How Network Security Platform Calculates Severity Level; Attack Categories And Severity Range - McAfee M-1250 - Network Security Platform Configuration Manual

McAfee® Network Security Platform 5.1

How Network Security Platform calculates severity level

Network Security Platform assigns a default severity (high, medium, or low) to every attack
in its attack database. Severity is based on the immediate effect, or impact, on the target
system.
Severity numbering scheme
Network Security Platform uses a numeric mapping scheme to indicate Informational, Low,
Medium, and High severity for a more intuitive display. The numbering scheme is as
follows:
The guidelines in assigning severity levels are very similar to those used in many open
security forums. You can customize these severity levels to meet the needs of your system
based on the worth of your protected assets—an attack whose severity might be
considered Low to one company might be High to another.

Attack categories and severity range

Network Security Platform categorizes attacks into four groups: Reconnaissance, Exploits,
Volume DoS, and Policy Violation (for descriptions of these categories, see Pre-configured
rule sets and policies (on page 63)). The following table illustrates how severity levels are
assigned for attacks in different categories:
INFORMATIONAL
0
Category
Reconnaissance Host sweep
Port scan
Brute force
Service sweep
OS Fingerprinting
LOW MEDIUM
1-3 4-6
Threat Type Range Used in Network
Security Platform
4
Overview of IPS settings
HIGH
7-9
4-4
4-4
4-6
6-6
6-6