Filter
Top Products
21
McAfee
®
Host Intrusion Prevention 6.1 Installation/Configuration Guide Basic Concepts
Deployment and management
2
Deployment and management
The deployment and management of Host Intrusion Prevention clients are handled
from ePolicy Orchestrator. In the ePO console tree you can group clients hierarchically
by attributes. For example, you might group a first level by geographic location and a
second level by operating system platform or IP address. We recommend grouping
clients by Host Intrusion Prevention configuration criteria, including system type
(server or desktop), use of major applications (web, database, or mail server), and
strategic locations (DMZ or intranet). You can place clients that fit a common usage
profile into a common group on the console tree. In fact, you might name a group after
its usage profile, for example, Web Servers.
With computer grouped in the console tree according to type, function, or geographic
location, you can easily divide administrative functions along the same lines. With Host
Intrusion Prevention you can also divide administrative duties based on product
features, such as IPS or firewall.
With this release of Host Intrusion Prevention and ePolicy Orchestrator, policies are
independent entities that are shareable across multiple nodes. You assign one policy
for each category in a feature of Host Intrusion Prevention. Some categories, such as
IPS rules, allow for several policies, with some either inherited from a parent node or
applied at the node itself. In this instance, Host Intrusion Prevention handles conflicts
by applying the stricter rule first. Through inheritance in ePolicy Orchestrator, when you
assign a group node the appropriate policies, every system under that node
automatically inherits its parent’s configuration.
Deploying Host Intrusion Prevention clients to thousands of computers is easily
managed because most clients fit into a few usage profiles. Managing a large
deployment is reduced to maintaining a few policy rules. As a deployment grows,
newly added systems should fit one or more existing profiles, and can be placed under
the correct group node on the console tree.
Preset protection
Host Intrusion Prevention offers basic protection through the McAfee default policy
settings. This “out-of-the-box” protection requires no tuning and generates few
events. Clients can be initially deployed on a large scale, even before you tune the
deployment. For many environments where the client is installed on workstations and
laptops, this basic protection may be sufficient.
Advanced protection is also available from some preset IPS and firewall policies. A
profile for servers, for example, needs stronger protection than that offered in basic
workstation protection. Or you can use the preset advanced protection policies as a
basis for creating custom policies.
Adaptive and Learn mode
To further tune protection settings, Host Intrusion Prevention clients can create
client-side exception rules to server-mandated policies that block legitimate activity.
The creation of client rules is permitted when clients are placed in Adaptive or Learn
mode. In Adaptive mode, available for IPS, Firewall, and Application Blocking features,
client rules are created without interaction from the user. In Learn mode, available for
Firewall and Application Blocking features, the user must tell the system whether or
not to create a client rule.