Red Hat SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0 Przewodnik Instalacji Pobierz pdf (Strona 25)

Continue tuning

Review exceptions and any issues that emerge. Manage these as discussed in the initial tuning

step.

• Monitor help desk calls and user comments for any complaints or business issues raised by

blocked access, false positives, or new application behavior. These issues should be minimal,

but there are always new requirements.

• Regularly review exceptions that have been generated.

• Tune policies accordingly. Remember to use the ePO server to send policy updates to host

systems. You need to consciously apply them to the systems you want to affect.

7. Perform maintenance and expand

The previous steps outline the basic rollout process. Once your systems have medium protection

levels deployed, you have advanced system protection in place. You need to continue regular

monitoring, update policies, and maintain systems. Now, also consider expansion of the systems

being protected and enhancement of protections to include more rigorous policies and other

Host IPS functions.

Maintenance

McAfee frequently releases content updates for new signatures, as well as occasional feature

updates and patches. Best practice suggestions include:

• Set a regular update schedule so that the ePO server polls the McAfee repository for updates

and your clients receive these updates.

• Pull Host IPS content to the Evaluation branch of your repository for testing against a pilot

group of systems if you have a high number of custom applications that needed tuning

during your initial rollouts. Once your pilot group has certified the new content, you can

move it to the Current branch for broad deployment.

• Schedule content downloads to coincide with “Patch Tuesday” releases if you are using

Microsoft products.

• Use adaptive mode to profile specific systems and forward the resulting client rules to the

server when new applications are installed, because you might not have the time or resources

to immediately tune them. You can promote these client rules to an existing or new policy,

then apply the policy to other computers to handle the new software.

• Insert IPS testing into your change management and software release processes. When you

prepare to deploy a Microsoft patch, service pack, or product, test and pilot it on IPS systems

so that the proper tuning can be done before mass deployment.

Expansion

Depending on your organization, consider any of the following options for expanding your

deployment. Remember to continue to roll out changes slowly and deliberately so you can

minimize disruptions to users and diagnose anomalies quickly. It’s better to move slowly than

make mistakes or miss out on useful protection options.

To expand:

• Deploy the same protections out to additional systems with the tested usage profiles. You

can easily manage deployment of Host IPS to thousands of computers, because most

Best Practices for Quick Success

7. Perform maintenance and expand

25McAfee Host Intrusion Prevention 8.0 Installation Guide

1 2 ... 20 21 22 23 24 25 26 27 28 29 30 ... 48 49

Komentarze do niniejszej Instrukcji

Brak uwag

Red Hat SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0 Przewodnik Instalacji Strona 25

Komentarze do niniejszej Instrukcji