Network Security Platform 8.1

8.1.7.91-8.1.3.40 NTBA Appliance Release Notes Network Security Platform 8.1 Revision B Contents About this release New features Enhancements Resolved issues Installation Instructions Known issues Product documentation About this release This document contains important information about the current release. We recommend that you read the whole document. This maintenance release of Network Security Platform is to provide few enhancements and fixes on the Manager and Network Threat Behavior Analysis Appliance software. Before you consider installing or upgrading to this NTBA Appliance software version, refer to the Notes for installation section. Release parameters Version Network Security Manager software version 8.1.7.91 Signature Set 8.7.99.4 Network Threat Behavior Analysis (NTBA) software version 8.1.3.40 1

This version of 8.1 Manager software can be used to configure and manage the following hardware: Hardware NS-series Sensors (NS3100, NS3200, NS5100, NS5200, NS7100, NS7200, NS7300, NS9100, NS9200, NS9300) Virtual IPS Sensors (IPS-VM100 and IPS-VM600) 8.1 Virtual Security System Sensors (IPS-VM100-VSS) 8.1 M-series Sensors (M-1250, M-1450, M-2750, M-2850, M-2950, M-3050, M-4050, M-6050, M-8000) 8.1 Mxx30-series Senors (M-3030, M-4030, M-6030, M-8030) 8.1 XC Cluster Appliances (XC-240) 8.1 NTBA Appliances (T-200, T-500, T-600, T-1200) 8.1 Virtual NTBA Appliances (T-VM, T-100VM, T-200VM) 8.1 The above mentioned Network Security Platform software version support integration with the following product versions: Table 1-1 Network Security Platform compatibility matrix Product Version supported McAfee epo 5.9.0, 5.3.2, 5.1.1 McAfee Global Threat Intelligence Compatible with all versions McAfee Advanced Threat Defense 3.8.0.29, 3.6.2.21 McAfee Endpoint Intelligence Agent 2.6 McAfee Logon Collector 3.0.6 McAfee Vulnerability Manager 7.5.10, 7.5.7 McAfee Host Intrusion Prevention 8.0 Version Currently port 4167 is used as the UDP source port number for the SNMP command channel communication between Manager and Sensors. This is to prevent opening up all UDP ports for inbound connectivity from SNMP ports on the sensor. Older JRE versions allowed the Manager to bind to the same source port 4167 for both IPv4 and IPv6 communication. But with the latest JRE version 1.7.0_45, it is no longer possible to do so, and the Manager uses port 4166 as the UDP source port to bind for IPv6. Manager 8.1 uses JRE version 1.7.0_51. If you have IPv6 Sensors behind a firewall, you need to update your firewall rules accordingly such that port 4166 is open for the SNMP command channel to function between those IPv6 Sensors and the Manager. 8.1 Network Security Platform version 8.1 replaces 8.0 release. If you are using version 8.0 and require any fixes, note that the fixes will be provided in version 8.1. There will not be any new maintenance releases or hot-fix releases on version 8.0. With release 8.1, Network Security Platform no longer supports the Network Access Control module and N-series Sensors. If you are using Network Access Control with N-series (NAC-only) Sensors, McAfee recommends that you continue to use the 7.1.3.6 version. If you are using the Network Access Control module in M-series Sensors, continue to use the 7.5.3.30 version. That is, you should not upgrade the Manager or the Sensors to 8.1 for such cases. Manager software version 7.5 and above are not supported on McAfee-built Dell based Manager Appliances. 2

New features This release of Network Security Platform includes the following new feature: Integration with epo 5.9 This release of the Manager supports integration with McAfee epo version 5.9. For more information, see McAfee Network Security Platform Integration Guide. Enhancements This release of McAfee Network Threat Behavior Analysis includes the following enhancements. Migration from SHA1 to SHA256 With this maintenance release, Network Security Platform announces the availability of SHA256 certificates to validate communication between the Sensor and the Manager. It replaces the existing SHA1 certificates. This results in more secure communication between the Sensor and the Manager. After an upgrade, trust between the NTBA Appliance and the Manager is lost due to the migration to SHA256 certificates. In order to re-establish trust between the NTBA Appliance and the Manager, you will need to remove the appliance from the Manager by running the deinstall command. After removing trust, run the set sensor sharedsecretkey command to re-establish the trust with the Manager using SHA256 certificates on ports 8501, 8502, and 8503. If your deployment had an integration with EIA, after re-establishing the trust you will need to once again integrate NTBA with EIA. Resolved issues The current release of the product resolved these issues. For a list of issues fixed in earlier releases, see the Release Notes for the specific release. Resolved Manager software issues The following table lists the medium-severity Manager software issues: ID # Issue Description 1185999 High-risk endpoints are not shown in the Manager. 1183929 Summary page of the failover peer displays two different names. 1179146 The attempt to add a username that includes an apostrophe in the Add a User page fails. 1173256 The Manager user interface fails to load in Internet Explorer version 11. 1172736 LDAP over SSL does not work after a Manager upgrade. 1165342 Quarantined hosts generate alerts in the Threat Analyzer. 1164024 Sensor performance alert causes alert channel to go down. 1153987 A difference exists between severity of detected alerts and configured severity 1150753 The Manager incorrectly considers a Sensor to be part of a failover pair. 1148771 The Manager is vulnerable to CVE-2016-5385. 3

ID # Issue Description 1146980 The Devices tab does not display the tab options. 1146835 When an attack is blocked using the Recommended for Smart Blocking (RfSB) feature, its attack result in the SNMP trap displays [777] instead of "Smart Blocked". 1143464 Direct link to view the Sensor status on the System Health monitor of the Dashboard page is disabled. 1143395 The "An internal application error occurred" message is displayed when trying to access the Global Threat Intelligence page. 1138335 Sensors show as disconnected in the Manager after the Manager service is restarted. 1132046 Old signature files are not getting deleted using the file pruning option. 1126704 The Manager command channel should request for TLS1.2 connection with NTBA. 1125670 SNMP trap shows incorrect port names. Resolved NTBA Appliance software issues The following table lists the medium-severity resolved NTBA Appliance software issues. ID # Issue Description 1139133 NTBA is vulnerable on port 443. 1134416 NTBA trace upload fails when the Manager is running on FIPS build. 4

Installation Instructions Manager server/client system requirements The following table lists the 8.1 Manager server requirements: Operating system Minimum required Any of the following: Windows Server 2008 R2 Standard or Enterprise Edition, English operating system, SP1 (64-bit) (Full Installation) Windows Server 2008 R2 Standard or Enterprise Edition, Japanese operating system, SP1 (64-bit) (Full Installation) Windows Server 2012 Standard Edition (Server with a GUI) English operating system Windows Server 2012 Standard Edition (Server with a GUI) Windows Server 2012 R2 Standard Edition (Server with a GUI) Windows Server 2012 R2 Standard Edition (Server with a GUI) Windows Server 2012 R2 Datacenter Edition (Server with a GUI) Windows Server 2012 R2 Datacenter Edition (Server with a GUI) Only x64 architecture is supported. Recommended Same as the minimum required. Memory 8 GB 8 GB or more CPU Server model processor such as Intel Xeon Same Disk space 100 GB 300 GB or more Network 100 Mbps card 1000 Mbps card Monitor 32-bit color, 1440 x 900 display setting 1440 x 900 (or above) The following are the system requirements for hosting Central Manager/Manager server on a VMware platform. 5

Table 5-1 Virtual machine requirements Component Minimum Recommended Operating system Any of the following: Windows Server 2008 R2 Standard or Enterprise Edition, English operating system, SP1 (64-bit) (Full Installation) Windows Server 2008 R2 Standard or Enterprise Edition,, SP1 (64-bit) (Full Installation) Windows Server 2012 Standard Edition (Server with a GUI) Windows Server 2012 Standard Edition (Server with a GUI) Windows Server 2012 R2 Standard Edition (Server with a GUI) Windows Server 2012 R2 Standard Edition (Server with a GUI) Windows Server 2012 R2 Datacenter Edition (Server with a GUI) Windows Server 2012 R2 Datacenter (Server with a GUI) Only X64 architecture is supported. Same as minimum required. Memory 8 GB 8 GB or more Virtual CPUs 2 2 or more Disk Space 100 GB 300 GB or more Table 5-2 VMware ESX server requirements Component Minimum Virtualization software ESXi 5.0 ESXi 5.1 ESXi 5.5 Update 3 ESXi 6.0 Update 1 CPU Intel Xeon CPU ES 5335 @ 2.00 GHz; Physical Processors 2; Logical Processors 8; Processor Speed 2.00 GHz Memory Internal Disks Physical Memory: 16 GB 1 TB 6

The following table lists the 8.1 Manager client requirements when using Windows 7, Windows 8, or Windows 10: Operating system Minimum Windows 7 English or Japanese Windows 8 English or Japanese Windows 8.1 English or Japanese Windows 10 English or Japanese The display language of the Manager client must be same as that of the Manager server operating system. Recommended RAM 2 GB 4 GB CPU 1.5 GHz processor 1.5 GHz or faster Browser Internet Explorer 9, 10 or 11 Mozilla Firefox Google Chrome is not supported since the NPAPI plug-in is disabled by default and will not be supported by Google going forward. This means that Java applet support is also disabled by default. Internet Explorer 11 Mozilla Firefox 41.0.2 or above In Mozilla Firefox version 52 and above the NPAPI plug-in is disabled and will not be supported by Mozilla going forward. This means that pages that uses Java in the Manager will not render properly on Mozilla Firefox version 52 and above. For the Manager client, in addition to Windows 7 and Windows 8, you can also use the operating systems mentioned for the Manager server. The following table lists the 8.1 Central Manager / Manager client requirements when using Mac: Mac operating system Lion Mountain Lion Browser Safari 6 or 7 For more information, see McAfee Network Security Platform Installation Guide. NTBA Virtual Appliance system requirements The following table lists the 8.1 NTBA Virtual Appliance requirements. Table 5-3 VMware ESX server requirements for NTBA Virtual Appliance Component Recommended Virtualization software VMware ESX 5.0 and higher CPU 4 cores for T-VM, T-100VM, T-200VM Memory T-VM: 16 GB T-100VM: 8 GB T-200VM: 16 GB 7

Table 5-3 VMware ESX server requirements for NTBA Virtual Appliance (continued) Component Network ports Storage Recommended 5 (One network management port and four monitoring ports for NTBA Virtual Appliance) 600 GB (partitions: 250 GB and 350 GB) The NTBA OVA image comes with pre-installed NTBA Appliance software, including the recommended configurations. Notes for installation For this release, you have to install or upgrade the NTBA Appliance software to version 8.1.3.40 using the loadimage command. A JAR file will not be available for this release. Upgrade recommendations McAfee regularly releases updated versions of the signature set. Note that automatic signature set upgrade does not happen. You need to manually import the latest signature set and apply it to your Sensors. The following is the upgrade matrix supported for this release. Software Component Software Version Manager/Central Manager 8.1: 8.1.7.33, 8.1.7.82 NTBA Appliance (T-200, T-500, T-600 and T-1200, T-VM, T-100VM, T-200VM) 8.1: 8.1.3.6, 8.1.3.10 For more information, see the McAfee Network Security Platform Upgrade Guide. Known issues For known issues in this product release, refer to the following KnowledgeBase articles: Manager software issues: KB81373 NTBA Appliance software issues: KB81378 Product documentation Every McAfee product has a comprehensive set of documentation. Find product documentation 1 Go to the McAfee ServicePortal at http://mysupport.mcafee.com and click Knowledge Center. 2 Enter a product name, select a version, then click Search to display a list of documents. 8.1 product documentation list The following software guides are available for Network Security Platform 8.1 release: Quick Tour Custom Attacks Definition Guide Installation Guide XC Cluster Administration Guide 8

Upgrade Guide Integration Guide Manager Administration Guide NTBA Administration Guide Manager API Reference Guide Best Practices Guide CLI Guide Troubleshooting Guide IPS Administration Guide Copyright 2017 McAfee, LLC McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others.