Red Hat SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0 Przewodnik Instalacji Pobierz pdf (Strona 18)

Group the clients logically. Clients can be grouped according to any criteria that fit in the ePO

System Tree hierarchy. For example, you might group a first level by geographic location and

a second level by operating system platform or IP address. We recommend grouping systems

by McAfee Host Intrusion Prevention configuration criteria, including system type (server or

desktop), key applications (web, database, or mail server), and strategic locations (DMZ or

intranet).

TIP: The ePO server allows logical tagging of systems. Tags are labels that can be applied to

systems manually or automatically. Sort systems into pilot groups based on tags and use tags

for report criteria.

The naming convention matters. Ideally, you should establish a naming convention easy enough

for anyone to interpret. Clients are identified by name in the System Tree, in certain reports,

and in event data generated by activity on the client.

Check for health of pilot systems

Now that you have the clients identified, be sure there are no pre-existing system issues that

can disrupt deployment. Examine the relevant log files for the ePO server, as well as the system

event logs. Look for errors or failures that indicate improper configuration and system anomalies

that should be remediated prior to McAfee Host Intrusion Prevention installation. Some key

elements to look for:

• Patch levels — Are all drivers and applications up to date? Older media and audio players,

Internet Explorer, and drivers for networking cards have been known to create inconsistencies

that cause the deployment to fail. Apply the latest patches and hotfixes.

• Incompatible software — Are other intrusion detection or firewall applications running

on the host? You should disable or remove them.

• Administrative access — You must have administrative access to the system. Note whether

or not the user has administrative access as well. Why? Users might throw off the test

process if they install a new application during the test. Consider placing this system in a

different usage profile as a power user if you cannot eliminate administrative access by

users.

• Organizational considerations — Some systems need special attention because of use

of a different language, location-specific applications, or in-house applications. Consider

reserving these systems until a second phase of the deployment, or excluding specialized

applications from IPS protection until you have time to log and analyze their behaviors.

3. Install and configure

On the ePO server, install the Host IPS extension, which provides the interface to Host IPS

policy management. Import the Host IPS client into the ePO repository.

Check for any patches or KnowledgeBase articles on the McAfee Service Portal

(https://mysupport.mcafee.com/Eservice/Default.aspx). Download updated content from

http://www.mcafee.com/us/downloads/.

Set initial protection levels and responses

Define or associate protection levels with each usage profile. If you are following a “simplest

first” strategy, activate basic protection for your standard desktop usage profiles. See

Configuring

IPS Policies

Configuring Firewall Policies

in the product guide for details.

Best Practices for Quick Success

3. Install and configure

McAfee Host Intrusion Prevention 8.0 Installation Guide18

1 2 ... 13 14 15 16 17 18 19 20 21 22 23 ... 48 49

Komentarze do niniejszej Instrukcji

Brak uwag

Red Hat SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0 Przewodnik Instalacji Strona 18

Komentarze do niniejszej Instrukcji