McAfee M-1250 - Network Security Platform Deployment Manual
Deployment guide
Hide thumbs
Also See for M-1250 - Network Security Platform:
- Configuration manual (259 pages) ,
- Upgrade manual (58 pages) ,
- Manual (32 pages)
Related Manuals for McAfee M-1250 - Network Security Platform
Summary of Contents for McAfee M-1250 - Network Security Platform
- Page 1 IPS Deployment Guide revision 2.0 McAfee® Network Security Platform version 6.0 McAfee ® Network Protection Industry-leading network security solutions...
- Page 2 GPL, which is distributed to someone in an executable binary format, that the source code also be made available to those users. For any such software covered under the GPL, the source code is made available on this CD. If any Free Software licenses require that McAfee provide rights to use, copy or modify a software program that are broader than the rights granted in this agreement, then such rights shall take precedence over the rights and restrictions herein.
-
Page 3: Table Of Contents
Contents Preface ......................iv Introducing McAfee Network Security Platform................iv About this Guide..........................iv Audience ............................iv Conventions used in this guide .....................iv Related Documentation......................... v Contacting Technical Support ......................vii Chapter 1 Getting Started................1 Deciding where to deploy Sensors and in what operating mode ..........1 Setting up your Sensors ........................ -
Page 4: Preface
This preface provides a brief introduction to the product, discusses the information in this document, and explains how this document is organized. It also provides information such as, the supporting documents for this guide and how to contact McAfee Technical Support. Introducing McAfee Network Security Platform ®... -
Page 5: Related Documentation
McAfee® Network Security Platform 6.0 Preface Convention Example Service Properties Terms that identify fields, buttons, field on the tab specifies the tabs, options, selections, and name of the requested service. commands on the User Interface Arial Narrow (UI) are shown in bold font. - Page 6 McAfee® Network Security Platform 6.0 Preface Upgrade Guide Getting Started Guide Manager Configuration Basics Guide I-1200 Sensor Product Guide I-1400 Sensor Product Guide I-2700 Sensor Product Guide I-3000 Sensor Product Guide I-4000 Sensor Product Guide ...
-
Page 7: Contacting Technical Support
Note: McAfee requires that you provide your GRANT ID and the serial number of your system when opening a ticket with Technical Support. You will be provided with a user name and password for the online case submission. -
Page 8: Chapter 1 Getting Started
Sensor in the Manager interface, in certain reports, and in the alert data generated by the Sensor. McAfee recommends you establish a naming convention that is easy to interpret by anyone working with the Network Security Platform deployment. Once you... -
Page 9: Setting Up Your Sensors
8 (0 SFP slots) N-450 20 (20 SFP slots) Note: To ensure compatibility, McAfee supports only those GBIC or SFP and XFP GBIC modules purchased through McAfee or from a McAfee-approved vendor. For a list of approved vendors, see the on-line KnowledgeBase http://mysupport.mcafee.com... - Page 10 McAfee® Network Security Platform 6.0 Getting Started (Optional) If you have purchased a redundant power supply, install the power supply. Sensor models supporting redundant power supply are listed in the table below. Models supporting a redundant power supply Sensor Power supply...
-
Page 11: Establish Sensor-To-Manager Communication
Sensor via the Manager server or from a browser on a client machine that can connect to the Manager server. McAfee recommends you connect to the Manager server via browser session from a separate client machine to perform your configuration tasks. ... -
Page 12: Viewing And Working With Data Generated By Network Security Platform
McAfee® Network Security Platform 6.0 Getting Started Viewing and working with data generated by Network Security Platform Once you’ve completed the steps in the previous sections, you’re up and running. While actively monitoring network traffic, your Sensor will generate alerts for traffic that is in violation of the set security policy. -
Page 13: Updating Your Signatures And Software
Audit and Alert Tables Note: options can be rather large in size, depending upon the amount of alert data in your database. McAfee recommends saving these types of backups to an alternate location. Manager Server Configuration For more information on how to back up your data, see... -
Page 14: Tuning Your Deployment
Manager software installation includes a default signature set image. There are several options for loading updates to your Manager and Sensors. Download images from the McAfee Network Security Update Server (Update Server) to your Manager. You can use the Manager interface to download Sensor software and signature... -
Page 15: Chapter 2 Planning Network Security Platform Installation
McAfee Network Security Platform. Tip: If you are a beginner and want some strategies for deploying McAfee Network Security Platform, you should also read Deployment Scenarios (on page 26). Pre-deployment considerations Deployment of Network Security Platform requires specific knowledge of your network’s ®... -
Page 16: How Many Access Points Are There Between Your Network And The Extranets Or Internet
McAfee® Network Security Platform 6.0 Planning Network Security Platform Installation How many access points are there between your network and the extranets or Internet? Large corporations have several points of access that can be exploited by parties with malicious intent. Protecting the various points of access to your network is the key to any successful IDS installation. -
Page 17: How Much Traffic Typically Crosses Your Network
McAfee® Network Security Platform 6.0 Planning Network Security Platform Installation Figure 2: Tap Monitoring of Active-Passive Links How much traffic typically crosses your network? Bandwidth and traffic flow are crucial to running a successful enterprise network. Bandwidth requirements will vary in an enterprise network, as different applications and business functions have different needs. -
Page 18: Where Are Your Security Operations Located
2 Gbps Where are your security operations located? To successfully defend against intrusions, McAfee recommends dedicated monitoring of the security system. Network intrusions can happen at any given moment, so having a dedicated 24-hour-a-day prevention system will make the security solution complete and effective. - Page 19 McAfee® Network Security Platform 6.0 Planning Network Security Platform Installation an attack on the outside of the firewall and you detect the same attack on the inside of the firewall, then you know your firewall has been breached. This is obviously a much higher severity event than if you were just to see the attack on the outside and not on the inside, which means that your firewall blocked the attack.
-
Page 20: Chapter 3 Sensor Deployment Modes
Flexible deployment options ® McAfee Network Security Platform offers unprecedented flexibility in McAfee Network Security Sensor (Sensor) deployment. Sensors can be deployed in a variety of topologies and network security applications, providing industry-leading flexibility and scalability. Most PC-based IDS Sensors on the market today can monitor only one network segment at a time, and only via the SPAN port on a switch. - Page 21 McAfee® Network Security Platform 6.0 Sensor Deployment Modes In the following example, a single Network Security Platform I-2700 Sensor is deployed to monitor the several external and internal points of exposure of an enterprise network. This includes the Web Presence, Corporate Internet Access for employees, employee Remote Access, Extranet connections, and internal attacks on critical department servers such as Finance and HR.
-
Page 22: Full-Duplex And Half-Duplex Monitoring
McAfee® Network Security Platform 6.0 Sensor Deployment Modes Full-duplex and half-duplex monitoring Sensors are equipped with multiple Monitoring and Response ports. By default, the Sensor ports are internally wire matched (that is, 1A and 1B) to monitor traffic in full-duplex pairs, that is, two detection ports work together to monitor traffic flowing in both directions. - Page 23 McAfee® Network Security Platform 6.0 Sensor Deployment Modes Note: Sensors are configured by default to run in in-line mode. When running in in-line mode, network segments are connected to two matched ports of the Sensor (for example, ports 1A and 1B), and packets are examined in real time as they pass through the Sensor.
-
Page 24: Fail-Open Versus Fail-Closed
Sensors support complete stateful fail-over, delivering the industry's first true high- availability IPS deployment, similar to what you’d find with firewalls. If you’re running in-line, McAfee recommends that you deploy two Sensors redundantly for failover protection. Figure 6: In-line mode In in-line mode (seen in the previous figure), the Sensor logically acts as a transparent repeater with minimal latency for packet processing. -
Page 25: Deploying Sensors In Tap Mode
McAfee® Network Security Platform 6.0 Sensor Deployment Modes Fail-open option for GE ports Gigabit Ethernet ports on Sensors require the connection of an optional optical bypass switch and controller card for In-line Fail-open functionality; no extra hardware is required Optical Bypass Gigabit Fail-open for In-line Fail-closed mode. -
Page 26: Deploying The Sensors With Fe Ports In Internal Tap Mode
McAfee® Network Security Platform 6.0 Sensor Deployment Modes Tap monitoring (Figure Tap mode) can work in one of two ways for the 10/100 Monitoring ports on the I-1200 and I-2700 Sensors: the internal tap can be enabled, or the interface can be connected to an external tap. -
Page 27: Deploying Sensors With Ge Ports In External Tap Mode
You can easily reconfigure the 10/100 monitoring ports of the I-1200, I-1400 and I-2700 to ® disable the internal tap and monitor in In-line Mode at any time via McAfee Network Security Manager (Manager). This process is described in the section, Shifting from tap mode to in-line mode (on page 21). -
Page 28: Shifting From Tap Mode To In-Line Mode
McAfee® Network Security Platform 6.0 Sensor Deployment Modes Figure 9: I-4000 sensor deployed in tap mode Shifting from tap mode to in-line mode You can easily shift from tapped to in-line mode. If you are running a Sensor with built-in taps in internal tap mode, you can toggle between tap and in-line mode with a simple software configuration command from the Manager’s System Configuration tool. -
Page 29: Span Port And Hub Monitoring
When monitoring a SPAN or hub port, Sensors with internal taps disabled. Note: McAfee recommends cabling your Fast Ethernet ports with fail-closed dongles if deploying in SPAN or Hub mode. In Figure SPAN Port Monitoring which shows an I-4000 Sensor, Port 1A receives data from the SPAN port of SwitchA. -
Page 30: Understanding Failover In Network Security Platform
McAfee® Network Security Platform 6.0 Sensor Deployment Modes Understanding failover in Network Security Platform In typical failover configurations, one device is the “Active” device while the other is the “Standby.” As its name implies, the active device performs normal network functions while the standby monitors, ready to take control should the active device fail. -
Page 31: Interface Groups
McAfee® Network Security Platform 6.0 Sensor Deployment Modes "Primary" versus "active" You configure a Failover Pair using the Manager’s Configuration page. You designate one Sensor as the Primary Sensor and the other as Secondary. This designation is used purely for configuration purposes and has no bearing on which Sensor considers itself active. - Page 32 McAfee® Network Security Platform 6.0 Sensor Deployment Modes Sensors’ multiple interfaces make the monitoring of asymmetric traffic possible. For example, as shown in Figure Interface groups in an asymmetric network , an I-4000 has four ports that are wired in pairs by default, and therefore two interfaces. Peer ports 1A and 1B can monitor one direction of an asymmetric transmission, while peer ports 2A and 2B can monitor the other direction.
-
Page 33: Chapter 4 Deployment Scenarios
McAfee Network Security Platform deployment can be simple or complex, depending on Beginner your needs and your skill with the product. If you are a... -
Page 34: Deployment Scenario For Intermediate Users
McAfee® Network Security Platform 6.0 Deployment Scenarios CLI Guide, Device Configure the Sensor and add it to the Manager as described in Configuration Guide On the Manager, check the Sensor’s port configuration to be sure that it matches the way you have deployed the Sensor. Make changes as necessary. - Page 35 McAfee® Network Security Platform 6.0 Deployment Scenarios Split your deployment into multiple Admin Domains. You may want to organize your deployment by geographical location, business unit, or functional area (that is, HR, Finance). Segment your network traffic into VLAN tags and CIDR blocks.
-
Page 36: Index
SPAN port .............. 19 Index SPAN port and hub monitoring ......19 SPAN/hub operating mode ........19 deploying the I-1200 in......13, 17, 23 conventions .............. v tap mode shifting from tap mode to in-line mode ....19 deploying sensors in in-line mode......15 technical support.............vii deploying sensors in tap mode ......
Need help?
Do you have a question about the M-1250 - Network Security Platform and is the answer not in the manual?
Questions and answers