Red Hat SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0 Guia de Instalação descarregar pdf (Página 14)

• Servers running dedicated database, web, email, or other applications, as well as print and

file servers.

Lab or real world?

Many enterprises require lab testing as a standard step in new product installation. They make

images of production systems and test these images in a controlled environment before rollout.

With McAfee Host Intrusion Prevention, this approach provides the fastest initial baseline of

rules, but it is the least effective overall, because it leaves out the user variable. Testers artificially

mimic user behavior, so they are unlikely to capture genuine detail on legitimate activities.

Users and malware always find novel use cases that either generate events that have to be

handled immediately or evade detection if unwittingly allowed as an exception for “normal

behavior.” Both of these outcomes consume time and can later create problems.

The majority of the learning occurs with live systems in a production environment. The best

production testing uses hand-picked systems and objective users performing everyday tasks.

This approach provides the most reliable baseline, because real users are manipulating their

systems and applications. They can provide immediate feedback on the impact of changes.

A good compromise combines the two models. A lab test period builds confidence and allows

you to become familiar with the processes and policies of McAfee Host Intrusion Prevention.

After a few usage profiles have been tested, these profiles can be moved to a pilot on production

systems. Any activities or applications that might have been missed in the lab test can then be

caught in the production pilot. This two-step process suits very conservative organizations.

TIP: Administrators should have easy physical access to pilot systems, which typically eliminates

unmanned offices and home users from the initial pilot group.

Ensure appropriate user representation

With an understanding of the system types, next identify the usage profiles and systems in

your pilot. Include several types of users for a cross-section of your eventual target user

community. This breadth will help you create rules and policies that reflect normal business

needs and uses. Within a standardized call center or help desk, for instance, you have managers,

front-line support, and back-line support. Be sure to include at least one of each usage profile

so that McAfee Host Intrusion Prevention experiences and establishes policies for the full

spectrum of use.

Rollout strategy option 1: Start simple

For fast implementation of initial protections and a low-stress learning curve on advanced

protections, we suggest activating basic protection on standardized desktops and laptops,

accompanied by activating logging on power-user desktops and servers.

First, enable protection by applying the IPS Options policy with IPS protection selected, then

apply the basic McAfee Default IPS Rules policy. This policy blocks activities that trigger

high-severity signatures, requires no tuning, and generates few events. Its settings include:

• Activities triggering high severity signatures are blocked, and all other signatures are ignored.

• McAfee applications are listed as trusted applications for all rules except IPS self-protection

rules; as trusted applications, they operate without generating exception events.

• Predefined applications and processes are protected.

Although makes and models of computers differ, they fall within a relatively narrow set of

variations. Extensive experience allows the IPS feature to cover the high-severity issues with

high accuracy. For example, McAfee has demonstrated that 90 percent or more of Microsoft

Best Practices for Quick Success

1. Strategize

McAfee Host Intrusion Prevention 8.0 Installation Guide14

1 2 ... 9 10 11 12 13 14 15 16 17 18 19 ... 48 49

Comentários a estes Manuais

Sem comentários

Red Hat SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0 Guia de Instalação Página 14

Comentários a estes Manuais