Faq - Mcafee Trustedsource And The Firewall - McAfee HISCDE-AB-IA - Host Intrusion Prevention Product Manual

Configuring Firewall Policies
Enable firewall protection
Task
For option definitions, click ? on the page displaying the options.
1 Click Menu | Policy | Policy Catalog and select Host Intrusion Prevention: Firewall
in the Product list and Firewall Options in the Category list. The list of policies appears.
2 In the Firewall Options policy list, click Edit under Actions to change the settings for a
custom policy.
NOTE: For editable policies, other options include Rename, Duplicate, Delete, and Export.
For non-editable policies, options include View and Duplicate.
3 In the Firewall Options page that appears, change the default settings as needed, then
click Save.
FAQ — McAfee TrustedSource and the firewall
Two options in the Firewall Options policy allow you to block incoming and outgoing traffic from
a network connection that McAfee TrustedSource™ has rated high risk. This FAQ explains what
TrustedSource does and how it affects the firewall.
What is TrustedSource?
TrustedSource is a global Internet reputation intelligence system that determines what is good
and bad behavior on the Internet by using real-time analysis of worldwide behavioral and
sending patterns for email, web activity, malware, and system-to-system behavior. Using data
obtained from the analysis, TrustedSource dynamically calculates reputation scores that represent
the level of risk posed to your network when you visit a web page. The result is a database of
reputation scores for IP addresses, domains, specific messages, URLs, and images.
How does it work?
When the TrustedSource options are selected, two firewall rules are created: TrustedSource --
Allow Host IPS Service and TrustedSource -- Get Rating. The first rule allows a connection to
TrustedSource and the second rule blocks or allows traffic based on the the connection's
reputation and the block threshold set.
What do you mean by "reputation"?
For each IP address on the Internet, TrustedSource calculates a reputation value based on
sending or hosting behavior and various environmental data that TrustedSource automatically
collects, aggregates and correlates from customers and partners about the state of Internet
threat landscape. The reputation is expressed in four classes:
• Minimal Risk (Do Not Block) — Our analysis indicates this is a legitimate source or
destination of content/traffic.
• Unverified — Our analysis indicates that this appears to be a legitimate source or destination
of content/traffic, but also displays certain properties suggesting that further inspection is
necessary.
• Medium Risk — Our analysis indicates that this source/destination shows behavior we
believe is suspicious and content/traffic to or from it requires special scrutiny.
• High Risk — Our analysis indicates that this source/destination does or will send/host
potentially malicious content/traffic and we believe it presents a serious risk.
66 McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5