McAfee GUARD DOG 2 Installationsanleitung PDF herunterladen (Seite 7)

McAfee

IntruShield

IPS System IntruShield Best Practices

Special Topics: Best Practices Deploying a large number of sensors

Deploying a large number of sensors

What is a “large number of sensors?” For the purpose of this document, we’ll break

down deployment size into Small, Medium, Large, and Very Large.

Considerations for large deployments

You will need to develop your own practices for tasks such as sensor deployment,

sensor software upgrades, and signature set updates. McAfee recommends that you

consider these tasks up front and establish written standard operating procedures on

how you prefer to accomplish the task in your environment before you deploy.

 Signature set downloads - Both signature set downloads are applied to sensors

serially, not concurrently. For releases prior to 3.1, where many performance

improvements were made to the signature set download process, the process

would take approximately 3 minutes per sensor. As a user, you must decide the

point at which a signature set update process becomes too time consuming, at

which we would recommend utilizing a second ISM. For example, in a deployment

with 50 sensors, with versions prior to 3.1, it will take approximately 2.5 hours to

complete a signature set update. The same is true for policy updates. (Again, with

version 3.1, this process has been reduced to a matter of minutes, not hours.)

 Sensor software updates - While signature set updates very rarely require a

sensor reboot, all sensor software updates do require a reboot. A reboot can take

up to 5 minutes. You can schedule this process, but any update from the Manager

causes the process to take place sequentially, one sensor at-a-time. You can instead

use the TFTP method for updating the sensor image, enabling you to load an image

on the sensor via the sensor’s CLI, and thus load images concurrently (and thus

faster).

The process of using TFTP to update your sensor software is documented in the

Sensor Configuration Guide.

 Usability - Depending on the number of VIPS and Admin Domains utilized in your

deployment, the ISM Resource Tree can become very crowded, which can lead to

more scrolling within the view into your deployment. It can also lead to confusion if

you have not provided unique, recognizable names for your sensors and any VIDS

you create. The name appears both in the Resource Tree of the Manager, but also

in alert data and reports, for example, and providing vague names can lead to quite

a bit of confusion. For example, compare a worldwide deployment where sensors

are named “4010-1” through “4010-25” as opposed to “UK-London-sens1,”

“India-Bangalore-sens1,” and so on. Your VIDS names should also be clear and easy

for everyone maintaining the network to recognize at a glance.

Size Number of Sensors

Small Fewer than 10

Medium 10 to 35

Large 36 to 70

Very Large more than 71

1 2 3 4 5 6 7 8 9 10 11 12 ... 24 25

Kommentare zu diesen Handbüchern

Keine Kommentare

McAfee GUARD DOG 2 Installationsanleitung Seite 7

Kommentare zu diesen Handbüchern

Verwandte Produkte und Handbücher für Nein McAfee GUARD DOG 2