McAfee M3050 Installation Guide - Page 15
Configuring software and attack signature updates - manual
View all McAfee M3050 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 15 highlights
McAfee® Network Security Platform 6.0 About Network Security Platform signatures that combat the latest in hacking, misuse, and denials of service (DoS). When a severe-impact attack happens that cannot be detected with the current signatures, a new signature update is developed and released. Since new vulnerabilities are discovered regularly, signature updates are released frequently. New signatures and patches are made available to customers via McAfee® Network Security Update Server (Update Server). The Update Server is a McAfee owned and operated file server that houses updated signature and software files for Managers and Sensors in customer installations. The Update Server securely provides fully automated, real-time signature updates without requiring any manual intervention. Note: Communication between the Manager and the Update Server is SSLsecured. Configuring software and attack signature updates You configure interaction with the Update Server using the Manager Configure > Update Server page. You can pull updates from the Update Server on demand or you can schedule update downloads. With scheduled downloads, the Manager polls the Update Server (over the Internet) at the desired frequency. If an update has been posted, that update is registered as "Available" in the Manager interface for on-demand downloaded. Once downloaded to the Manager, you can immediately download (via an encrypted connection) the update to deployed Sensors or deploy the update based on a Sensor update schedule you define. Acceptance of a download is at the discretion of the administrator. You have a total of five update options: Automatic update to Manager, manual update from Manager to Sensors. This option enables Manager server to receive updates automatically, but allows the administrator to selectively apply the updates to the Sensors. Manual update to Manager, automatic update from Manager to Sensors. This option enables the administrator to select updates manually, but once the update is selected, it is applied to the Sensors automatically, without reboot. Fully manual update. This option allows the security administrator to determine which signature update to apply per update, and when to push the update out to the Sensor(s). You may wish to manually update the system when you make some configuration change, such as updating a policy or response. Fully automatic update. This option enables every update to pass directly from the Update Server to the Manager, and from the Manager to the Sensor(s) without any intervention by the security administrator. Note that fully automatic updating still happens according to scheduled intervals. Real-time update. This option is similar to fully automatic updating. However, rather than wait for a scheduled interval, the update is pushed directly from Update Server to Manager to Sensor. No device needs to be rebooted; the Sensor does not stop monitoring traffic during the update, and the update is active as soon as it is applied to the Sensor. 7