Managing Policies With Ips Policy Editor - McAfee M-1250 - Network Security Platform Configuration Manual
Ips configuration guide version 5.1
Hide thumbs
Also See for M-1250 - Network Security Platform:
- Upgrade manual (58 pages) ,
- Deployment manual (36 pages) ,
- Manual (32 pages)
Table of Contents
Advertisement
McAfee® Network Security Platform 5.1
Managing policies with IPS Policy Editor
The
management. The Policy Editor brings together defining alert filters and rule sets for final
customization before deployment. Using this editor, you can select the exact Exploit and
Denial of Service (DoS) attacks you want to protect against, the types of automatic
responses you need to block current or further impacts, and the methods of notification
that will help your team respond to malicious use of your network in the most expeditious
time.
The Policy Editor provides the following actions:
•
•
•
•
•
•
Tip:
customization best (for example, enabling the Drop Packets response for all High
severity attacks once you have enabled In-line mode), try the
Exploit attack customization. This procedure is detailed in Modifying selected IPS
policies using Bulk Edit (on page 34).
Adding an IPS policy
Adding a new policy using the Policy Editor takes you through the process of refining the
parameters for securing your network. The following checklist explains the essential
elements of a complete policy configuration:
•
•
•
•
Note:
settings opens up to four separate Java windows. Each window has either a
Changes
information to the database and closes all policy configuration actions. Clicking
closes the sub-window that has been opened from within policy configuration,
saving any changes made in that sub-window. Clicking
and closes the window. If you want to continue creating or modifying a policy, do not
click either
available in a window.
To add a new policy for attack monitoring in a specific network environment:
1
2
IPS Policy Editor
action enables the use of the ultimate refining tool for IPS policy
Adding an IPS policy (on page 8)
Cloning an IPS policy (on page 33)
Viewing/editing an IPS policy (on page 34)
Modifying selected IPS policies using Bulk Edit (on page 34)
Deleting an IPS policy (on page 37)
Version Control (on page 37)
If setting the same responses for several attacks serves your policy
Applying rule sets for inbound and outbound traffic (on page 10)
Customizing exploit attack enforcement (on page 11)
Modifying selected IPS policies using Bulk Edit (on page 34)
Customizing Denial of Service (DoS) modes (on page 23)
When working within the Policy Editor, the task of creating or modifying
OK
or
button as well as a
Commit Changes
OK
or
IPS Settings > Policies > IPS Policy Editor
Select
Add
Click
.
Cancel
Commit Changes
button. Clicking
Cancel
until you have completed every tab, step, or action
.
8
Managing IPS settings
Bulk Edit
feature within
Commit
saves the
OK
aborts any operation
Advertisement
Table of Contents
