McAfee M-1250 Upgrade Guide - Page 34

4 Upgrading the Manager Preparing for the upgrade Changes in the NAC feature In release 6.0, there are many enhancements to the NAC feature. Depending on your NAC configuration, there could be a difference in NAC enforcement after you upgrade to 6.0. For example, a host denied access as per your 5.1 configuration may be granted full access after you upgrade. So, it is critical that you review the latest version of the NAC Configuration Guide to understand the effects of these enhancements on your NAC implementation. Note on Global Threat Intelligence and TrustedSource Intelligence When you upgrade to or install Manager 6.0.7.x or above, it is automatically integrated with McAfee Global Threat Intelligence to send your alert, general setup, and feature usage data to McAfee for optimized protection. If you do not wish to send these data, then disable the integration with Global Threat Intelligence. However, note that to be able to query TrustedSource for information on the source or target host of an attack, you need to send at least your alert data summary to McAfee. For details, see the Integration Guide. Notes regarding User-defined signature • Changes to the UDS feature: In 6.0, UDS is referred to as McAfee Custom Attacks. The UDS Editor is called as Custom Attack Editor. The Editor interfaces are extensively changed in 6.0. However, the UDS from 5.1 continue to function in the same way in 6.0. Important points to note: • In 6.0, you can create custom attacks in McAfee's format (same way you created UDS in 5.1) or using the Snort Rules syntax. • You can include or exclude a UDS (from now on, referred to as the McAfee Custom Attack) in the policies. That is, you can retain a McAfee Custom Attack in the database but not include it in the policies. • At a Sensor level, you can choose to compile attacks from any of the following sets: McAfee signature set, McAfee Custom Attacks, or Snort Custom Attacks. For detailed information on Custom Attacks and the Custom Attack Editor, refer to the Custom Attack Definitions Guide. • In case of a heterogeneous Sensor environment, the Snort Rules custom attacks are applied only to IPS Sensors that are on 6.0 software. • McAfee Custom Attack verification: Previous versions of your McAfee Custom Attacks are "test compiled" during upgrade to ensure there are no incompatibilities between your 5.1 McAfee Custom Attacks (including the McAfee-supplied ones) and the current 6.0 McAfee signature set. If any such incompatibilities exist, a fault is raised, which is visible in Operational Status. If you encounter problems with a particular McAfee Custom Attack, you need to recreate it. Changes regarding Alert Filter Alert Filter is called Attack Filter in Network Security Platform 6.0, but the functionality is same. Post-upgrade of the Sensor and the Manager, you can also specify the source and destination port numbers for the filter. For details, see the IPS Configuration Guide. Note regarding Network Security Platform extension on McAfee ePO™ ® This note is relevant only if you have integrated the Manager with McAfee ePolicy Orchestrator (McAfee ePO™). If you have the Network Security Platform 5.1.x extension installed on McAfee ePO™, then note that a direct upgrade of this extension to 6.0.x is not supported. Follow the steps below: 34 McAfee® Network Security Platform 6.1 Upgrade Guide