Home » McAfee Manuals » Networking » McAfee M-1250 » Manual Viewer

McAfee M-1250 Network Protection - Page 23

Overly coarse traffic VIDS definition that contains very disparate applications.

Add to My Manuals
Save this manual to your list of manuals

Page 23 highlights

McAfee® Network Security Platform 6.0 Configure policies can use against your network: the fact that the attack failed can help him zero in on the type of Web server you use. Users can also better manage this type of events through policy customization or installing attack filters. The noise-to-incorrect-identification ratio can be fairly high, particularly in the following conditions: • The configured policy includes a lot of Informational alerts, or scan alerts which are based on request activities (such as the All Inclusive policy) • Deployment links where there is a lot of hostile traffic, such as in front of a firewall • Overly coarse traffic VIDS definition that contains very disparate applications. For example: a highly aggregated link in dedicated interface mode Users can effectively manage the noise level by defining appropriate VIDS and customize the policy accordingly. For dealing with exceptional hosts, such as a dedicated pentest machine, attack filters can also be used. 15

Section	Page
Preface	5
Introducing McAfee Network Security Platform	5
About this Guide	5
Conventions used in this guide	5
Related Documentation	6
Contacting Technical Support	7
What is inline mode?	9
Benefits of running inline	9
Inline deployment walkthrough	11
Determine your high availability strategy	12
Failover, or High-Availability	12
Fail-open or fail-closed functionality	13
Install and cable the Sensor	14
Cable the Fast Ethernet monitoring ports	15
Cable the Gigabit Ethernet monitoring ports	15
Cable a failover pair	15
Configure the Sensor monitoring ports	16
About Sensor port configuration	16
Failover: configure two Sensors in inline mode	19
Create a Failover Pair	19
Download configuration, signature set, and software updates to the Sensor	20
Configure policies	21
Tune your policies	21
About false positives and \	22
Incorrect identification	22
Correct identification; significance subject to usage policy	22
Correct identification; significance subject to user sensitivity (also known as noise)	22
Block attacks	24
Methods for blocking attacks	24
Block exploit traffic	24
How blocking works for exploit traffic	25
Verify dropped exploit attacks using the Threat Analyzer	25
Block DoS traffic	25
How blocking works for DoS traffic	26
Verify blocked DoS attacks using the Threat Analyzer	26
Drop DoS Attacks from the Threat Analyzer	26
Block using ACLs	26
Utilize traffic normalization	27
Blocking based on configured TCP & IP Settings	28
Blocking of IP-spoofed packets	28
Troubleshooting	29
Verify that traffic is flowing through the Sensor	29
Verify failover pair creation success	29
show	29
status	29
show failover-status	30
downloadstatus	30

Match case Limit results 1 per page

McAfee® Network Security Platform 6.0

Configure policies

can use against your network: the fact that the attack failed can help him zero in on the

type of Web server you use. Users can also better manage this type of events through

policy customization or installing attack filters.

The noise-to-incorrect-identification ratio can be fairly high, particularly in the following

conditions:

•

The configured policy includes a lot of Informational alerts, or scan alerts which are

based on request activities (such as the All Inclusive policy)

•

Deployment links where there is a lot of hostile traffic, such as in front of a firewall

•

Overly coarse traffic VIDS definition that contains very disparate applications. For

example: a highly aggregated link in dedicated interface mode

Users can effectively manage the noise level by defining appropriate VIDS and customize

the policy accordingly. For dealing with exceptional hosts, such as a dedicated pentest

machine, attack filters can also be used.