McAfee DTP-165C-DPVG Installation Guide - Page 42

Testing the system, Basic Search

Get McAfee DTP-165C-DPVG - Network DLP Prevent 1650 Appliance PDF manuals and user guides View all McAfee DTP-165C-DPVG manuals
Add to My Manuals
Save this manual to your list of manuals

Page 42 highlights

5 Configuring McAfee DLP appliances and adding servers Testing the system Task 1 Log on as root to the McAfee DLP appliance. 2 Stop the NTP daemon. # service ntpd stop # chkconfig --level 2345 ntpd off 3 Restart the NTP daemon. # service ntpd start # chkconfig --level 2345 ntpd on The service command will control the service while the system is running; the chkconfig commands will control what happens at boot time. Testing the system If your system doesn't appear to be generating incidents after it is installed, you can take steps to ensure that it is configured correctly. Table 5-1 Configuration checklist Checks Explanation Action Are appliance connections complete? Status icons display health of each managed appliance. On the System page, check to see if the Status icon is green. If status is Registering or Unknown, wait until the process is complete (you might want to refresh the page). Critical systems must be reinstalled. Are policies activated? If policies are not activated during the setup phase, their rules cannot be matched to network data. On the Policies page, check the State column. If policies are inactive, select policy boxes, then select Activate from the Actions menu. Is the timestamp filter set? The default is Previous 24 hours to keep the system from producing unmanageable numbers of results. On the Incidents page, set Filter by to a longer time period. If the system was recently installed, it will need some lead time for data capture and analysis. Are capture filters set? The system might have been set up On the System | Capture Filters page, remove to block traffic that is needed to meet filters that might be blocking traffic. your protection strategy. For example, the RFC 1918 filter blocks internal IP addresses. Are common keywords producing results? If data is being captured, you will be able to find keywords that are commonly found in your network traffic - for example, your company name. On the Basic Search page, type in a common keyword that can be found in captured data. Does changing the dashboard view display different results? Data-in-Motion, Data-at-Rest, and Data-in-Use On the System page, check to see if the dashboards display results in network corresponding products are installed. traffic, repositories and endpoints. Are existing filters When filters are set, only the blocking significant configured results are visible on the results? dashboard. On the Incidents page, click Clear All in the Filter by frame. 42 McAfee Data Loss Prevention 9.2.0 Installation Guide

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
Task
1
Log on as root to the McAfee DLP appliance.
2
Stop the NTP daemon.
# service ntpd stop
# chkconfig --level 2345 ntpd off
3
Restart the NTP daemon.
# service ntpd start
# chkconfig --level 2345 ntpd on
The service command will control the service while the system is running; the
chkconfig
commands will control what happens at boot time.
Testing the system
If your system doesn't appear to be generating incidents after it is installed, you can take steps to
ensure that it is configured correctly.
Table 5-1
Configuration checklist
Checks
Explanation
Action
Are appliance
connections
complete?
Status icons display health of each
managed appliance.
On the
System
page, check to see if the
Status
icon is green. If status is
Registering
or
Unknown
, wait until the process is
complete (you might want to refresh the
page).
Critical
systems must be reinstalled.
Are policies
activated?
If policies are not activated during
the setup phase, their rules cannot
be matched to network data.
On the
Policies
page, check the
State
column. If policies are inactive, select
policy boxes, then select
Activate
from the
Actions
menu.
Is the timestamp
filter set?
The default is
Previous 24 hours
to keep
the system from producing
unmanageable numbers of results.
On the
Incidents
page, set
Filter by
to a
longer time period. If the system was
recently installed, it will need some lead
time for data capture and analysis.
Are capture filters
set?
The system might have been set up
to block traffic that is needed to meet
your protection strategy. For
example, the
RFC 1918
filter blocks
internal IP addresses.
On the
System
|
Capture Filters
page, remove
filters that might be blocking traffic.
Are common
keywords
producing results?
If data is being captured, you will be
able to find keywords that are
commonly found in your network
traffic — for example, your company
name.
On the
Basic Search
page, type in a
common keyword that can be found in
captured data.
Does changing the
dashboard view
display different
results?
Data-in-Motion
,
Data-at-Rest
, and
Data-in-Use
dashboards display results in network
traffic, repositories and endpoints.
On the
System
page, check to see if the
corresponding products are installed.
Are existing filters
blocking significant
results?
When filters are set, only the
configured results are visible on the
dashboard.
On the
Incidents
page, click
Clear All
in the
Filter by
frame.
5
Configuring McAfee DLP appliances and adding servers
Testing the system
42
McAfee Data Loss Prevention 9.2.0
Installation Guide