Filter
Top Products
35
McAfee
®
Host Intrusion Prevention 6.1 Product Guide IPS Policies
Overview
4
NIPS
NIPS protection also resides on individual systems. All data that flows between the
protected system and the rest of the network is examined for an attack. When an
attack is identified, the offending data is discarded or blocked from passing through the
system.
Benefits of Network IPS
Protects systems located downstream in a network segment.
Protects servers and the systems that connect to them.
Protects against network Denial-of-Service attacks and bandwidth-oriented attacks
that deny or degrade network traffic.
Behavioral rules
Behavioral rules define a profile of legitimate activity. Activity that does not match the
profile triggers an event. For example, you can set a rule stating that only a web server
process should access web files. If another process attempts to access a web file, this
behavioral rule triggers an event.
Host Intrusion Prevention combines the use of signature rules and hard-wired
behavioral rules. This hybrid method of identifying attacks detects most known attacks
as well as previously unknown or zero-day attacks.
Preset IPS policies
The Host Intrusion Prevention IPS feature contains three policy categories:
IPS Options: This policy turns on or off both host and network IPS protection. Preset
policies include
On (McAfee Default), Off, Adaptive.
IPS Protection: This policy sets the reaction to events. Preset policies include Basic
(McAfee Default)
, Prepare for Enhanced, Enhanced, Prepare for Maximum, Maximum, Warning,
IPS Rules: This policy can have one or more policy instances. The preset policy is the
default policy
(McAfee Default).