Red Hat SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0 Guía de instalación Pagina 15
- Pagina / 49
- Tabla de contenidos
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
“Patch Tuesday” issues were shielded using the out-of-the-box basic protection level. Activating
even default protection offers significant immediate value.
We strongly recommend this "start simple" strategy. Servers might be the most critical systems
to protect, but they might also be the trickiest. They require more attention to deploy, because
IPS rules must inevitably be adjusted to allow legitimate application operations and reflect the
careful performance and system optimization of most servers. Trial-and-error tuning of rules
can be dangerous on live, mission-critical systems.
Similarly, power-user systems tend to have a diverse set of applications and special privileges,
such as the right to run scripts. Activating IPS can generate a large number of events that must
be carefully reviewed to ensure appropriate permission or blocking. Power users and servers
merit extra time to understand legitimate usage.
Monitoring and logging
As confidence grows during the pilot, you can move signatures from logging to active
enforcement by class of system, tuning rules and refining policies as you learn which activities
are legitimate. We describe this process later in this guide.
While activating basic protection on your standard desktop systems, you can also initiate logging
of medium-severity issues on these systems. This monitoring helps you discover other events
that the IPS feature flags when you begin locking down controls more tightly. In logging mode,
you see the volume of use, as well as the types of use, so you can learn about the system
behavior. We recommend logging in this first phase to ensure no surprises or disruptions. It’s
a good idea to log events for a full business period, at least a month and perhaps a full quarter,
to see the full range of applications and activities. Use the Prepare for Enhanced Protection
policy to do this automatically. This setting prevents high-severity and log medium-severity
signatures, but ignore the rest.
For your other systems, servers, and power-user desktops, set monitoring and logging for
medium- and high-severity levels. There is no default setting that logs both medium and high
levels, so you will need to duplicate an existing policy and customize it. Observing only medium-
and high-severity events provides a good level of relevant information without drowning you
in details. You will discover the system variations where server platforms are tuned to each
specific application instance, or developers have their pet tools and arcane compilers.
TIP: Activation of monitoring and logging should not affect system or application operations,
but it’s always wise to monitor systems closely as McAfee Host Intrusion Prevention goes live,
even in a log-only mode. Because the product works through low-level interaction with
applications and operating systems, it is always possible that it might affect performance of
some applications.
Plan to expand
As confidence grows during the pilot, you can move signatures from logging to active
enforcement by class of system, tuning rules and refining policies as you learn which activities
are legitimate. We describe this process later in this guide.
Rollout strategy option 2: Use default policies
For some environments, a legitimate approach is to take advantage of the McAfee expertise
packaged in the default settings and deploy the basic protection profile on all systems. This
approach works well for users who want core IPS protection without much tuning or effort. If
IPS isn’t the primary reason you purchased the product, this strategy provides a deployment
of minimal effort that activates immediate protection against the big attacks.
Best Practices for Quick Success
1. Strategize
15McAfee Host Intrusion Prevention 8.0 Installation Guide
- Installation Guide 1
- Contents 3
- Components 6
- Installation overview 7
- Product Guide 12
- 1. Strategize 13
- 3. Install and configure 18
- Define client functionality 19
- 4. Do initial tuning 20
- 6. Refine tuning 24
- Installing the extension 28
- Removing the extension 29
- Migrating Policies 30
- Installing the Windows Client 34
- Windows client details 34
- Removing the Windows client 36
- Product: 37
- Stopping the Windows client 38
- Restarting the Windows client 38
- Installing the Solaris Client 39
- Stopping the Solaris client 43
- Restarting the Solaris client 43
- Installing the Linux Client 44
- Stopping the Linux client 49
- Restarting the Linux client 49
© 2020, manymanuals.es. Todos los derechos reservados | 0.044 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales