McAfee UTILITIES 4.0 Betriebsanweisung Seite 47
- Seite / 112
- Inhaltsverzeichnis
- LESEZEICHEN
Bewertet. / 5. Basierend auf Kundenbewertungen
computer’s connection state. Access to the application level commands provides error-free
inspection and securing of the FTP protocol.
State table
A stateful firewall includes a state table that dynamically stores information about active
connections created by allow rules. Each entry in the table defines a connection based on:
• Protocol — The predefined way one service talks with another; includes TCP, UDP and
ICMP protocols.
• Local and remote computer IP addresses — Each computer is assigned a unique IP
address. IPv4, the current standard for IP addresses permits addresses 32 bits long, whereas
IPv6, a newer standard, permits addresses 128 bits long. IPv6 is already supported by some
operating systems, such as Windows Vista and several Linux distributions. Host Intrusion
Preventions supports both standards.
• Local and remote computer port numbers — A computer sends and receives services
using numbered ports. For example, HTTP service typically is available on port 80, and FTP
services on port 21. Port numbers range from 0 to 65535.
• Process ID (PID) — A unique identifier for the process associated with a connection’s
traffic.
• Timestamp — The time of the last incoming or outgoing packet associated with the
connection.
• Timeout: — The time limit (in seconds), set with the Firewall Options policy, after which
the entry is removed from the table if no packet matching the connection is received. The
timeout for TCP connections is enforced only when the connection is not established.
• Direction — The direction (incoming or outgoing) of the traffic that triggered the entry.
After a connection is established, bidirectional traffic is allowed even with unidirectional
rules, provided the entry matches the connection’s parameters in the state table.
State table functionality
Note the following about the state table:
• If firewall rule sets change, all active connections are checked against the new rule set. If
no matching rule is found, the connection entry is discarded from the state table.
• If an adapter obtains a new IP address, the firewall recognizes the new IP configuration and
drops all entries in the state table with an invalid local IP address.
• When the process ends all entries in the state table associated with a process are deleted.
How firewall rules work
Firewall rules determine how to handle network traffic. Each rule provides a set of conditions
that traffic has to meet and has an action associated with it: allow or block traffic. When Host
Intrusion Prevention finds traffic that matches a rule’s conditions, it performs the associated
action.
Host Intrusion Prevention uses precedence to apply rules: the rule at the top of the firewall
rules list is applied first.
If the traffic meets this rule’s conditions, Host Intrusion Prevention allows or blocks the traffic.
It does not try to apply any other rules in the list.
Configuring Firewall Policies
Overview of Firewall policies
47McAfee Host Intrusion Prevention 7.0 Product Guide for use with ePolicy Orchestrator 4.0
- Product Guide 1
- Basic protection 8
- Advanced protection 8
- IPS policies 8
- Firewall policies 8
- Policy management 9
- Policy tracking and tuning 10
- Preset protection 11
- Adaptive and learn mode 11
- Dashboards and queries 12
- Managing Your Protection 13
- Management of policies 16
- Where to find policies 17
- Configuring polices 18
- Automatic tuning with clients 19
- Management of systems 20
- Host IPS server tasks 21
- Host IPS protection updates 22
- Checking in update packages 23
- Updating clients with content 23
- Configuring IPS Policies 24
- Behavioral rules 25
- Reactions 26
- Exception rules 26
- Working with IPS signatures 30
- Creating signatures 33
- Creating exception rules 39
- Working with IPS events 40
- Managing IPS events 41
- Managing IPS client rules 43
- Configuring Firewall Policies 45
- Stateful packet filtering 46
- Stateful packet inspection 46
- State table 47
- State table functionality 47
- How firewall rules work 47
- How stateful filtering works 48
- Stateful protocol tracking 49
- Overview of Firewall policies 51
- Firewall client rules 55
- Quarantine policies and rules 55
- 4 Click Save to save changes 60
- Creating firewall rule groups 61
- Configuring General Policies 76
- Unlocking the Windows client 78
- Working with Host Intrusion 81
- Prevention Clients 81
- Creating 85
- System tray icon 86
- Setting client UI options 87
- Client error reporting 88
- Windows client alerts 90
- Responding to Firewall alerts 91
- About the IPS Policy tab 93
- About the Firewall Policy tab 94
- About the Blocked Hosts tab 96
- About the Activity Log tab 98
- Solaris client issues 100
- Client installation issues 100
- Client operations issues 100
- Stopping the Solaris client 101
- Overview of the Linux client 102
- Notes about the Linux client 103
- Linux client issues 103
- Stopping the Linux client 105
- Restarting the Linux client 105
- (continued) 107
Verwandte Produkte und Handbücher für Software McAfee UTILITIES 4.0
Software McAfee QUICKCLEAN 3.0 Betriebsanweisung
(41 Seiten)
(41 Seiten)
Software McAfee QUICKCLEAN 1.0 Betriebsanweisung
(41 Seiten)
(41 Seiten)
Software McAfee GUARD DOG 2 Betriebsanweisung
(128 Seiten)
(128 Seiten)
© 2020, manymanuals.de. Alle Rechte vorbehalten. | 0.145 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Kommentare zu diesen Handbüchern