McAfee Host Intrusion Prevention system (HIPs) Administration

McAfee Host Intrusion Prevention system (HIPs) Administration Training
McAfee Host Intrusion Prevention system (HIPs) Administration
  • McAfee Host Intrusion Prevention system (HIPs) Administration

    4 Dages
    Network Security
    1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
    Loading...

    Reviews

    Course Details

    Overview

    The McAfee Host Intrusion Prevention Administration course provides attendees with in-depth training on the deployment and management of a Host Intrusion Prevention solution, using McAfee ePolicy Orchestrator software. In addition, attendees will learn how this solution uses a series of device protection, tagging, and reaction rules to safeguard sensitive information and improve overall data security

    Objectives

    • Understand the benefits and capabilities of a McAfee Host Intrusion Prevention solution.
    • Plan and implement the Host Intrusion Prevention.
    • Use rules, policies, and signatures.
    • Provide zero-day protection for operating system and application vulnerabilities.
    • Reduce the overhead of patch management.
    • Install, configure, and manage the solution, using the McAfee ePolicy Orchestrator management console.

    Outline

    Module 1: Introduction to McAfee Host Intrusion Prevention

    • Vulnerabilities, Exploits, Buffer Overflows, Attacks, Threats
    • Protection Levels
    • Host Intrusion Prevention
    • Components and Features
    • Supported Operating Systems
    • New Features

    Module 2: Security Connected and ePolicy Orchestrator Overview

    • Introducing McAfee Security Connected
    • Manifestation of Security Connected
    • Security Connected Framework
    • Integration with Third-Party Products
    • Security Connected Solution Platform
    • Solution Overview
    • New for this Release
    • Basic Solution Components
    • Web Interface
    • Menu Pages
    • Customizing the User Interface
    • Architecture and Communication
    • User Interface
    • Functional Process Logic
    • Data Storage

    Module 3: Managing Dashboards and Monitors

    • Dashboards Overview
    • Accessing the Dashboards Page
    • Types of Dashboards
    • Duplicating and Adding Dashboards
    • Assigning Dashboard Permissions
    • Dashboard Permissions Guidelines
    • Deleting a Dashboard
    • Adding Monitors to a Dashboard
    • Dashboards Server Settings
    • Editing the Automatic Refresh Interval
    • Assigning Default Dashboards
    • Configuring Dashboard Monitors
    • Resizing, Moving, and Removing Monitors
    • Concurrent Users (Console Connections)
    • Results of Load
    • Designing Dashboards
    • Changing the Default Session Timeout

    Module 4: McAfee Agent

    • Agent Components
    • Agent-Server Secure Communication Keys
    • Communication after Agent Installation
    • Typical Agent-to-Server Communication
    • McAfee Agent-to-Product Communication
    • Forcing Agent Activity from Server
    • Wake-up Calls and Wake-up Tasks
    • Locating Agent Node Using DNS
    • Using System Tray Icon
    • Forcing McAfee Agent Activity from ClientAgent Files and Directories
    • Using Log Files
    • Installation Folders

    Module 5: HIPS Server Planning and Installation

    • HIPS Installation on the ePO Server
    • Requirements
    • Extensions
    • Adding Software to the Master Repository
    • Software Manager
    • Installing Host IPS Extensions on the ePO Server
    • Checking in the Host IPS Client
    • Package into the Master Repository
    • Upgrading and Migrating Policies

    Module 6: Windows Host IPS Client

    • Host IPS installation requirements
    • Installing the Client Remotely using ePO and Directly on the Client Computer
    • Post-Installation Client Changes
    • Registry Implementation
    • Client Services and Client-side Component Relationship
    • Downgrading and Removing the Client
    • Direct Client-Side Management
    • Verifying the Client is Running
    • Allowing the Disable of Features
    • Enabling Timed Group
    • Unlocking the Windows Client Interface
    • Responding to Spoof Detected Alerts
    • Managing IPS Protection, Rules, Host Firewall Policy Options, and Blocked Hosts List
    • Verifying Host IPS Events are Triggered Correctly
    • Client Logging and Troubleshooting
    • Investigating Performance Issues

    Module 7: Host IPS General Policies

    • General Policies Overview
    • Configuring the Client User Interface Policy
    • Configuring Display Options
    • Enabling Advanced Functionality and Client Control
    • Trusted Networks Policy and Trusted Application
    • Creating and Editing Executables
    • Working with Multiple Instance Policies
    • Marking Applications as Trusted

    Module 8: Intrusion Prevention Policies

    • Intrusion Prevention Overview
    • Benefits of Host Intrusion Prevention
    • IPS Options, Protection, Rules
    • Configuring IPS Options
    • Using Preconfigured Policies
    • Creating and Editing Policies
    • Setting Protective Reaction for Signature Severity Levels
    • Moving from Basic to Advanced Protection

    Module 9: IPS Rules Policies

    • Overview of the IPS Rules
    • Host Intrusion Prevention Clients
    • IPS Protection with IPS Rules Policies
    • Host and Network IPS Signature Rules
    • Signature and Behavioral Rules
    • Signatures and Severity Levels
    • Working with IPS Rules Policies and Signatures
    • Multiple Instance Policies
    • Effective Policy for IPS Signatures
    • Multiple Instance Policies and the Effective Policy
    • VirusScan Access Protection and IPS Rules

    Module 10: IPS Rules Policies – Application Protection

    • Application Blocking and Hooking
    • Prevent an Executable from Running (Black List)
    • Create, Editing or Viewing Executable Details
    • Blocking and Allowing Application Hooking
    • Customizing and Managing Rules
    • Process Hooking

    Module 11: Configuring IPS Exceptions

    • Exception Rules
    • Configuring IPS Rules Exceptions
    • Creating Exceptions for Network IPS Rules
    • Applying OS Patches
    • Creating Trusted Applications
    • Adjusting Signature Severity Levels
    • Tuning Methods

    Module 12: Working with IPS Events

    • Events and Event Logging
    • List of the HIPS Events Supported by ePO
    • Reacting to Events
    • Viewing Host IPS Events
    • Filtering Events
    • Creating an Exception Based on a Selected Event
    • Analyzing Events
    • Viewing Systems on which Selected Events Occur
    • Viewing Common Vulnerabilities and Exposures (CVE) Information
    • Creating Event-based Exceptions
    • IPS Signature Events
    • General Methodology for Reviewing Updates, Patch Systems and Applications

    Module 13: Creating IPS Client Rules

    • IPS Client Rules Overview
    • Refining Policies Based on Use
    • Learning Mode
    • Adaptive Mode
    • Placing Clients in Adaptive or Learn Mode
    • Adaptive Mode Sequence
    • Managing IPS Client Rules
    • Create Exceptions Using IPS Client Rules
    • Reviewing Detail for IPS Client Rules
    • Retaining Existing Client Rules
    • Using the Property Translator Server Task

    Module 14: Custom Signatures

    • Custom Signatures Overview
    • Methods for Creating Custom Signatures
    • Creating a Custom Signature
    • Using the Signature Creation Wizard
    • Creating Windows/Unix Files andDirectories
    • Creating Signatures-Windows Registry
    • Using the Linux or Solaris Option to Create Signatures
    • Adding and Editing Sub-rules
    • Viewing General Information about Signature
    • Editing the Severity Level, Client Exception Permission, and Log Status of a Signature
    • Custom Signatures Components
    • File Rule Types and Examples
    • Troubleshooting Custom Signatures

    Module 15: Automatic Responses and Threat Notification

    • Threat Notification and Tracing
    • Event Types, Formats, and Life Cycle
    • Automatic Response Process
    • Creating, Editing, Viewing, and Deleting Automatic Responses for Specific Event Types
    • Setting Filters, Aggregating Events, and Configuring Rule Actions
    • Creating Issues Executing Scheduled Tasks, and Running  External Commands.
    • Variables Used in Notifications
    • Creating and Editing Automatic Responses
    • Filtering Events
    • Throttling and Aggregation
    • Default Automatic Response Rules
    • Planning Automatic Responses
    • Determining Events Forwarding
    • Automatic Responses Permission Set
    • Managing Issues
    • Creating Contacts

    Module 16: Firewall Policies

    • Host IPS Firewall Overview
    • Firewall Protocol Support
    • Allowing Unsupported Protocols and Bridged Traffic
    • Understanding the State Table
    • Stateful Filtering and Protocol Tracking
    • How Firewall Rules Work
    • Firewall DNS Blocking
    • Working with Firewall Options Policies
    • Startup Protection and Protection Options
    • TrustedSource/Global Threat Intelligence

    Module 17: Firewall Rules Policies

    • Configuring Firewall Policies
    • Firewall Rules Console
    • Default Policies
    • Typical Corporate Environment Policy
    • Firewall Groups
    • Creating New Firewall Rule
    • Using the Firewall Rule Builder
    • Using the Host IPS Catalog
    • Adding Rules from the Catalog
    • Creating Firewall Rule Groups
    • Adaptive Mode versus Learn Mode
    • Managing Firewall Client Rules
    • Refining Policies Based on Use
    • Responding To Firewall Alerts
    • Stateful Filtering in Adaptive or Learn Mode
    • Retaining Existing Client Rules
    • Firewall Theory
    • Basic Design Philosophies
    • Firewall Design Considerations
    • Firewall Planning

    Module 18: Firewall Rule Groups

    • Host IPS Firewall Groups
    • Location-enabled Firewall Groups
    • Connection-aware Firewall Groups
    • Matching for Location-Aware Groups
    • Timed Groups in Firewall Policy

    Module 19: Host Intrusion Prevention Maintenance

    • Server Tasks in ePO
    • Clearing Events
    • Generating Host IPS Reports/Queries
    • Reports
    • Dashboards and Queries
    • Running Predefined Host IPS Queries
    • Creating Custom Host IPS Queries
    • Client-side Policy Reporting
    • Default Dashboards
    • Vulnerability Shielding Updates
    • McAfee Agent Update Task
    • Manual Content Updating
    • McAfee Internet Sites
    • Creating an ePO Server Pull Task
    • Testing McAfee Host Intrusion Prevention Client
    • Adaptive Mode versus Learn Mode
    • Managing Firewall Client Rules
    • Refining Policies Based on Use
    • Responding To Firewall Alerts
    • Stateful Filtering in Adaptive or Learn Mode
    • Retaining Existing Client Rules
    • Firewall Theory
    • Basic Design Philosophies
    • Firewall Design Considerations
    • Firewall Planning

    Module 20 – Host IPS Implementation and Best Practices

    • Pre-Installation Considerations and Deployment Planning
    • Best Practices
    • Step 1: Strategy and Planning
    • Lab or Real World?
    • Confirm Your Rollout Strategy
    • Timing and Expectations
    • Preparing the Environment
    • Step 2: Prepare the Pilot Environment
    • Using ePolicy Orchestrator
    • Step 3: Installation and Initial Configuration
    • Managing Protection
    • “Out-of-the-Box” Protection
    • Multiple Policy Instances
    • Notify End Users and Plan Escape Hatches
    • Enlist the Help Desk Team
    • Install Host IPS to Pilot Hosts
    • Check Pilot Systems for Proper Operation
    • Step 4: Initial Tuning
    • Host IPS Configuration and Initial Tuning
    • Tuning Methods
    • Fine-Tuning Policies
    • Security Tightening
    • Follow these Processes
    • More Tuning
    • Create Exceptions
    • Create Trusted Applications
    • Run Queries
    • Step 5: Optional Adaptive Mode
    • Adaptive Mode: Refine Policies Based on Use
    • Understanding Adaptive Mode
    • Adaptive Mode Limitations
    • Best Practices with Adaptive Mode
    • Potential Pitfalls in IPS Deployments
    • Step 6: Enhanced Protection and Advanced Tuning
    • Heightened Protection and Advanced Tuning
    • Step 7: Maintenance and Expansion Beyond IPS
    • Server Maintenance
    • Domain Controllers and Host IPS

    Module 21 – ClientControl Utility

    • Deploying Host IPS with 3rd Party Product
    • ClientControl Logging
    • Command Line Syntax
    • Major Arguments
    • Argument – /help
    • Argument – /start and /stop
    • Stopping Host IPS Services
    • Argument – /log
    • Argument – /engine
    • Argument – /export
    • Argument – /readNaiLic
    • Argument- /exportConfig
    • Argument – /defConfig
    • Argument – /startupIPSProtection
    • Argument – /execInfo
    • Argument – /fwPassthru
    • fwinfo Utility

    Module 22 – Linux Client

    • Linux Client Installation Requirements
    • Policy Enforcement with the Linux Client
    • Notes about the Linux Client
    • Removing the Linux Client
    • Troubleshooting the Linux Client
    • hipts – Troubleshooting Tool
    • Verifying Linux Installation Files
    • Stopping and Restarting the Linux Client

    Module 23 – Solaris Client

    • Solaris Client Installation Requirements
    • Policy Enforcement with the Solaris Client
    • Solaris Zone Support
    • Installing the Solaris Client
    • Removing the Solaris Client
    • Troubleshooting the Solaris Client
    • hipts – Troubleshooting Tool
    • Verifying Solaris Installation Files
    • Stopping and Restarting the Solaris Client

    Module 24 – Troubleshooting Host IPS Forums and Security Advisories

    • KnowledgeBase Articles for Host IPS
    • MERTool
    • Client Issues
    • Identify the Versions
    • Host IPS Engines
    • Installation Issues
    • McAfee Agent Logs
    • Policy, Event, and Client Rule Issues
    • Policy Update Issues
    • Verifying Policies – Static Configuration
    • Verifying Policies – Dynamic Policy
    • fwinfo.exe
    • Verifying Policies – FireCore Policy
    • Troubleshooting Host IPS
    • Troubleshooting the Host IPS Firewall
    • Troubleshooting Firewall Issues
    • Activity Log
    • Applying Service Packs
    • Escalation Process

    Target Audience

    • System and network administrators, security personnel, auditors, and/or consultants concerned with network and system security should take this course.

     

    Pre-Requisites

    • It is recommended that students have a working knowledge of Microsoft Windows administration, system administration concepts, a basic understanding of computer security concepts, and a general understanding of Internet services.

    Kommende datoer

      Dec 5 to Dec 8, 2017
    Copenhagen
      Feb 27 - Mar 2, 2018
    Copenhagen
      May 29 - Jun 1, 2018
    Copenhagen
      Sep 3 - Sep 6, 2018
    Copenhagen
      Nov 26 - Nov 29, 2018
    Copenhagen