Refine baseline policies (optional)
Some administrators tweak protection defaults immediately, before starting the deployment.
You can automatically protect high-risk applications (those that launch as services or open
network-facing ports) and in-house applications. Applications developed in-house are frequently
excluded from IPS at the beginning of a deployment, especially if they listen for network
connections. Internal software developers may not be as rigorous as commercial developers in
programming expected and secure behaviors. For example, a program that links to Internet
Explorer might inadvertently trigger an Internet Explorer protection signature if the program
misbehaves. Since internally developed applications are not typical attack targets, they present
a lower risk of exploit.
Consider adding the IP addresses of your vulnerability scanners to your list of trusted networks.
Your existing ePolicy Orchestrator and security policies may provide additional guidance on
obvious activities to block or allow for individual usage profiles. Eventually, you can use adaptive
mode to selectively define rules for excluded applications and implement protection. This step
can be performed when you have established baseline protections and become comfortable
with IPS signatures and policies.
Notify users and plan for overrides
Before IPS protection activation, notify users that they are receiving new protection, and that
they can override the system in certain cases. This communication will reduce perceived risk
to user productivity, which is especially important for users with laptops away from the office.
To override IPS blocking by the user, the administrator must provide users:
• A limited-time password.
• Instructions on how to disable features.
• Ability to remove Host IPS if necessary.
Do not distribute these workarounds too liberally: you don’t want users to undermine the rollout.
Two of these are eliminated later in the pilot. See
Define client functionality
in the product guide
for details.
Enlist the help desk team
Let your help desk know that you are about to activate Host IPS. While there should be few
issues, the help desk should be prepared to recognize symptoms that might occur when IPS
protection enabled.
Install Host IPS on pilot hosts
Start small, installing just a few clients, and expand to more systems in larger increments as
confidence grows. Start with one, then 10, then 20, then 50, up to 100 systems. Here’s the
rollout sequence:
1 Ensure the target hosts are powered on, networked, and communicating to ePolicy
Orchestrator.
2 Use an ePO deployment task to push Host IPS agents to a small set of hosts within the
pilot group.
3 Validate successful installation. Troubleshoot and make adjustments if needed.
4 Expand to more systems.
As the installation progresses, check pilot systems for proper operation of the new software
and monitor ePO logs for server events and any major effect on network performance. A few
issues might emerge. That’s why a pilot and slow rollout are important. Do the following:
Best Practices for Quick Success
3. Install and configure
19McAfee Host Intrusion Prevention 8.0 Installation Guide
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentários a estes Manuais