McAfee M-1250 Network Protection - Page 3

Contents Preface ...v Introducing McAfee Network Security Platform v About this Guide...v Conventions used in this guide ...v Related Documentation...vi Contacting Technical Support ...vii Chapter 1 What is inline mode 1 Benefits of running inline ...1 Chapter 2 Inline deployment walkthrough 3 Chapter 3 Determine your high availability strategy 4 Failover, or High-Availability...4 Fail-open or fail-closed functionality 5 Chapter 4 Install and cable the Sensor 6 Cable the Fast Ethernet monitoring ports 7 Cable the Gigabit Ethernet monitoring ports 7 Cable a failover pair ...7 Configure the Sensor monitoring ports 8 About Sensor port configuration 8 Chapter 5 Failover: configure two Sensors in inline mode 11 Create a Failover Pair ...11 Download configuration, signature set, and software updates to the Sensor 12 Chapter 6 Configure policies 13 Tune your policies ...13 About false positives and "noise 14 Incorrect identification ...14 Correct identification; significance subject to usage policy 14 Correct identification; significance subject to user sensitivity (also known as noise)...........14 Chapter 7 Block attacks 16 Methods for blocking attacks...16 Block exploit traffic ...16 How blocking works for exploit traffic 17 Verify dropped exploit attacks using the Threat Analyzer 17 Block DoS traffic...17 How blocking works for DoS traffic 18 Verify blocked DoS attacks using the Threat Analyzer 18 Drop DoS Attacks from the Threat Analyzer 18 Block using ACLs ...18 Utilize traffic normalization ...19 Blocking based on configured TCP & IP Settings 20 Blocking of IP-spoofed packets 20 Chapter 8 Troubleshooting 21 iii