Table of Contents
Advertisement
C
2
H A P T E R
Hardening the Manager Server for Windows 2003
This section describes methods for hardening your McAfee
(Manager) server.
Introduction
Manager implementation varies between environments. The Manager server's positioning
in the network, both physically and logically, may influence specific remote access and
firewall configuration requirements.
The following best practices are intended to cover the configurable features that can
impact the security of Manager. This information should be used in combination with the
®
McAfee
Network Security Platform Release Notes and the rest of the documentation set.
McAfee's recommendations, at a high level:
Install a desktop firewall on the server and open the proper ports
Harden the MySQL installation
Harden the Manager host
Install a desktop firewall
It is recommended that you operate a desktop firewall on the Manager server. Certain
ports are used within the McAfee Network Security Platform. Some of these required for
Manager--McAfee
communication. All remaining unnecessary ports should be closed. The ports used by
Network Security Platform are listed in Install a desktop firewall (on page 2).
Harden the MySQL installation
Ensure the cmd window used for making changes to database tables in the "mysql"
database stays opened in the mysql shell until validation is completed.
This is necessary to enable you to rollback the changes in case you need to. Rollback
procedures are shown at the end of this section.
Use another cmd window, where necessary, to validate hardening changes you have
made.
®
Network Security Sensor (Sensor) and Manager client-server
6
®
Network Security Manager
Advertisement
Table of Contents
Troubleshooting
