McAfee UTILITIES 4.0 Uživatelská příručka Strana 55
- Strana / 112
- Tabulka s obsahem
- KNIHY
Hodnocené. / 5. Na základě hodnocení zákazníků
Host Intrusion Prevention displays all the rules created on clients through learn mode or adaptive
mode, and allows these rules to be saved and migrated to administrative rules.
Stateful filtering with adaptive and learn mode
When adaptive or learn mode is applied with the stateful firewall, the filtering process creates
a new rule to handle the incoming packet. This filtering process proceeds as follows:
1 The firewall compares an incoming packet against entries in the state table and finds no
match, then examines the static rule list and finds no match.
2 No entry is made in the state table, but if this is a TCP packet, it is put in a pending list. If
not, the packet is dropped.
3 If new rules are permitted, a unidirectional static allow rule is created. If this is s a TCP
packet, an entry is made in the state table.
4 If a new rule is not permitted, the packet is dropped.
Firewall client rules
A client in adaptive or learn mode can create Firewall client rules to allow blocked activity. In
addition, rules can be created manually on the client computer. You can track the client rules
and view them in a filtered or aggregated view. Use these client rules to create new policies or
add them to existing policies.
Filtering and aggregating rules
Applying filters generates a list of rules that satisfies all of the variables defined in the filter
criteria. The result is a list of rules that includes all of the criteria. Aggregating rules generates
a list of rules grouped by the value associated with each of the variables selected in the Select
columns to aggregate dialog box. The result is a list of rules displayed in groups and sorted
by the value associated with the selected variables.
Quarantine policies and rules
When a client returns to the network after a prolonged absence, the quarantine policies restrict
a client’s ability to communicate with the network until ePolicy Orchestrator verifies that the
client has all the latest policies, software updates, and DAT files.
NOTE: Host Intrusion Prevention enforces quarantine rules for
all
ePolicy Orchestrator-managed
applications. If you use ePolicy Orchestrator to manage clients with VirusScan Enterprise, Host
Intrusion Prevention will quarantine any returning client where VirusScan Enterprise tasks fail
to run; for example, if an update task fails to deliver the latest DAT files.
Out-of-date policies and files can create security holes and leave systems vulnerable to attack.
By quarantining users until ePolicy Orchestrator updates them, unnecessary security risks are
avoided. For example, a quarantine policy is useful for laptops whose policies and files may
become out of date when they are away from the corporate network for a few days.
When you enable the Quarantine Options policy, both ePolicy Orchestrator and Host Intrusion
Prevention participate. ePolicy Orchestrator detects whether a user has all the latest information
they need. Host Intrusion Prevention enforces the quarantine until the client has all the necessary
policies and files.
NOTE: If a user connects to the network using VPN software, set quarantine rules to allow any
traffic required to both connect and authenticate over the VPN.
Configuring Firewall Policies
Overview of Firewall policies
55McAfee Host Intrusion Prevention 7.0 Product Guide for use with ePolicy Orchestrator 4.0
- Product Guide 1
- Basic protection 8
- Advanced protection 8
- IPS policies 8
- Firewall policies 8
- Policy management 9
- Policy tracking and tuning 10
- Preset protection 11
- Adaptive and learn mode 11
- Dashboards and queries 12
- Managing Your Protection 13
- Management of policies 16
- Where to find policies 17
- Configuring polices 18
- Automatic tuning with clients 19
- Management of systems 20
- Host IPS server tasks 21
- Host IPS protection updates 22
- Checking in update packages 23
- Updating clients with content 23
- Configuring IPS Policies 24
- Behavioral rules 25
- Reactions 26
- Exception rules 26
- Working with IPS signatures 30
- Creating signatures 33
- Creating exception rules 39
- Working with IPS events 40
- Managing IPS events 41
- Managing IPS client rules 43
- Configuring Firewall Policies 45
- Stateful packet filtering 46
- Stateful packet inspection 46
- State table 47
- State table functionality 47
- How firewall rules work 47
- How stateful filtering works 48
- Stateful protocol tracking 49
- Overview of Firewall policies 51
- Firewall client rules 55
- Quarantine policies and rules 55
- 4 Click Save to save changes 60
- Creating firewall rule groups 61
- Configuring General Policies 76
- Unlocking the Windows client 78
- Working with Host Intrusion 81
- Prevention Clients 81
- Creating 85
- System tray icon 86
- Setting client UI options 87
- Client error reporting 88
- Windows client alerts 90
- Responding to Firewall alerts 91
- About the IPS Policy tab 93
- About the Firewall Policy tab 94
- About the Blocked Hosts tab 96
- About the Activity Log tab 98
- Solaris client issues 100
- Client installation issues 100
- Client operations issues 100
- Stopping the Solaris client 101
- Overview of the Linux client 102
- Notes about the Linux client 103
- Linux client issues 103
- Stopping the Linux client 105
- Restarting the Linux client 105
- (continued) 107
Související produkty a manuály pro Software McAfee UTILITIES 4.0
Software McAfee QUICKCLEAN 3.0 Uživatelská příručka
(41 stránky)
(41 stránky)
Software McAfee UNINSTALLER 6.0 Uživatelská příručka
(99 stránky)
(99 stránky)
Software McAfee QUICKCLEAN 1.0 Instalační příručka
(29 stránky)
(29 stránky)
Software McAfee QUICKCLEAN 1.0 Uživatelská příručka
(41 stránky)
(41 stránky)
Software McAfee UTILITIES 4.0 Uživatelský manuál
(11 stránky)
(11 stránky)
Software McAfee QUICKCLEAN 1.0 Uživatelský manuál
(22 stránky)
(22 stránky)
Software McAfee GUARD DOG 2 Uživatelská příručka
(128 stránky)
(128 stránky)
© 2020, manymanuals.cz. Všechna práva vyhrazena. | 0.068 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentáře k této Příručce