McAfee M3050 Installation Guide - Page 9

1

C

HAPTER

1

About Network Security Platform

McAfee

®

Network Security Platform [formerly McAfee

®

IntruShield

®

] is a combination of

network appliances and software built for the accurate detection and prevention of

intrusions, denial of service (DoS) attacks, distributed denial of service (DDoS) attacks,

and network misuse. Network Security Platform provides comprehensive network intrusion

detection and can block, or prevent, attacks in real time, making it truly an intrusion

prevention system (IPS).

Network Security Platform components

Network Security Platform consists of the following major components:



McAfee

®

Network Security Sensor (Sensor) (on page

1

)



McAfee

®

Network Security Manager (Manager), with its Web-based graphical user

interface



McAfee Update Server (on page

6

)

About McAfee Network Security Sensor

A McAfee

®

Network Security Sensor is a content-processing appliance built for accurate

detection and prevention of intrusions, misuse, and distributed denial of service (DDoS)

attacks. McAfee Network Security Sensor (Sensor) are specifically designed to handle

traffic at wire speed, inspect and detect intrusions with a high degree of accuracy, and

flexible enough to adapt to the security needs of any enterprise environment.

When deployed at key network access points, a Sensor provides real-time traffic

monitoring to detect malicious activity and respond to the malicious activity as configured

by the administrator.

Sensors are configured and managed using McAfee Network Security Manager

(Manager). The process of configuring a Sensor and establishing communication with the

Manager is described in later chapters of this guide. The Manager server is described in

detail in the

Getting Started Guide

.

Sensor functionality

The primary function of a device is to analyze traffic on selected network segments and to

respond when an attack is detected. The device examines the header and data portion of

every network packet, looking for patterns and behavior in the network traffic that indicate

malicious activity. The device examines packets according to user-configured policies, or

rule sets, which determine what attacks to watch for, and how to respond with

countermeasures if an attack is detected.

Section	Page
Preface	5
Introducing McAfee Network Security Platform	5
Conventions used in this book	5
Related Documentation	6
Contacting Technical Support	7
About Network Security Platform	9
Network Security Platform components	9
About McAfee Network Security Sensor	9
Sensor functionality	9
Sensor platforms	10
Manager components	12
Manager server platform	12
Manager software	12
Manager database	14
McAfee Update Server	14
Configuring software and attack signature updates	15
About Network Security Central Manager	16
Preparing for the Manager installation	17
Pre-requisites	17
General settings	17
Other third-party applications	18
Browser display settings (Windows)	18
Server requirements	18
Hosting the Manager on a VMware platform	19
Manager installation with Local Service account privileges	20
Client requirements	20
Java runtime engine requirements	20
Database requirements	21
Pre-installation recommendations	21
Planning for installation	21
Functional requirements	22
Using anti-virus software with the Manager	22
McAfee VirusScan and SMTP notification	22
User interface responsiveness	23
Downloading the Manager/Central Manager executable	24
Installing the Manager/Central Manager	25
Installing the Manager	25
Installing the Central Manager	36
Starting the Manager/Central Manager	38
Accessing the Manager from a client machine	38
Java installation for client systems	39
Logging onto the Manager	39
Logging onto the Central Manager	40
Authenticating Access to the Manager using CAC	41
Shutting down the Manager/Central Manager services	43
Closing all client connections	44
Shutting down using the Network Security Platform system tray icon	44
Shutting down using the Control Panel	45
Adding a Sensor	47
Before You Install Sensors	47
Network topology considerations	47
Safety measures	47
Working with fiber-optic ports	48
Usage restrictions	48
Unpacking the Sensor	49
Contents of the Sensor box	49
Cable Specifications	49
Network Security Platform fail-closed dongle specification	50
Console port pin-outs	50
Auxiliary port pin-outs	50
Management port pin-outs	51
Response port pin-outs	51
Monitoring port pin-outs	52
Gigabit Ethernet (GE) ports	52
Fast Ethernet (FE) 10/100/1000 ports	52
Configuring a Sensor	53
Configuration overview	53
Establish a Sensor naming scheme	53
Communication between the Sensor and the Manager	54
Configuring the Sensor	54
Adding a Sensor to the Manager	56
Verifying successful configuration	57
Changing Sensor values	58
Changing Sensor IP or Manager IP	58
Changing Sensor’s shared secret key	59
Adding a secondary Manager IP	59
Removing a secondary Manager IP	59
Device Licenses	60
Importing a Device License	60
Manually assigning a device license	61
Configuring the Update Server	62
Specifying the Update Server authentication	63
Specifying a proxy server for Internet connectivity	64
Manually importing a software image or signature set	65
Downloading software updates	65
Downloading signature set updates	68
Automating updates	70
Automating signature set downloads from the Update Server	70
Automatically deploy new signature sets to your devices	71
Uninstalling the Manager/Central Manager	72
Uninstalling using Add/Remove Programs	73
► To uninstall the Manager software:	73
Uninstalling via script	74
► To uninstall via script:	75

McAfee M3050 Installation Guide - Page 9

About Network Security Platform, Network Security Platform components - specifications

Page 9 highlights