Table Of Contents - McAfee M-1250 - Network Security Platform Configuration Manual

Ips configuration guide version 5.1

Hide thumbs Also See for M-1250 - Network Security Platform:

Upgrade manual (58 pages)

Deployment manual (36 pages)

Manual (32 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

page of 259

/ 259
Contents
Table of Contents
Bookmarks

Table of Contents

Contents

Preface ........................................................................................................... v

Introducing McAfee Network Security Platform............................................................................. v

About the guide ............................................................................................................................. v

Audience ....................................................................................................................................... v

Conventions used in this guide .....................................................................................................vi

Related documentation ................................................................................................................vii

Contacting Technical Support ..................................................................................................... viii

Chapter 1 Overview of IPS settings ............................................................ 1

Configuring and setting rule-based policies .................................................................................. 1

Responding to detected attacks .................................................................................................... 2

Packet logging........................................................................................................................2

Sensor actions .......................................................................................................................3

Setting notification for attacks ....................................................................................................... 3

How Network Security Platform calculates severity level.............................................................. 4

Attack categories and severity range .....................................................................................4

Chapter 2 Managing IPS settings ................................................................ 6

Viewing assigned policies ............................................................................................................. 6

Configuring and managing policies ............................................................................................... 7

Managing policies with IPS Policy Editor ...............................................................................8

Managing policies with Reconnaissance Policy Editor ........................................................38

Policy Assignment................................................................................................................46

Managing HTTP response scanning....................................................................................48

Configuring Advanced Policies.................................................................................................... 50

Configuring non-standard ports............................................................................................51

Managing rule sets with the Rule Set Editor ........................................................................53

Managing attack responses using GARE ............................................................................65

User-Defined Signatures action ...........................................................................................65

Setting up Global Auto Acknowledgement...........................................................................66

Using the Incident Generator service...................................................................................67

Exporting and importing policies ..........................................................................................74

Managing alert filters and attack responses................................................................................ 78

Using the Alert Filter Editor ..................................................................................................78

Alert filter assignments .........................................................................................................82

Exporting Alert Filters ...........................................................................................................84

Importing alert filters.............................................................................................................84

Setting up ACLs .......................................................................................................................... 85

Configuring ACL rules ..........................................................................................................85

ACL Syslog Forwarder .........................................................................................................99

XML converter tool for ACL rules .......................................................................................101

Using L3 ACLs for fragmented traffic .................................................................................102

Enabling Secure Socket Layer (SSL) Decryption ..................................................................... 104

Enabling SSL decryption in IPS Settings node ..................................................................105

Importing SSL keys to the Sensors....................................................................................106

Managing the imported SSL keys of Sensors ....................................................................107

IPS Quarantine settings ............................................................................................................ 108

IPS Quarantine configuration in Policy Editors ..................................................................109

IPS Quarantine configuration in Admin Domain.................................................................115

IPS Quarantine settings in the Threat Analyzer .................................................................123

Archiving data............................................................................................................................ 128

Viewing scheduled actions.................................................................................................128

Archiving alerts and packet logs ........................................................................................128

Scheduling automatic archival ...........................................................................................130

iii

Table of Contents

This manual is also suitable for:

Network security platform

Table Of Contents - McAfee M-1250 - Network Security Platform Configuration Manual

Related Manuals for McAfee M-1250 - Network Security Platform

Related Content for McAfee M-1250 - Network Security Platform

This manual is also suitable for:

Table of Contents