Red Hat SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0 Guide d'installation télécharger pdf (Page 12)

5 Optional adaptive mode

6 Enhanced protection and advanced tuning

7 Maintenance and expansion beyond IPS

Both desktops and servers follow a similar rollout process; however, we recommend more

conservative protection starting points and phase timings for your more complex and

mission-critical power-user desktops and servers.

Timing and expectations

For a successful rollout—minimal frustration, maximal risk mitigation—the adoption process

takes from one to three months. Hands-on work occupies just a few days during this period,

but time must elapse between stages so that the product can collect the usage data that guides

tuning.

The biggest variable in your implementation is the range of systems and user profiles at your

site. The more diverse the user population, the longer it takes to implement McAfee Host

Intrusion Prevention on all targeted systems. You must activate protections without crippling

user productivity and application functionality. Each significant system and user profile merits

tuning and testing.

Many environments require IT management approval for deployment, migration to blocking

mode, and use of the firewall. Factor in extra time for these approvals.

NOTE: For details on any aspect of this process, see the

McAfee Host Intrusion Prevention 8.0

Product Guide

or Help.

Table 2: Potential pitfalls and remedies

Recommended best practicesTop things not to do

Block only high-severity signatures initially. This level

protects against top vulnerabilities, but generates few false

Block medium and high severity signatures without first

gaining knowledge from logging.

events. Medium-level signatures operate on behaviors and

usually require at least some tuning to limit support calls.

Segregate desktops to reflect applications and privileges.

Start with the simplest systems and create standard usage

Assume all systems will use the same policies.

profiles for major groups. Gradually add more users and

more usage profiles as you learn.

Pick a few important user groups, pilot with representative

users committed to providing feedback, test that

Perform too little testing on the user experience.

applications still work correctly, and then roll out broadly

when policies are proven to work without disrupting

productivity. You want to make a positive first impression

on users.

Unlike anti-virus, regular monitoring and regular

maintenance are required to maintain the accuracy and

Treat Host IPS as “set and forget.”

effectiveness of protection. Budget time to review logs

and update rules at least weekly once you complete

deployment.

Start with IPS, then add firewall as needed. You will know

how to create policies and be more familiar with the types

Turn on IPS and firewall simultaneously.

of protections that are appropriate, and you can correlate

changes with results more easily.

Use adaptive mode for brief periods when you have time

to monitor the rules that are created.

Leave the Host IPS or firewall features in adaptive mode

indefinitely.

Take the time to verify that the traffic you are seeing is

indeed malicious. Use packet captures, network IPS, or

whatever means you have.

Immediately block anything that the system detects as an

intrusion.

Best Practices for Quick Success

McAfee Host Intrusion Prevention 8.0 Installation Guide12

1 2 ... 7 8 9 10 11 12 13 14 15 16 17 ... 48 49

Commentaires sur ces manuels

Pas de commentaire

Red Hat SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0 Guide d'installation Page 12

Commentaires sur ces manuels