McAfee Host Intrusion Prevention Administration Course

Similar documents
McAfee VirusScan and McAfee epolicy Orchestrator Administration Course

McAfee Application Control/ McAfee Change Control Administration

McAfee Drive Encryption Administration Course

McAfee Network Security Platform Administration Course

McAfee Web Gateway Administration

McAfee Network Data Loss Prevention Administration

McAfee Data Protection for Cloud 1.0.1

McAfee Endpoint Security Migration Guide. (McAfee epolicy Orchestrator)

McAfee Endpoint Security

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

McAfee Endpoint Security

McAfee Endpoint Security

Product Guide. McAfee Endpoint Upgrade Assistant 1.4.0

McAfee Public Cloud Server Security Suite

McAfee MVISION Endpoint 1811 Installation Guide

McAfee MVISION Endpoint 1808 Installation Guide

McAfee Embedded Control for Retail

McAfee Agent Interface Reference Guide. (McAfee epolicy Orchestrator Cloud)

McAfee Embedded Control

Vendor: McAfee. Exam Code: MA Exam Name: McAfee Certified Product Specialist - HIPs. Version: Demo

Product Guide. McAfee Endpoint Upgrade Assistant 1.5.0

McAfee Red and Greyscale

McAfee Endpoint Security

Endpoint Intelligence Agent 2.2.0

McAfee Application Control Windows Installation Guide. (McAfee epolicy Orchestrator)

Increasing Host IPS Management Success McAfee Inc. External Use

McAfee epolicy Orchestrator Release Notes

McAfee epolicy Orchestrator

McAfee Endpoint Upgrade Assistant Product Guide. (McAfee epolicy Orchestrator 5.9.0)

McAfee Management for Optimized Virtual Environments AntiVirus 4.5.0

McAfee Endpoint Upgrade Assistant 2.3.x Product Guide

Understanding the McAfee Endpoint Security 10 Threat Prevention Module

Installing Client Proxy software

McAfee Security for Microsoft SharePoint Hotfix

McAfee Endpoint Upgrade Assistant Product Guide. (McAfee epolicy Orchestrator)

Reducing Operational Costs and Combating Ransomware with McAfee SIEM and Integrated Security

Building Resilience in a Digital Enterprise

Product Guide Revision A. McAfee Client Proxy 2.3.2

McAfee Client Proxy Product Guide

Migration Guide. McAfee File and Removable Media Protection 5.0.0

McAfee File and Removable Media Protection 6.0.0

McAfee Client Proxy Product Guide. (McAfee epolicy Orchestrator)

McAfee Endpoint Security Threat Prevention Installation Guide - Linux

McAfee File and Removable Media Protection Installation Guide

The McAfee MOVE Platform and Virtual Desktop Infrastructure

Deploying the hybrid solution

McAfee Endpoint Security Threat Prevention Product Guide - Windows

McAfee Security Management Center

McAfee Endpoint Security Threat Prevention Installation Guide - macos

POC Installation Guide for McAfee EEFF v4.2.x using McAfee epo 4.6 and epo New Deployments Only Windows Deployment

McAfee Application Control 6.2.0

Intelligent, Collaborative Endpoint Security

GDPR: An Opportunity to Transform Your Security Operations

McAfee Application Control Windows Installation Guide

McAfee Data Exchange Layer Product Guide. (McAfee epolicy Orchestrator)

McAfee SiteAdvisor Enterprise 3.5.0

McAfee epolicy Orchestrator Release Notes

McAfee MVISION Mobile epo Extension Product Guide

McAfee Security for Microsoft Exchange Hotfix Release Notes

McAfee Endpoint Threat Defense and Response Family

McAfee Client Proxy Installation Guide

McAfee Rogue Database Detection For use with epolicy Orchestrator Software

Power, Patch, and Endpoint Managers Expand McAfee epo Platform Capabilities While Cutting Endpoint Costs

McAfee Network Security Platform 8.3

McAfee Management of Native Encryption 3.0.0

McAfee Change Control and McAfee Application Control 8.0.0

Defend Against the Unknown

Product Guide Revision B. McAfee Cloud Workload Security 5.0.0

McAfee Data Loss Prevention Endpoint

Installation Guide. McAfee Web Gateway Cloud Service

McAfee Firewall Enterprise epolicy Orchestrator Extension

Reference Guide Revision B. McAfee Cloud Workload Security 5.0.0

McAfee Cloud Workload Security Product Guide

Configuring Antivirus Devices

Comprehensive Database Security

McAfee Policy Auditor 6.2.2

Petroleum Refiner Overhauls Security Infrastructure

Boot Attestation Service 3.0.0

Integrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries

McAfee Active Response 2.0.0

McAfee Content Security Reporter 2.6.x Migration Guide

Power, Patch, and Endpoint Managers Expand McAfee epolicy Orchestrator Platform Capabilities While Cutting Costs

Installation Guide Revision B. McAfee Active Response 2.2.0

Migration Guide. McAfee Content Security Reporter 2.4.0

McAfee Endpoint Upgrade Assistant 1.5.0

Easily Managed, Advanced Endpoint Security Results in 125,000 Safer Desktops and Happier Users

McAfee epolicy Orchestrator Update 2

Installation Guide Revision B. McAfee Cloud Workload Security 5.0.0

McAfee Client Proxy Product Guide. (McAfee epolicy Orchestrator)

McAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks

McAfee Content Security Reporter Installation Guide. (McAfee epolicy Orchestrator)

McAfee Agent 5.6.x Product Guide

McAfee Cloud Workload Security Suite Amazon Machine Image Installation Guide

McAfee Change Control and McAfee Application Control 6.1.4

McAfee Endpoint Security for Servers Product Guide. (McAfee epolicy Orchestrator)

Symantec Endpoint Protection Integration Component User's Guide. Version 7.0

McAfee Network Security Platform 8.1

McAfee MVISION Mobile Threat Detection Android App Product Guide

McAfee Boot Attestation Service 3.5.0

Citrix Connector Citrix Systems, Inc. All rights reserved. p.1. About this release. System requirements. Technical overview.

Transcription:

McAfee Host Intrusion Prevention Administration Course Education Services administration course The McAfee Host Intrusion Prevention Administration course provides attendees with indepth training on the deployment and management of a host intrusion prevention solution, using McAfee epolicy Orchestrator (McAfee epo ) software. In addition, attendees will learn how this solution uses a series of device protection, tagging, and reaction rules to safeguard sensitive information and improve overall data security. Audience System and network administrators, security personnel, auditors, and/ or consultants concerned with network and system security should take this course. Course Goals Understand the benefits and capabilities of a McAfee Host Intrusion Prevention solution. Plan and implement the McAfee Host Intrusion Prevention. Use rules, policies, and signatures. Provide zero-day protection for operating system and application vulnerabilities. Reduce the overhead of patch management. Install, configure, and manage the solution, using the McAfee epo management console. 1 McAfee Host Intrusion Prevention Administration Course

Agenda at a Glance Day 1 Introduction to McAfee Host Intrusion Prevention Connected Security and McAfee epo Overview Managing Dashboards and Monitors McAfee Agent Installing McAfee Host Intrusion Prevention Server Windows McAfee Host Intrusion Prevention Client Day 3 Creating IPS Client Rules Custom Signatures Automatic Responses and Threat Notification Firewall Policies Overview Firewall Rule Policies Recommended Pre-Work It is recommended that the students have a working knowledge of Microsoft Windows administration, system administration concepts, a basic understanding of computer security concepts, and a general understanding of Internet services. Day 2 McAfee Host Intrusion Prevention General Policies Intrusion Prevention System (IPS) Policies IPS Rules Policies Application Protection Configuring IPS Exceptions Working with IPS Events Day 4 Firewall Rule Groups McAfee Host Intrusion Prevention Maintenance Implementation Client Control Utility Linux Client Solaris Client Troubleshooting Course Outline Module 1: Introduction to McAfee Host Intrusion Prevention Vulnerabilities, Exploits, Buffer Overflows, Attacks, Threats Protection Levels McAfee Host Intrusion Prevention Components and Features Supported Operating Systems New Features Module 2: Connected Security and McAfee epo Overview Introducing Connected Security Manifestation of Connected Security Connected Security Framework Integration with Third-Party Products Connected Security Solution Platform Solution Overview New for this Release Basic Solution Components 2 McAfee Host Intrusion Prevention Administration Course

Web Interface Menu Pages Customizing the User Interface Architecture and Communication User Interface Functional Process Logic Data Storage Module 3: Managing Dashboards and Monitors Dashboards Overview Accessing the Dashboards Page Types of Dashboards Duplicating and Adding Dashboards Assigning Dashboard Permissions Dashboard Permissions Guidelines Deleting a Dashboard Adding Monitors to a Dashboard Dashboards Server Settings Editing the Automatic Refresh Interval Assigning Default Dashboards Configuring Dashboard Monitors Resizing, Moving, and Removing Monitors Concurrent Users (Console Connections) Results of Load Designing Dashboards Changing the Default Session Timeout Module 4: McAfee Agent Agent Components Agent-Server Secure Communication Keys Communication after Agent Installation Typical Agent-to-Server Communication McAfee Agent-to-Product Communication Forcing Agent Activity from Server Wake-Up Calls and Wake-Up Tasks Locating Agent Node Using DNS Using System Tray Icon Forcing McAfee Agent Activity from ClientAgent Files and Directories Using Log Files Installation Folders Module 5: McAfee Host Intrusion Prevention Server Planning and Installation McAfee Host Intrusion Prevention Installation on the McAfee epo Server Requirements Extensions Adding Software to the Master Repository Software Manager Installing McAfee Host Intrusion Prevention Extensions on the McAfee epo Server Checking in the McAfee Host Intrusion Prevention Client Package into the Master Repository Upgrading and Migrating Policies 3 McAfee Host Intrusion Prevention Administration Course

Module 6: Windows McAfee Host Intrusion Prevention Client McAfee Host Intrusion Prevention installation requirements Installing the Client Remotely using McAfee epo and Directly on the Client Computer Post-Installation Client Changes Registry Implementation Client Services and Client-Side Component Relationship Downgrading and Removing the Client Direct Client-Side Management Verifying the Client Is Running Allowing the Disable of Features Enabling Timed Group Unlocking the Windows Client Interface Responding to Spoof Detected Alerts Managing IPS Protection, Rules, Host Firewall Policy Options, and Blocked Hosts List Verifying McAfee Host Intrusion Prevention Events are Triggered Correctly Client Logging and Troubleshooting Investigating Performance Issues Module 7: McAfee Host Intrusion Prevention General Policies General Policies Overview Configuring the Client User Interface Policy Configuring Display Options Enabling Advanced Functionality and Client Control Trusted Networks Policy and Trusted Application Creating and Editing Executables Working with Multiple Instance Policies Marking Applications as Trusted Module 8: Intrusion Prevention Policies Intrusion Prevention Overview Benefits of McAfee Host Intrusion Prevention IPS Options, Protection, Rules Configuring IPS Options Using Preconfigured Policies Creating and Editing Policies Setting Protective Reaction for Signature Severity Levels Moving from Basic to Advanced Protection Module 9: IPS Rules Policies Overview of the IPS Rules Host Intrusion Prevention Clients IPS Protection with IPS Rules Policies Host and Network IPS Signature Rules Signature and Behavioral Rules Signatures and Severity Levels Working with IPS Rules Policies and Signatures Multiple Instance Policies Effective Policy for IPS Signatures Multiple Instance Policies and the Effective Policy 4 McAfee Host Intrusion Prevention Administration Course

McAfee VirusScan Access Protection and IPS Rules Module 10: IPS Rules Policies Application Protection Application Blocking and Hooking Prevent an Executable from Running (Black List) Create, Editing, or Viewing Executable Details Blocking and Allowing Application Hooking Customizing and Managing Rules Process Hooking Module 11: Configuring IPS Exceptions Exception Rules Configuring IPS Rules Exceptions Creating Exceptions for Network IPS Rules Applying OS Patches Creating Trusted Applications Adjusting Signature Severity Levels Tuning Methods Module 12: Working with IPS Events Events and Event Logging List of the McAfee Host Intrusion Prevention Events Supported by McAfee epo Reacting to Events Viewing McAfee Host Intrusion Prevention Events Filtering Events Creating an Exception Based on a Selected Event Analyzing Events Viewing Systems on Which Selected Events Occur Viewing Common Vulnerabilities and Exposures (CVE) Information Creating Event-Based Exceptions IPS Signature Events General Methodology for Reviewing Updates, Patch Systems, and Applications Module 13: Creating IPS Client Rules IPS Client Rules Overview Refining Policies Based on Use Learning Mode Adaptive Mode Placing Clients in Adaptive or Learn Mode Adaptive Mode Sequence Managing IPS Client Rules Create Exceptions Using IPS Client Rules Reviewing Detail for IPS Client Rules Retaining Existing Client Rules Using the Property Translator Server Task Module 14: Custom Signatures Custom Signatures Overview Methods for Creating Custom Signatures Creating a Custom Signature Using the Signature Creation Wizard Creating Windows/Unix Files and Directories Creating Signatures-Windows Registry 5 McAfee Host Intrusion Prevention Administration Course

Using the Linux or Solaris Option to Create Signatures Adding and Editing Sub-Rules Viewing General Information about Signature Editing the Severity Level, Client Exception Permission, and Log Status of a Signature Custom Signatures Components File Rule Types and Examples Troubleshooting Custom Signatures Module 15: Automatic Responses and Threat Notification Threat Notification and Tracing Event Types, Formats, and Lifecycle Automatic Response Process Creating, Editing, Viewing, and Deleting Automatic Responses for Specific Event Types Setting Filters, Aggregating Events, and Configuring Rule Actions Creating Issues Executing Scheduled Tasks, and Running External Commands Variables Used in Notifications Creating and Editing Automatic Responses Filtering Events Throttling and Aggregation Default Automatic Response Rules Planning Automatic Responses Determining Events Forwarding Automatic Responses Permission Set Managing Issues Creating Contacts Module 16: Firewall Policies McAfee Host Intrusion Prevention Firewall Overview Firewall Protocol Support Allowing Unsupported Protocols and Bridged Traffic Understanding the State Table Stateful Filtering and Protocol Tracking How Firewall Rules Work Firewall DNS Blocking Working with Firewall Options Policies Startup Protection and Protection Options TrustedSource/McAfee Global Threat Intelligence Module 17: Firewall Rules Policies Configuring Firewall Policies Firewall Rules Console Default Policies Typical Corporate Environment Policy Firewall Groups Creating New Firewall Rule Using the Firewall Rule Builder Using the McAfee Host Intrusion Prevention Catalog Adding Rules from the Catalog Creating Firewall Rule Groups Adaptive Mode versus Learn Mode Managing Firewall Client Rules 6 McAfee Host Intrusion Prevention Administration Course

Refining Policies Based on Use Responding to Firewall Alerts Stateful Filtering in Adaptive or Learn Mode Retaining Existing Client Rules Firewall Theory Basic Design Philosophies Firewall Design Considerations Firewall Planning Module 18: Firewall Rule Groups McAfee Host Intrusion Prevention Firewall Groups Location-Enabled Firewall Groups Connection-Aware Firewall Groups Matching for Location-Aware Groups Timed Groups in Firewall Policy Module 19: McAfee Host Intrusion Prevention Maintenance Server Tasks in McAfee epo Clearing Events Generating McAfee Host Intrusion Prevention Reports/ Queries Reports Dashboards and Queries Running Predefined McAfee Host Intrusion Prevention Queries Creating Custom McAfee Host Intrusion Prevention Queries Client-Side Policy Reporting Default Dashboards Vulnerability Shielding Updates McAfee Agent Update Task Manual Content Updating McAfee Internet Sites Creating an McAfee epo Server Pull Task Testing McAfee Host Intrusion Prevention Client Adaptive Mode versus Learn Mode Managing Firewall Client Rules Refining Policies Based on Use Responding to Firewall Alerts Stateful Filtering in Adaptive or Learn Mode Retaining Existing Client Rules Firewall Theory Basic Design Philosophies Firewall Design Considerations Firewall Planning Module 20: McAfee Host Intrusion Prevention Implementation and Best Practices Pre-Installation Considerations and Deployment Planning Best Practices Step 1: Strategy and Planning Lab or Real World? Confirm Your Rollout Strategy 7 McAfee Host Intrusion Prevention Administration Course

Timing and Expectations Preparing the Environment Step 2: Prepare the Pilot Environment Using McAfee epo Step 3: Installation and Initial Configuration Managing Protection Out-of-the-Box Protection Multiple Policy Instances Notify End Users and Plan Escape Hatches Enlist the Help Desk Team Install McAfee Host Intrusion Prevention to Pilot Hosts Check Pilot Systems for Proper Operation Step 4: Initial Tuning McAfee Host Intrusion Prevention Configuration and Initial Tuning Tuning Methods Fine-Tuning Policies Security Tightening Follow these Processes More Tuning Create Exceptions Create Trusted Applications Run Queries Step 5: Optional Adaptive Mode Adaptive Mode: Refine Policies Based on Use Understanding Adaptive Mode Adaptive Mode Limitations Best Practices with Adaptive Mode Potential Pitfalls in IPS Deployments Step 6: Enhanced Protection and Advanced Tuning Heightened Protection and Advanced Tuning Step 7: Maintenance and Expansion Beyond IPS Server Maintenance Domain Controllers and McAfee Host Intrusion Prevention Module 21: ClientControl Utility Deploying McAfee Host Intrusion Prevention with Third-Party Product ClientControl Logging Command Line Syntax Major Arguments Argument - /help Argument - /start and /stop Stopping McAfee Host Intrusion Prevention Services Argument - /log Argument - /engine Argument - /export Argument - /readnailic Argument- /exportconfig Argument - /defconfig Argument - /startupipsprotection Argument - /execinfo 8 McAfee Host Intrusion Prevention Administration Course

Argument - /fwpassthru fwinfo Utility Module 22: Linux Client Linux Client Installation Requirements Policy Enforcement with the Linux Client Notes about the Linux Client Removing the Linux Client Troubleshooting the Linux Client hipts Troubleshooting Tool Verifying Linux Installation Files Stopping and Restarting the Linux Client Module 23: Solaris Client Solaris Client Installation Requirements Policy Enforcement with the Solaris Client Solaris Zone Support Installing the Solaris Client Removing the Solaris Client Troubleshooting the Solaris Client hipts Troubleshooting Tool Verifying Solaris Installation Files Stopping and Restarting the Solaris Client Module 24: Troubleshooting McAfee Host Intrusion Prevention Forums and Security Advisories Knowledge Base Articles for McAfee Host Intrusion Prevention MERTool Client Issues Identify the Versions McAfee Host Intrusion Prevention Engines Installation Issues McAfee Agent Logs Policy, Event, and Client Rule Issues Policy Update Issues Verifying Policies Static Configuration Verifying Policies Dynamic Policy fwinfo.exe Verifying Policies FireCore Policy Troubleshooting McAfee Host Intrusion Prevention Troubleshooting the McAfee Host Intrusion Prevention Firewall Troubleshooting Firewall Issues Activity Log Applying Service Packs Escalation Process Learn More To order, or for further information, please call 1 888 847 8766 or email SecurityEducation@mcafee.com. 2821 Mission College Boulevard Santa Clara, CA 95054 888 847 8766 www.mcafee.com McAfee and the McAfee logo, epolicy Orchestrator, McAfee epo, and VIrusScan are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. Copyright 2017 McAfee, LLC. 3546_0917 SEPTEMBER 2017 9 McAfee Host Intrusion Prevention Administration Course

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback