Subscribe to Our Youtube Channel
Related Manuals for McAfee M3050 - Network Security Platform
Summary of Contents for McAfee M3050 - Network Security Platform
- Page 1 Installation Guide revision 5.0 McAfee® Network Security Platform version 6.0 McAfee ® Network Protection Industry-leading network security solutions...
- Page 2 GPL, which is distributed to someone in an executable binary format, that the source code also be made available to those users. For any such software covered under the GPL, the source code is made available on this CD. If any Free Software licenses require that McAfee provide rights to use, copy or modify a software program that are broader than the rights granted in this agreement, then such rights shall take precedence over the rights and restrictions herein.
-
Page 3: Table Of Contents
Contents Preface ......................v Introducing McAfee Network Security Platform................v Conventions used in this book ...................... v Related Documentation.........................vi Contacting Technical Support ......................vii Chapter 1 About Network Security Platform ..........1 Network Security Platform components ..................1 About McAfee Network Security Sensor ................1 Manager components ......................4... - Page 4 Unpacking the Sensor......................41 Cable Specifications........................41 Network Security Platform fail-closed dongle specification..........42 Console port pin-outs ......................42 Auxiliary port pin-outs......................42 Response port pin-outs ......................43 Monitoring port pin-outs .......................44 Configuring a Sensor........................45 Configuration overview......................45 Establish a Sensor naming scheme..................45 Communication between the Sensor and the Manager ............46 Configuring the Sensor ......................46 Adding a Sensor to the Manager ..................48 Verifying successful configuration..................49...
-
Page 5: Preface
This preface provides a brief introduction to the product, discusses the information in this document, and explains how this document is organized. It also provides information such as, the supporting documents for this guide and how to contact McAfee Technical Support. Introducing McAfee Network Security Platform ®... -
Page 6: Related Documentation
McAfee® Network Security Platform 6.0 Preface Convention Example Variable information that you must Type: Sensor-IP-address and then press type based on your specific ENTER. situation or environment is shown in italics. Parameters that you must supply set Sensor ip <A.B.C.D>... -
Page 7: Contacting Technical Support
Online Contact McAfee Technical Support http://mysupport.mcafee.com. Registered customers can obtain up-to-date documentation, technical bulletins, and quick tips on McAfee's 24x7 comprehensive KnowledgeBase. In addition, customers can also resolve technical issues with the online case submit, software downloads, and signature updates. - Page 8 Global phone contact numbers can be found at McAfee Contact Information http://www.mcafee.com/us/about/contact/index.html page. McAfee requires that you provide your GRANT ID and the serial number of Note: your system when opening a ticket with Technical Support. You will be provided with a user name and password for the online case submission.
-
Page 9: Chapter 1 About Network Security Platform
Network Security Sensor is a content-processing appliance built for accurate detection and prevention of intrusions, misuse, and distributed denial of service (DDoS) attacks. McAfee Network Security Sensor (Sensor) are specifically designed to handle traffic at wire speed, inspect and detect intrusions with a high degree of accuracy, and flexible enough to adapt to the security needs of any enterprise environment. - Page 10 McAfee® Network Security Platform 6.0 About Network Security Platform If an attack is detected, a Sensor responds according to its configured policy. Sensor can perform many types of attack responses, including generating alerts and packet logs, resetting TCP connections, “scrubbing” malicious packets, and even blocking attack packets entirely before they reach the intended target.
- Page 11 McAfee® Network Security Platform 6.0 About Network Security Platform M-series and N-450 Sensors M-8000 M-6050 M-4050 M-3050 M-2750 M-1450 M-1250 N-450 10/100 8 built-in 8 built-in Base-T 10/100/1000 10/100/1000 Monitoring RJ-45 ports RJ-45 ports Port Interface 16 One 8 SFP...
-
Page 12: Manager Components
(on page 6) to persist data (MySQL version 5.1.47) a connection to McAfee Update Server (on page 6) Manager server platform The Manager server is a dedicated Windows Server 2003 SP2 / Windows 2008 R2 system hosting the Manager software. - Page 13 Sensor and the ePO Server on which McAfee NAC is installed. This enables the Sensor to communicate with McAfee NAC to get host details and also to notify McAfee NAC about hosts sending unwanted traffic on the network.
-
Page 14: Mcafee Update Server
: Network Security Platform integrates with McAfee Artemis technology, which is an Internet-based service that provides active malware detection in an Internet cloud. Network Security Sensors use McAfee Artemis to provide real-time malware detection and protection for users during file downloads from the Internet. - Page 15 New signatures and patches are made available to customers via McAfee ® Network Security Update Server (Update Server). The Update Server is a McAfee owned and operated file server that houses updated signature and software files for Managers and Sensors in customer installations. The Update Server securely provides fully automated, real-time signature updates without requiring any manual intervention.
-
Page 16: Chapter 2 About Network Security Central Manager
] provides a centralized, “manager of managers” capability, named McAfee ® Network Security Central Manager. McAfee Network Security Central Manager (Central Manager) allows users to create a management hierarchy that centralizes policy creation, management, and distribution ® across multiple McAfee Network Security Managers. -
Page 17: Chapter 3 Preparing For The Manager Installation
® Unless explicitly stated, the information in this chapter applies to both the McAfee Network Security Central Manager and Manager though the sections refer to Manager. Pre-requisites The following sections list the Manager installation and functionality requirements for your operating system, database, and browser. -
Page 18: Other Third-Party Applications
, and configuring the “Colors” field to True Color (32bit) McAfee recommends setting your monitor’s “Screen Area” to 1024 x 768 pixels. This can be done by changing the display settings at: Start > Settings > Control Panel > Display > Settings ... - Page 19 McAfee® Network Security Platform 6.0 Preparing for the Manager installation Component Minimum Recommended Server model processor such as Intel Xeon Same Disk space 40GB 80GB disk with 8MB memory cache Network 100Mbps card 10/100/1000Mbps card Monitor 32-bit color, 1024 x 768 display setting...
-
Page 20: Manager Installation With Local Service Account Privileges
McAfee Network Security Manager Database McAfee Network Security Manager User Interface (Apache) McAfee Network Security Manager Watchdog runs as a Local System Note: facilitate restart of the Manager in case of abrupt shutdown. account has fewer privileges on accessing directories and resources than Local Service . -
Page 21: Database Requirements
IntruShield ] pre-installation recommendations are a compilation of the information gathered from individual interviews with some of the most seasoned McAfee Network Security Platform System Engineers at McAfee. Planning for installation Before installation, ensure that you complete the following tasks: ... -
Page 22: Functional Requirements
Upgrade Guide Using anti-virus software with the Manager If you plan to install anti-virus software such as McAfee VirusScan on the Manager, be sure the MySQL directory and its sub-directories are excluded from the anti-virus scanning processes. For example selecting ...\Manager\MySQL... -
Page 23: User Interface Responsiveness
McAfee® Network Security Platform 6.0 Preparing for the Manager installation VirusScan avoids blocking outbound SMTP connections from legitimate mail clients, such as Outlook and Eudora, by including the processes used by these products in an exclusion list. In other words, VirusScan ships with a list of processes it will allow to create outbound TCP port 25 connections;... -
Page 24: Downloading The Manager/Central Manager Executable
Downloading the Manager/Central Manager executable You need to download the version of the Manager or Central Manager that you want to install. You need to download it from the McAfee Update Server. Keep the following information handy before you begin the installation process. You must have received the following from McAfee via email. -
Page 25: Chapter 4 Installing The Manager/Central Manager
H A P T E R Installing the Manager/Central Manager This section contains installation instructions for the McAfee ® Network Security Manager (Manager) software on your Windows server, including the installation of a MySQL database. Unless explicitly stated, the information in this chapter applies to both the McAfee ®... - Page 26 Note 7: integrated with McAfee Global Threat Intelligence to send your alert, general setup, and feature usage data to McAfee for optimized protection. If you do not wish to send these data, then disable the integration with Global Threat Intelligence.
- Page 27 McAfee® Network Security Platform 6.0 Installing the Manager/Central Manager Confirm your acknowledgement of the License Agreement by selecting “I accept the terms of the License Agreement.” You will not be able to continue the installation if you do not select this option.
- Page 28 Installing the Manager/Central Manager Choose a folder where you want to install the Manager software. For a first-time installation, the default location is C:\Program Files\McAfee\Network Security Manager\App. For an upgrade, it is the same location as that of the earlier version.
- Page 29 Type or browse to the absolute location of your selected Manager database. For a first-time installation, the default location is: C:\program files\McAfee\Network Security Manager\MySQL. For upgrades, the default location is the previous installation directory. You can type or browse to a location different from the default.
- Page 30 McAfee® Network Security Platform 6.0 Installing the Manager/Central Manager Figure 6: Manager Installation Wizard - Customize Installation Click Next If you are creating a new database, Network Security Platform will ask Note: you, through a pop-up window, to confirm that you really want to create a new database.
- Page 31 McAfee® Network Security Platform 6.0 Installing the Manager/Central Manager Figure 7: My SQL Root Password Click Next Figure 8: Manager Installation Wizard - specify RAM usage Make sure the OS version displayed in the Customize Installation page of Note: the Wizard is correct. If your server is 64-bit and if the OS Version displays as 32-bit then you may not have set the Windows Regional and Language Options to match the language of the OS.
- Page 32 Set the following (applicable only Network Security Manager): ® Number of Sensors : Select the numbers of McAfee Network Security Sensors (Sensors) to be managed by this installation of the Manager. Actual Maximum DB connections : Enter the maximum number of simultaneous ...
- Page 33 Installing the Manager/Central Manager Network Security Platform assumes that all the IP addresses are bound to the same host name. McAfee recommends that you use a separate system for the Manager to avoid using multiple host names. If the Manager has an IPv6 address then you can add Sensors with IPv6 addresses to it.
- Page 34 McAfee® Network Security Platform 6.0 Installing the Manager/Central Manager Review the “Pre-Installation Summary” section for accurate folder locations and disk space requirements. This page lists the following information: Product Name : shows product as Manager. : the folder you specified in Step 5.
- Page 35 Figure 12: Installing the Manager Post-installation, you can check the initdb.log (from the installation Important: folder) for any installation errors. In case of errors, contact McAfee Support with initdb.log. A congratulatory message appears upon successful installation. The Manager Installation Wizard displays the following fields.
-
Page 36: Installing The Central Manager
McAfee® Network Security Platform 6.0 Installing the Manager/Central Manager For Manager Upgradation URL to access web-based user interface Check box to Launch the Web-based user interface on exit? (by default, the check box is enabled). Figure 14: Upgrade Complete page... - Page 37 McAfee® Network Security Platform 6.0 Installing the Manager/Central Manager Figure 15: Select Manager type is not present during Central Manager installation. Sensor communication Interface Note: There can be only one active installation on a Windows machine. Every Central Manager and Manager installation has its own MySQL database. No centralized database exists in an Central Manager setup.
-
Page 38: Chapter 5 Starting The Manager/Central Manager
For testing purposes, you can access the Manager from the server. For Important: working with the Manager/Central Manager, McAfee recommends that you access the server from a client machine. Running the Manager/Central Manager interface client session on the server can result in slower performance due to program dependencies, such as Java, which may consume a lot of memory. -
Page 39: Java Installation For Client Systems
McAfee Global Threat Intelligence to send your alert, general setup, and feature usage data to McAfee for optimized protection. If you do not wish to send these data, then disable the integration with Global Threat Intelligence. However, note that to be able to query TrustedSource for information on the source or target host of an attack, you need to send at least your alert data summary to McAfee. -
Page 40: Logging Onto The Central Manager
McAfee strongly recommends that you change the default username and Tip: password as one of your first operations within the system. If you are not McAfee Network Security Platform System administrator/Super User: Type the supplied to you by your administrator. -
Page 41: Authenticating Access To The Manager Using Cac
McAfee® Network Security Platform 6.0 Starting the Manager/Central Manager Java Runtime Engine: You must install this plug-in to view objects in the Central Manager Home page and other areas of the Central Manager program, such as the Custom Attack Editor. - Page 42 Stop the McAfee Network Security Manager service. Stop the McAfee Network Security Manager User Interface service. Restart both the McAfee Network Security Manager service and the McAfee Network Security Manager User Interface service. For details on how to close client connections, stop/ restart the Manager services etc., see...
-
Page 43: Shutting Down The Manager/Central Manager Services
Close all client connections. See Closing all client connections to the Manager (on page 36). Stop the McAfee Network Security Manager service. Stop the McAfee Network Security Manager User Interface service. Stop the McAfee Network Security Manager Watchdog service. Stop the McAfee Network Security Manager MySQL service. -
Page 44: Closing All Client Connections
Close all client connections. Stop the McAfee Network Security Central Manager service. Stop the McAfee Network Security Central Manager User Interface service. Stop the McAfee Network Security Central Manager Watchdog service. Stop the McAfee Network Security Central Manager MySQL service. -
Page 45: Shutting Down Using The Control Panel
McAfee® Network Security Platform 6.0 Starting the Manager/Central Manager Once this service is completely stopped, continue to the next step. Go to Start > Settings > Control Panel Open Administrative Tools Open Services Find and select McAfee Network Security Manager Database... - Page 46 McAfee® Network Security Platform 6.0 Starting the Manager/Central Manager Figure 20: My SQL Services Find and select McAfee Network Security Manager Database McAfee Network Security Central Manager Database in the services list under the “Name” column. Click the Stop Service button.
-
Page 47: Chapter 6 Adding A Sensor
® Network Security Managers (Managers) required to protect your system. The Sensor is purpose-built for the monitoring of traffic across one or more network segments. For more information on McAfee Network Security Platform, see the Getting Started Guide Safety measures Please read the following warnings before you install the product. -
Page 48: Usage Restrictions
McAfee® Network Security Platform 6.0 Adding a Sensor Before working on equipment that is connected to power lines, remove Warning: jewelry (including rings, necklaces, and watches). Metal objects will heat up when connected to power and ground and can cause serious burns or weld the metal object to the terminals. -
Page 49: Unpacking The Sensor
The following accessories are shipped in the Sensor box: One Sensor One power cord. McAfee provides a standard, 2m NEMA 5-15p (US) power cable (3 wire). International customers must procure a country-appropriate power cable with specific v/a ratings. ... -
Page 50: Network Security Platform Fail-Closed Dongle Specification
Figure 22: Fail-Closed Dongle Specification Console port pin-outs McAfee supplies a console cable. The specifications for this cable are as follows: The Console port is pinned as a DCE so that it can be connected to a PC's COM1 port with a straight-through cable. -
Page 51: Response Port Pin-Outs
McAfee® Network Security Platform 6.0 Adding a Sensor Pin # Signal Direction on Sensor Input Input Output Output Input Output Input Input Management port pin-outs The Management (Mgmt) port uses a Cat 5/Cat 5e cable. Pin # Signal Direction on Sensor... -
Page 52: Monitoring Port Pin-Outs
McAfee® Network Security Platform 6.0 Adding a Sensor Pin # Signal Direction on Sensor These pins are terminated to ground through a 75 ohm resistor & capacitor. RxD- Input These pins are terminated to ground through a 75 ohm resistor & capacitor. -
Page 53: Configuring A Sensor
Install and bring up the Sensor. (This information is described in detail in the Product Guide for each Sensor model.) ® Add the Sensor to Manager (on page 48) using the McAfee Network Security Manager (Manager) Configuration page. Configuring the Sensor (on page 46) with a unique name and shared key value. -
Page 54: Communication Between The Sensor And The Manager
Sensors’ locations or purposes, and which ensures unique names. The Manager will not recognize two Sensors with identical names. Sensors are represented by name in several areas of McAfee ® Network Security Platform and its alert data: the Manager Configuration page, alert and configuration reports, and the Threat Analyzer. - Page 55 McAfee® Network Security Platform 6.0 Adding a Sensor Set the name of the Sensor. At the prompt, type: set sensor name <WORD> The Sensor name is a case-sensitive alphanumeric character string up to 25 characters. The string can include hyphens, underscores, and periods, and must begin with a letter.
-
Page 56: Adding A Sensor To The Manager
A password must be between 8 and 25 characters, is case-sensitive, and can consist of any alphanumeric character or symbol. McAfee strongly recommends that you choose a password with a Note: combination of characters that is easy for you to remember but difficult for someone else to guess. -
Page 57: Verifying Successful Configuration
McAfee® Network Security Platform 6.0 Adding a Sensor The process of installing and connecting a Sensor is described in the Product Note: Guide for each Sensor model. The following steps describe how to add a Sensor to the Manager: Start the Manager software. -
Page 58: Changing Sensor Values
McAfee® Network Security Platform 6.0 Adding a Sensor If you have difficulty in troubleshooting the above, see Troubleshooting Guide Note: Also, see CLI Guide for a description of all available CLI commands. Changing Sensor values Changing certain values on the Sensor, like the Sensor’s name or Sensor IP address, require you to “break trust”... -
Page 59: Adding A Secondary Manager Ip
McAfee® Network Security Platform 6.0 Adding a Sensor Changing Sensor’s shared secret key In the Manager Configuration page , select Device List >Device List >Devices . Select a Sensor. Click Edit Type a new Shared Secret Click Save On the Sensor, type deinstall. -
Page 60: Device Licenses
Retrieve the file from e-mail. To enable the NAC mode on M-series Sensors, you need an Add-on license. Contact McAfee support (with your device serial numbers) to obtain the Add-on license file. The IPS mode is enabled by default in the Manager. -
Page 61: Manually Assigning A Device License
McAfee® Network Security Platform 6.0 Adding a Sensor Click Browse to browse and select the appropriate license for the device file (.jar format) received from McAfee. Click Import to import the license file. After a successful import, these licenses are stored in “<Network Security Manager install directory>\App\LICENSES\SensorLicense”. - Page 62 McAfee® Network Security Platform 6.0 Adding a Sensor Select a license from the drop down. Devices matching the selected Sensor license model are displayed. Select the required device, and click Assign The license is assigned to the selected device, and displayed in the Device Licenses page.
-
Page 63: Chapter 7 Configuring The Update Server
Sensor or NTBA Appliance software files from the Update Server onto the Manager. Once you enter your credentials (ID and password given to you by McAfee), the Manager attempts to contact the Update Server via hardcoded communication settings. -
Page 64: Specifying A Proxy Server For Internet Connectivity
Configuration Guide ) action to confirm success or failure. If the Password incorrect, or if you did not receive the same via e-mail from McAfee, plea contact McAfee Customer Support. Once communication is successful, you can use the Software, Signature Sets, Automation,... -
Page 65: Manually Importing A Software Image Or Signature Set
This is crucial for administrators who do not want to connect their Manager to the Update Server via the Internet. McAfee provides an alternate FTP server that contains the latest updates. You can download the update you need from the FTP location to a client machine. Once the image... - Page 66 McAfee® Network Security Platform 6.0 Configuring the Update Server Software on the Manager : the software versions that have been downloaded to the Manager. Figure 31: Sensor Software Details Page Select the required software update from the “ Software Available for Download ”...
- Page 67 Configuring the Update Server Log on to the Sensor. The default username is admin and default password admin123. McAfee strongly recommends you change the default password, in case you haven't done so already. Specify the IPv4 or IPv6 address of the TFTP server to identify it to the Sensor.
-
Page 68: Downloading Signature Set Updates
McAfee® Network Security Platform 6.0 Configuring the Update Server Then, the Sensor contacts the Manager for the latest signature set. After the signature set is downloaded to the Sensor, its System Health Status is displayed as "good." Figure 33: System Health Status: good Verify the Sensor's System Health Status is “good”;... - Page 69 McAfee® Network Security Platform 6.0 Configuring the Update Server Platform checks to see if a required regular signature set is missing and downloads it prior to downloading the related emergency signature set. Note: You must use the Signature Sets Automation...
-
Page 70: Automating Updates
Updating the software on a Sensor, Automating updates McAfee is constantly researching security issues and developing new signatures to provide the best protection available. New signatures are being constantly developed, and existing ones modified, to respond to the most current attacks. Software updates continually improve Sensor and NTBA Appliance performance. -
Page 71: Automatically Deploy New Signature Sets To Your Devices
Setting both options enables the system to check update availability for Note1: cases where the real-time updating may have missed an update. If you are going to use automated updating, McAfee recommends a Note2: scheduled time rather than real time for signature updating in case of slower performance experienced during signature file download. - Page 72 McAfee® Network Security Platform 6.0 Configuring the Update Server Select Manager > Update Server > Automation Figure 36: Sensor Update Scheduler In the Automatic Deployment, click Deploy in Real-time to have the Manager push signature sets update to all Sensors and NTBA Appliances immediately after it is downloaded to the Manager.
-
Page 73: Chapter 8 Uninstalling The Manager/Central Manager
Central Manager and Manager. To uninstall the Manager software: ► McAfee recommends you stop the Manager service and applicable Java Note: services before starting an uninstall. If not, you will have to manually delete files from the Network Security Platform program folder. -
Page 74: Uninstalling Via Script
McAfee® Network Security Platform 6.0 Uninstalling the Manager/Central Manager Figure 38: Uninstall Complete Uninstallation of the Network Security Platform database (MySQL) is not Note: part of this uninstallation. Figure 39: Uninstall Complete Uninstalling via script You can also uninstall the Network Security Manager/Network Security Central Manager... - Page 75 McAfee® Network Security Platform 6.0 Uninstalling the Manager/Central Manager To uninstall via script: ► Navigate to the directory containing the uninstallation script. The default path is: <Network Security Platform installation directory>\UninstallerData Run Uninstall ems.exe.
-
Page 76: Index
11 fail-closed dongle specification ......43 hosting ISM on VMware ........... 4 import command ............ 53 McAfee Network Security Central Manager ..... 1 Central Manger services ........31 Network Security Platform system components ..........3 Network Security Platform license file....53 Network Security Platform Update Server See Update Server..........
Need help?
Do you have a question about the M3050 - Network Security Platform and is the answer not in the manual?
Questions and answers