Host Ips Policies - McAfee HISCDE-AB-IA - Host Intrusion Prevention Product Manual

Introducing Host Intrusion Prevention

Host IPS policies

• Basic network connectivity is allowed
NOTE: When Host Intrusion Prevention 8.0 is first installed no protection is enabled. You must
enable protection in the IPS Options or Firewall Options policy and apply the policy to the client.
Advanced protection
For advanced protection, switch from the default settings to stronger preset settings, or create
custom settings.
Start with a sample deployment to monitor and tune the new settings. Tuning involves balancing
intrusion prevention protection and access to required information and applications per group
type.
Host IPS policies
A policy is a collection of settings that you configure and enforce through the ePolicy Orchestrator
console. Applying policies ensures that your security needs on managed systems are met. Host
Intrusion Prevention provides three policy features, each with a set of security options. These
are: IPS, Firewall, and General. IPS and firewall features contain a "rules" policy with rules
that define behavior, and an "options" policy that enables or disables the rules.
Ownership of policies is assigned in the Policy Catalog. After a policy is created, it can be
edited or deleted only by the creator of the policy, the person associated as an owner of the
policy, or the global administrator. Deleting a policy can be done only in the Policy Catalog.
IPS policies
The IPS feature contains three policies that protect both Windows and non-Windows computers.
It details exceptions, signatures, application protection rules, events, and client-generated
exceptions.
• IPS Options (All platforms). Turns on or off IPS protection and application of adaptive
mode for tuning.
• IPS Protection (All platforms). Defines the protection reaction to events that signatures
generate.
• IPS Rules (All platforms). Defines signatures, exceptions, and application protection rules.
This policy is a multiple instance policy, which allows for several IPS Rules policies, instead
of a single policy, to be assigned to a system. The effective policy is then the result of the
merged contents of the policies. If there are conflicting settings, the most protective explicit
setting is applied.
Firewall policies
The Firewall feature contains three policies that protect Windows computers only. It filters
network traffic, allowing legitimate traffic through the firewall and blocking the rest.
• Firewall Options (Windows only). Turns on or off firewall protection and application of
adaptive or learn mode for tuning.
• Firewall Rules (Windows only). Defines firewall rules.
• Firewall DNS Blocking (Windows only). Defines the domain name servers that are to be
blocked.
8 McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5