McAfee M-1250 Deployment Guide - Page 18
Where are your security operations located?, Where should I deploy Sensors?, Sensor
![]() |
View all McAfee M-1250 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 18 highlights
McAfee® Network Security Platform 6.0 Planning Network Security Platform Installation Sensor Aggregate Performance M-8000 M-6050 M-4050 M-3050 M-2750 M-1450 M-1250 N-450 10 Gbps 5 Gbps 3 Gbps 1.5 Gbps 600 Mbps 200 Mbps 100 Mbps 2 Gbps Where are your security operations located? To successfully defend against intrusions, McAfee recommends dedicated monitoring of the security system. Network intrusions can happen at any given moment, so having a dedicated 24-hour-a-day prevention system will make the security solution complete and effective. Where are your security personnel? How many users are involved? Knowing who will be configuring your policies, monitoring events, running reports, and performing other configuration tasks will help you manage your users and determine where you locate your McAfee® Network Security Manager server. The Manager should be placed in a physically secure location, should be logically accessible to users, and must have reliable connectivity so as to be able to communicate with all deployed Sensors. Where should I deploy Sensors? Should you deploy Sensors at the perimeter of your network, in front of the servers you want to protect, or at a convenient nexus where all traffic passes? Deployment at the perimeter does not protect you from internal attacks, which are some of the most common source of attacks. Perimeter monitoring is also useless if a network has multiple ISP connections at multiple locations (such as one Internet connection in New York and one in San Jose) and if you expect to see asymmetric traffic routing (that is, incoming traffic comes through New York and outgoing traffic goes out through San Jose). The IPS simply will not see all the traffic to maintain state and detect attacks. Deployment in front of the servers that you want to protect both detects attacks from internal users and deals effectively with the geographically diverse asymmetric routing issue. An illustration of the advantage of Sensors' multiple segment monitoring is to consider the question of installing Sensors with respect to firewalls. It is very common to deploy Sensors around firewalls to inspect the traffic that is permitted by the firewall. A common question when installing Sensors around the firewall is: Do you put the Sensors on the inside (Private and DMZ) or put them outside (Public) the firewall?. There are benefits to both scenarios, and the more complete solution includes both. For example, if you detect 11
![](/manual_guide/products/mcafee-m1250-deployment-guide-8b26e2d/18.png)