Table Of Contents - McAfee M-1250 - Network Security Platform Manual

Network protection

Hide thumbs Also See for M-1250 - Network Security Platform:

Configuration manual (259 pages)

Upgrade manual (58 pages)

Deployment manual (36 pages)

Table Of Contents

Table of Contents

Contents

Preface ........................................................................................................... v

Introducing McAfee Network Security Platform............................................................................. v

About this Guide............................................................................................................................ v

Conventions used in this guide ..................................................................................................... v

Related Documentation.................................................................................................................vi

Contacting Technical Support ......................................................................................................vii

Chapter 1 What is inline mode?................................................................... 1

Benefits of running inline ............................................................................................................... 1

Chapter 2 Inline deployment walkthrough ................................................. 3

Chapter 3 Determine your high availability strategy ................................. 4

Failover, or High-Availability.......................................................................................................... 4

Fail-open or fail-closed functionality .............................................................................................. 5

Chapter 4 Install and cable the Sensor....................................................... 6

Cable the Fast Ethernet monitoring ports...................................................................................... 7

Cable the Gigabit Ethernet monitoring ports ................................................................................. 7

Cable a failover pair ...................................................................................................................... 7

Configure the Sensor monitoring ports.......................................................................................... 8

About Sensor port configuration.............................................................................................8

Chapter 5 Failover: configure two Sensors in inline mode .................... 11

Create a Failover Pair ................................................................................................................. 11

Download configuration, signature set, and software updates to the Sensor ......................12

Chapter 6 Configure policies ..................................................................... 13

Tune your policies ....................................................................................................................... 13

About false positives and "noise" ................................................................................................ 14

Incorrect identification ..........................................................................................................14

Correct identification; significance subject to usage policy ..................................................14

Correct identification; significance subject to user sensitivity (also known as noise)...........14

Chapter 7 Block attacks ............................................................................. 16

Methods for blocking attacks....................................................................................................... 16

Block exploit traffic ...................................................................................................................... 16

How blocking works for exploit traffic ...................................................................................17

Verify dropped exploit attacks using the Threat Analyzer ....................................................17

Block DoS traffic.......................................................................................................................... 17

How blocking works for DoS traffic ......................................................................................18

Verify blocked DoS attacks using the Threat Analyzer ........................................................18

Drop DoS Attacks from the Threat Analyzer ........................................................................18

Block using ACLs ........................................................................................................................ 18

Utilize traffic normalization .......................................................................................................... 19

Blocking based on configured TCP & IP Settings ....................................................................... 20

Blocking of IP-spoofed packets ................................................................................................... 20

Chapter 8 Troubleshooting ........................................................................ 21

iii

Table of Contents

This manual is also suitable for:

Network security platform

Table Of Contents - McAfee M-1250 - Network Security Platform Manual

Related Manuals for McAfee M-1250 - Network Security Platform

Related Content for McAfee M-1250 - Network Security Platform

This manual is also suitable for:

Table of Contents