McAfee M-1250 Deployment Guide - Page 18

Where are your security operations located?, Where should I deploy Sensors?, Sensor

Get McAfee M-1250 - Network Security Platform PDF manuals and user guides View all McAfee M-1250 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 18 highlights

McAfee® Network Security Platform 6.0 Planning Network Security Platform Installation Sensor Aggregate Performance M-8000 M-6050 M-4050 M-3050 M-2750 M-1450 M-1250 N-450 10 Gbps 5 Gbps 3 Gbps 1.5 Gbps 600 Mbps 200 Mbps 100 Mbps 2 Gbps Where are your security operations located? To successfully defend against intrusions, McAfee recommends dedicated monitoring of the security system. Network intrusions can happen at any given moment, so having a dedicated 24-hour-a-day prevention system will make the security solution complete and effective. Where are your security personnel? How many users are involved? Knowing who will be configuring your policies, monitoring events, running reports, and performing other configuration tasks will help you manage your users and determine where you locate your McAfee® Network Security Manager server. The Manager should be placed in a physically secure location, should be logically accessible to users, and must have reliable connectivity so as to be able to communicate with all deployed Sensors. Where should I deploy Sensors? Should you deploy Sensors at the perimeter of your network, in front of the servers you want to protect, or at a convenient nexus where all traffic passes? Deployment at the perimeter does not protect you from internal attacks, which are some of the most common source of attacks. Perimeter monitoring is also useless if a network has multiple ISP connections at multiple locations (such as one Internet connection in New York and one in San Jose) and if you expect to see asymmetric traffic routing (that is, incoming traffic comes through New York and outgoing traffic goes out through San Jose). The IPS simply will not see all the traffic to maintain state and detect attacks. Deployment in front of the servers that you want to protect both detects attacks from internal users and deals effectively with the geographically diverse asymmetric routing issue. An illustration of the advantage of Sensors' multiple segment monitoring is to consider the question of installing Sensors with respect to firewalls. It is very common to deploy Sensors around firewalls to inspect the traffic that is permitted by the firewall. A common question when installing Sensors around the firewall is: Do you put the Sensors on the inside (Private and DMZ) or put them outside (Public) the firewall?. There are benefits to both scenarios, and the more complete solution includes both. For example, if you detect 11

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
McAfee® Network Security Platform 6.0
Planning Network Security Platform Installation
Sensor
Aggregate Performance
M-8000
10 Gbps
M-6050
5 Gbps
M-4050
3 Gbps
M-3050
1.5 Gbps
M-2750
600 Mbps
M-1450
200 Mbps
M-1250
100 Mbps
N-450
2 Gbps
Where are your security operations located?
To successfully defend against intrusions, McAfee recommends dedicated monitoring of
the security system. Network intrusions can happen at any given moment, so having a
dedicated 24-hour-a-day prevention system will make the security solution complete and
effective.
Where are your security personnel? How many users are involved? Knowing who will be
configuring your policies, monitoring events, running reports, and performing other
configuration tasks will help you manage your users and determine where you locate your
McAfee
®
Network Security Manager server. The Manager should be placed in a physically
secure location, should be logically accessible to users, and must have reliable
connectivity so as to be able to communicate with all deployed Sensors.
Where should I deploy Sensors?
Should you deploy Sensors at the perimeter of your network, in front of the servers you
want to protect, or at a convenient nexus where all traffic passes?
Deployment at the perimeter does not protect you from internal attacks, which are some of
the most common source of attacks. Perimeter monitoring is also useless if a network has
multiple ISP connections at multiple locations (such as one Internet connection in New
York and one in San Jose) and if you expect to see asymmetric traffic routing (that is,
incoming traffic comes through New York and outgoing traffic goes out through San Jose).
The IPS simply will not see all the traffic to maintain state and detect attacks. Deployment
in front of the servers that you want to protect both detects attacks from internal users and
deals effectively with the geographically diverse asymmetric routing issue.
An illustration of the advantage of Sensors’ multiple segment monitoring is to consider the
question of installing Sensors with respect to firewalls. It is very common to deploy
Sensors around firewalls to inspect the traffic that is permitted by the firewall. A common
question when installing Sensors around the firewall is:
Do you put the Sensors on the
inside (Private and DMZ) or put them outside (Public) the firewall?
. There are benefits to
both scenarios, and the more complete solution includes both. For example, if you detect
11