McAfee UTILITIES 4.0 Betriebsanweisung Seite 48
- Seite / 112
- Inhaltsverzeichnis
- LESEZEICHEN
Bewertet. / 5. Basierend auf Kundenbewertungen
If, however, the traffic does not meet the first rule’s conditions, Host Intrusion Prevention looks
at the next rule in the list. It works its way down through the firewall rules list until it finds a
rule that the traffic matches. If no rule matches, the firewall automatically blocks the traffic. If
learn mode is activated, the user is prompted for an action to be taken; if adaptive mode is
activated, an allow rule is created for the traffic.
Sometimes the intercepted traffic matches more than one rule in the list. In this case, precedence
means that Host Intrusion Prevention applies only the first matching rule in the list.
Ordering the firewall rules list
When you create or customize a firewall rules policy, place the most specific rules at the top of
the list, and more general rules at the bottom. This ensures that Host Intrusion Prevention
filters traffic appropriately.
For example, to block all HTTP requests except those from IP address 10.10.10.1, you need to
create two rules:
• Allow Rule: Allow HTTP traffic from IP address 10.10.10.1. This rule is more specific.
• Block Rule: Block all traffic using the HTTP service. This rule is more general.
You must place the more specific Allow Rule higher in the firewall rules list than the more
general Block Rule. This ensures that when the firewall intercepts an HTTP request from address
10.10.10.1, the first matching rule it finds is the one that allows this traffic through the firewall.
If you placed the more general Block Rule higher than the more specific Allow Rule, Host
Intrusion Prevention would match the HTTP request from 10.10.10.1 against the Block Rule
before it found the Allow Rule. It would block the traffic, even though you wanted to allow
HTTP requests from this address.
How stateful filtering works
Stateful filtering involves processing a packet against two rule sets, a configurable firewall rule
set and a dynamic firewall rule set or state table.
The configurable rules have two possible actions:
• Allow — The packet is permitted and an entry is made in the state table.
• Block — The packet is blocked and no entry is made in the state table.
The state table entries result from network activity and reflect the state of the network stack.
Each rule in the state table has only one action, Allow, so that any packet matched to a rule
in the state table is automatically permitted.
The filtering process includes these steps:
1 The firewall compares an incoming packet against entries in the state table. If the packet
matches any entry in the table, the packet is immediately allowed. If not, the configurable
firewall rules list is examined.
NOTE: A state table entry is considered a match if the Protocol, Local Address, Local Port,
Remote Address and Remote Port match those of the packet.
2 If the packet matches an allow rule, it is allowed and an entry is created in the state table.
3 If the packet matches a block rule, it is blocked.
Configuring Firewall Policies
Overview of Firewall policies
McAfee Host Intrusion Prevention 7.0 Product Guide for use with ePolicy Orchestrator 4.048
- Product Guide 1
- Basic protection 8
- Advanced protection 8
- IPS policies 8
- Firewall policies 8
- Policy management 9
- Policy tracking and tuning 10
- Preset protection 11
- Adaptive and learn mode 11
- Dashboards and queries 12
- Managing Your Protection 13
- Management of policies 16
- Where to find policies 17
- Configuring polices 18
- Automatic tuning with clients 19
- Management of systems 20
- Host IPS server tasks 21
- Host IPS protection updates 22
- Checking in update packages 23
- Updating clients with content 23
- Configuring IPS Policies 24
- Behavioral rules 25
- Reactions 26
- Exception rules 26
- Working with IPS signatures 30
- Creating signatures 33
- Creating exception rules 39
- Working with IPS events 40
- Managing IPS events 41
- Managing IPS client rules 43
- Configuring Firewall Policies 45
- Stateful packet filtering 46
- Stateful packet inspection 46
- State table 47
- State table functionality 47
- How firewall rules work 47
- How stateful filtering works 48
- Stateful protocol tracking 49
- Overview of Firewall policies 51
- Firewall client rules 55
- Quarantine policies and rules 55
- 4 Click Save to save changes 60
- Creating firewall rule groups 61
- Configuring General Policies 76
- Unlocking the Windows client 78
- Working with Host Intrusion 81
- Prevention Clients 81
- Creating 85
- System tray icon 86
- Setting client UI options 87
- Client error reporting 88
- Windows client alerts 90
- Responding to Firewall alerts 91
- About the IPS Policy tab 93
- About the Firewall Policy tab 94
- About the Blocked Hosts tab 96
- About the Activity Log tab 98
- Solaris client issues 100
- Client installation issues 100
- Client operations issues 100
- Stopping the Solaris client 101
- Overview of the Linux client 102
- Notes about the Linux client 103
- Linux client issues 103
- Stopping the Linux client 105
- Restarting the Linux client 105
- (continued) 107
Verwandte Produkte und Handbücher für Software McAfee UTILITIES 4.0
Software McAfee QUICKCLEAN 3.0 Betriebsanweisung
(41 Seiten)
(41 Seiten)
Software McAfee QUICKCLEAN 1.0 Betriebsanweisung
(41 Seiten)
(41 Seiten)
Software McAfee GUARD DOG 2 Betriebsanweisung
(128 Seiten)
(128 Seiten)
© 2020, manymanuals.de. Alle Rechte vorbehalten. | 0.202 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Kommentare zu diesen Handbüchern