McAfee M-1250 - Network Security Platform Manual
Network protection
Hide thumbs
Also See for M-1250 - Network Security Platform:
- Configuration manual (259 pages) ,
- Upgrade manual (58 pages) ,
- Deployment manual (36 pages)
Table of Contents
Advertisement
Quick Links
Download this manual
See also:
Configuration Manual
Advertisement
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for McAfee M-1250 - Network Security Platform
Summary of Contents for McAfee M-1250 - Network Security Platform
- Page 1 Special Topics Guide—In-line Sensor Deployment revision 1.0 McAfee® Network Security Platform Network Security Sensor version 6.0 McAfee ® Network Protection Industry-leading network security solutions...
- Page 2 GPL, which is distributed to someone in an executable binary format, that the source code also be made available to those users. For any such software covered under the GPL, the source code is made available on this CD. If any Free Software licenses require that McAfee provide rights to use, copy or modify a software program that are broader than the rights granted in this agreement, then such rights shall take precedence over the rights and restrictions herein.
-
Page 3: Table Of Contents
Contents Preface ......................v Introducing McAfee Network Security Platform................v About this Guide..........................v Conventions used in this guide ..................... v Related Documentation.........................vi Contacting Technical Support ......................vii Chapter 1 What is inline mode?..............1 Benefits of running inline ....................... 1 Chapter 2 Inline deployment walkthrough .......... - Page 4 Verify that traffic is flowing through the Sensor ................21 Verify failover pair creation success.................... 21 show .............................21 status............................21 show failover-status ......................22 downloadstatus ........................22 Index ......................23...
-
Page 5: Preface
This preface provides a brief introduction to the product, discusses the information in this document, and explains how this document is organized. It also provides information such as, the supporting documents for this guide and how to contact McAfee Technical Support. Introducing McAfee Network Security Platform ®... -
Page 6: Related Documentation
McAfee® Network Security Platform 6.0 Preface Convention Example Configuration tab Backup Procedures are presented as a 1. On the , click series of numbered steps. Names of keys on the keyboard Press ENTER. are denoted using UPPER CASE. Text such as syntax, key words, Type: setup and then press ENTER. -
Page 7: Contacting Technical Support
Special Topics Guide—Virtualization • Special Topics Guide—Denial-of-Service • NTBA Appliance Administrator's Guide • NTBA Monitoring Guide • NTBA Appliance T-200 Quick Start Guide • NTBA Appliance T-500 Quick Start Guide Contacting Technical Support If you have any questions, contact McAfee for assistance:... - Page 8 Note: McAfee requires that you provide your GRANT ID and the serial number of your system when opening a ticket with Technical Support. You will be provided with a user name and password for the online case submission.
-
Page 9: Chapter 1 What Is Inline Mode
H A P T E R What is inline mode? Inline monitoring mode provides prevention of attacks by enabling Security Administrators to select the types of attacks/traffic to drop, thus preventing the negative end-system impact common with today's network attacks. Inline mode is achieved when Network Security Sensor is placed directly in the path of a network segment, becoming, essentially, a “bump in the wire,”... - Page 10 McAfee® Network Security Platform 6.0 What is inline mode? In inline mode, the Sensor logically acts as a transparent repeater with minimal latency for packet processing. Unlike bridges, routers, or switches, the Sensor does not need to learn MAC addresses or keep an ARP cache or a routing table.
-
Page 11: Chapter 2 Inline Deployment Walkthrough
Understand how blocking works, and configure blocking. ® Note: You must use McAfee Network Security Manager (Manager) to configure most aspects of your Sensor(s), including port configuration, pairing two Sensors for failover operation, and configuring and applying policies to detect and drop... -
Page 12: Chapter 3 Determine Your High Availability Strategy
Sensors support complete stateful failover, delivering the industry's first true high- availability IPS deployment, similar to what you’d find with firewalls. If you’re running the Sensor in inline mode, McAfee recommends that you deploy two Sensors redundantly for failover protection. -
Page 13: Fail-Open Or Fail-Closed Functionality
McAfee® Network Security Platform 6.0 Determine your high availability strategy Fail-open or fail-closed functionality Sensor ports deployed in inline mode have the option of failing open or closed. Similar in terminology to firewall operation, ports failing open allow traffic to continue to flow. Thus, even if the ports fail, your Sensor does not become a bottleneck. -
Page 14: Chapter 4 Install And Cable The Sensor
Each McAfee Network Security Sensor (Sensor) model are shipped with documentation ® on how to set up the Sensor and configure it to communicate with the McAfee Network Security Manager Manager. This documentation consists of model-specific Product Guides and Quick Start Guides and a model-generic Sensor Configuration Guide. These documents provide detailed installation, configuration and cabling instructions for your Sensor. -
Page 15: Cable The Fast Ethernet Monitoring Ports
McAfee® Network Security Platform 6.0 Install and cable the Sensor Cable the Fast Ethernet monitoring ports The FE ports available on some Sensor models fail-open and require no extra hardware; simply connect your cables to a port pair (For example: 1A-1B). -
Page 16: Configure The Sensor Monitoring Ports
McAfee® Network Security Platform 6.0 Install and cable the Sensor Sensor Failover port M-8000 HA1 and HA2 (3A and 3B) M-6050 HA1 (4A). Note that HA2 (4B) remains unused M-4050 M-3050 M-2750 M-1450 M-1250 N-450 10A and 10B The following is a quick summary of the rules for cabling: •... - Page 17 McAfee® Network Security Platform 6.0 Install and cable the Sensor / My Company / Device List / Sensor_Name > Physical Device > In the Manager interface, select Port Settings Monitoring Ports View Monitoring Port Click a numbered port (For example: 4A) from window displays current port settings.
- Page 18 McAfee® Network Security Platform 6.0 Install and cable the Sensor Inside Select the area of your network to which the current port is connected: (traffic Outside initiating internally, destined for the external network) or (traffic initiating externally, destined for the internal network).
-
Page 19: Chapter 5 Failover: Configure Two Sensors In Inline Mode
Create a Failover Pair ® You can create a Failover Pair using McAfee Network Security Manager (Manager) System Configuration tool. Failover Pair creation happens in real time; there is no need to explicitly update the configuration. -
Page 20: Download Configuration, Signature Set, And Software Updates To The Sensor
McAfee® Network Security Platform 6.0 Failover: configure two Sensors in inline mode / My Company / Device List > Device List > Failover Pairs Click Add a Failover Pair Click . The dialog opens. Model Select the Sensor type. Both Sensors in a failover pair must be the same model. -
Page 21: Chapter 6 Configure Policies
Tune your policies The default McAfee Network Security Platform policy templates are provided as a generic starting point; you will want to customize one of these policies for your needs. So the first step in tuning is to clone the most appropriate policy for your network and your goals, and then customize it. -
Page 22: About False Positives And "Noise
McAfee® Network Security Platform 6.0 Configure policies About false positives and "noise" The mere mention of false positives always causes concern in the mind of any security analyst. However, false positives may mean quite differently things to different people. In... - Page 23 McAfee® Network Security Platform 6.0 Configure policies can use against your network: the fact that the attack failed can help him zero in on the type of Web server you use. Users can also better manage this type of events through policy customization or installing attack filters.
-
Page 24: Chapter 7 Block Attacks
H A P T E R Block attacks The ability to drop and deny is available only with a Sensor running in inline mode. The ® most efficient way to block exploits is to customize one or more of McAfee Network IPS Policies Security Platform’s to pro-actively drop malicious traffic. -
Page 25: How Blocking Works For Exploit Traffic
McAfee® Network Security Platform 6.0 Block attacks offending packets, are the key method in discovering an exploit. An attack can have multiple signatures; thus, enabling more than one chance at attack detection. Using the Policy Editor, you can select a specific attack(s) to block by selecting Drop / My Company / IPS Settings >... -
Page 26: How Blocking Works For Dos Traffic
McAfee® Network Security Platform 6.0 Block attacks How blocking works for DoS traffic A DoS policy applies to inbound, outbound, and bidirectional traffic. Inbound traffic is that traffic received on the port marked “Outside” (that is, originating from outside the network) in inline mode. -
Page 27: Utilize Traffic Normalization
McAfee® Network Security Platform 6.0 Block attacks • permit Each rule has a response action associated with it. Response actions include drop deny (discard silently), and (send a TCP reset to the source). • Rules are analyzed from the top down and work on a first-match basis. That is, Network Security Platform responds according to the response action associated with the first rule it matches - no subsequent rules are considered. -
Page 28: Blocking Based On Configured Tcp & Ip Settings
McAfee® Network Security Platform 6.0 Block attacks Blocking based on configured TCP & IP Settings Network Security Sensors have the intelligence to keep a number of TCP/IP connection / My Company / IPS Settings / parameters, as well as complete state information. The Sensor_Name >... -
Page 29: Chapter 8 Troubleshooting
Shows all of the current configuration settings on the Sensor. You can use the show command to verify information such as the Sensor's management port IP address, the ® version of software currently running, McAfee Network Security Manager's (Manager's) IP address, and the gateway IP address that connect the Sensor to the Manager. -
Page 30: Show Failover-Status
McAfee® Network Security Platform 6.0 Troubleshooting • If trust is not established, check the Sensor name and shared secret on both the Sensor and the Manager. • If the Sensor is not seeing attacks for a significant period of time, check status for Sensor health and established trust. -
Page 31: Index
failover port .............. 7 false positives ............14 Index Fast Ethernet Ports ..........6, 7 Gigabit Ethernet Ports.......... 6, 7 10/100 monitoring port functionality ......7 Gigabit fail-open implementation ......5 Access List ..........See ACL heartbeat..............4 ACL ................ 18 Administrative Status .......... - Page 32 traffic normalization ..........19 wire rates..............1 wire-matched sensor ports........1...
Need help?
Do you have a question about the M-1250 - Network Security Platform and is the answer not in the manual?
Questions and answers