Configuring Non-Standard Ports - McAfee M-1250 - Network Security Platform Configuration Manual

McAfee® Network Security Platform 5.1
Go to the following links for more information:
•
•
•
•
•
•
•
•

Configuring non-standard ports

When the destination IP address is listening for a protocol on a port that is not standard,
that port is called a non-standard port. For example, HTTP by default uses Port 80 or
8080; therefore, a Sensor reading a packet with Port 80 or 8080 attempts to decode that
traffic as HTTP traffic. However, if a user is running an HTTP server on Port 2560, it is
recommended that the user add this non-standard port parameter. This protects the
system from experiencing any false positives from unrecognized port-protocol
communication and having malicious activity sent through a "back door."
•
•
Figure 53: Non-Standard Ports List
Adding a non-standard port entry
The
admin domain. Further, if a Sensor has been allocated to a child domain, that Sensor also
receives the non-standard port rule.
Configuring non-standard ports (on page 51): add, edit non-standard port entry.
Managing rule sets with the Rule Set Editor (on page 65): View, create, and
customize network environment rule sets, which maximize the effectiveness of applied
policies. Pre-configured rule sets are provided for ease of use.
Managing attack responses using GARE (on page 65): edit an attack definition's
response once and have that modification apply across all policies.
User-Defined Signatures (UDS) action (on page 74): create attack instances with
signatures for implementation in your Network Security Platform policy enforcement
process. The User-Defined Signature editor tool enables you to create custom
signatures for new attacks or those activities not detected by Network Security
Platform for which you want to be alerted.
Setting up Global Auto Acknowledgement (on page 66): set up Manager to
automatically acknowledge alerts based on specific criteria.
Enabling and starting the Incident Generator service: (on page 67) install and start the
Incident Generator service, which enables correlative analysis of alert incident
conditions to further enhance your McAfee
utilization.
Exporting policies (on page 74): save one or more custom (created/cloned) IPS
policies and Reconnaissance policies from your Manager server to your client.
Importing and comparing policies (on page 75): compare and add a policy to Manager
server from an outside location.
Adding a non-standard port entry (on page 51)
Editing a non-standard port entry (on page 52)
Non-Standard Ports
action at the
®
Network Security Platform security
IPS Settings
node is applied to all Sensors in the same
51
Managing IPS settings