deployment Guide - Page 34

Deployment scenario for intermediate users, CLI Guide, Device, Configuration Guide

Get McAfee M-1250 - Network Security Platform PDF manuals and user guides View all McAfee M-1250 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 34 highlights

McAfee® Network Security Platform 6.0 Deployment Scenarios 3 Configure the Sensor and add it to the Manager as described in CLI Guide, Device Configuration Guide. 4 On the Manager, check the Sensor's port configuration to be sure that it matches the way you have deployed the Sensor. Make changes as necessary. 5 Download and apply the latest Sensor software and signature file from the Update Server. 6 Send all configuration changes to the Sensor. 7 If you want, set up alert notification to email or pager by attack severity. 8 Using the Report Generator and the Threat Analyzer, examine the resulting alerts for patterns, to help you tune your policies. 9 Back up your data. Deployment scenario for intermediate users The pre-configured policies have an umbrella effect-you're protected from all attacks defined in the policy. This enables you to get up and running quickly, but it also may protect you against attacks you do not care about. For example, if you have an entirely Solaris environment, you may not care if someone is initiating IIS attacks against the network, because these attacks are irrelevant to you. Some administrators prefer to see all network activity, including unsuccessful attacks, to get a complete picture of what is occurring on the network. Others want to reduce the "noise" generated by irrelevant attacks. Tuning your policies to delete attacks that do not apply to your environment reduces the amount of unimportant alerts generated by your Sensors. To tune your deployment, you might do the following:  Try a more advanced deployment mode. If you were running in SPAN mode, you may choose to try another deployment mode, such as tap mode.  Take advantage of the Sensor's ability to apply multiple policies to multiple interfaces. Instead of applying a single policy to the entire Sensor, you may try applying different policies to dedicated interfaces of the Sensor. You can go a step further and segment your traffic into VLAN tags or CIDR blocks, create sub-interfaces, and apply policies to the Sensor's sub-interfaces.  Tune your policies. Pick the policy that best matches your needs and clone the policy (or create a policy from scratch). Then remove any irrelevant attacks, add any additional attacks, and configure appropriate response actions to respond to detected attacks.  Generate reports and view alerts. Look at the data generated by the system to help you further tune your policies, and if necessary, implement more granular monitoring or delegation of monitoring activities to others. Deployment scenario for advanced users An advanced deployment of Network Security Platform utilizes more of Network Security Platform's features to best tune your system. Once you are more familiar with Network Security Platform, you might do the following:  Try running in in-line mode. In-line mode enables you to drop malicious traffic and thus prevent attacks from ever reaching their targets. 27

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
McAfee® Network Security Platform 6.0
Deployment Scenarios
3
Configure the Sensor and add it to the Manager as described in
CLI Guide, Device
Configuration Guide
.
4
On the Manager, check the Sensor’s port configuration to be sure that it matches the
way you have deployed the Sensor. Make changes as necessary.
5
Download and apply the latest Sensor software and signature file from the Update
Server.
6
Send all configuration changes to the Sensor.
7
If you want, set up alert notification to email or pager by attack severity.
8
Using the Report Generator and the Threat Analyzer, examine the resulting alerts for
patterns, to help you tune your policies.
9
Back up your data.
Deployment scenario for intermediate users
The pre-configured policies have an umbrella effect—you’re protected from all attacks
defined in the policy. This enables you to get up and running quickly, but it also may
protect you against attacks you do not care about. For example, if you have an entirely
Solaris environment, you may not care if someone is initiating IIS attacks against the
network, because these attacks are irrelevant to you. Some administrators prefer to see all
network activity, including unsuccessful attacks, to get a complete picture of what is
occurring on the network. Others want to reduce the “noise” generated by irrelevant
attacks. Tuning your policies to delete attacks that do not apply to your environment
reduces the amount of unimportant alerts generated by your Sensors.
To tune your deployment, you might do the following:
Try a more advanced deployment mode. If you were running in SPAN mode, you may
choose to try another deployment mode, such as tap mode.
Take advantage of the Sensor’s ability to apply multiple policies to multiple interfaces.
Instead of applying a single policy to the entire Sensor, you may try applying different
policies to dedicated interfaces of the Sensor. You can go a step further and segment
your traffic into VLAN tags or CIDR blocks, create sub-interfaces, and apply policies to
the Sensor’s sub-interfaces.
Tune your policies. Pick the policy that best matches your needs and clone the policy
(or create a policy from scratch). Then remove any irrelevant attacks, add any
additional attacks, and configure appropriate response actions to respond to detected
attacks.
Generate reports and view alerts. Look at the data generated by the system to help
you further tune your policies, and if necessary, implement more granular monitoring
or delegation of monitoring activities to others.
Deployment scenario for advanced users
An advanced deployment of Network Security Platform utilizes more of Network Security
Platform’s features to best tune your system. Once you are more familiar with Network
Security Platform, you might do the following:
Try running in in-line mode.
In-line mode enables you to drop malicious traffic and thus
prevent attacks from ever reaching their targets.
27