下载文档原格式
评估指南修订版 1.0 ePolicy Orchestrator® 3.5测试环境下 ePolicy Orchestrator 快捷安装和新功能测试步骤McAfee®系统保护业界领先的入侵防护解决方案版权Copyright © 2004 Networks Associates Technology, Inc. 保留所有权利。
未经 Networks Associates T echnology, Inc. 或其供应商或子公司的书面许可,不得以任何形式或手段将本出版物的任何部分复制、传播、转录、存储于检索系统或翻译成任何语言。
要获得该许可,请写信给 McAfee 法律部门,通信地址为:5000 Headquarters Drive, Plano, T exas 75024, 或致电:+1-972-963-8000。
商标归属Active Firewall、Active Security、ActiveSecurity (及片假名)、ActiveShield、AntiVirus Anyware 及设计、Clean-Up、Design(特殊样式的 E)、Design(特殊样式的 N)、Entercept、Enterprise SecureCast、Enterprise SecureCast(及片假名)、ePolicy Orchestrator、First Aid、ForceField、GMT、GroupShield、GroupShield(及片假名)、Guard Dog、HomeGuard、Hunter、IntruShield、Intrusion Prevention Through Innovation、M 及设计、McAfee、McAfee(及片假名)、McAfee 及设计、、McAfee VirusScan、NA Network Associates、Net Tools、Net Tools(及片假名)、NetCrypto、NetOctopus、NetScan、NetShield、Network Associates、Network Associates Colliseum、NetXray、NotesGuard、Nuts & Bolts、Oil Change、PC Medic、PCNotary、PrimeSupport、RingFence、Router PM、SecureCast、SecureSelect、SpamKiller、Stalker、ThreatScan、TIS、TMEG、Total Virus Defense、Trusted Mail、Uninstaller、Virex、Virus Forum、Viruscan、Virusscan、Virusscan(及片假名)、Webscan、Webshield、Webshield(及片假名)、Webstalker、WebWall、What's The State Of Your IDS? Who's Watching Your Network、Your E-Business Defender 和 Your Network. Our Business. 是 McAfee, Inc. 和/或其子公司在美国和/或其他国家或地区的注册商标或商标。
White PaperTable of Contents1. Develop an Information Security and Risk-Management Regime 32. Secure System Configuration Management Strategy 33. Establish an Anti-Malware Strategy 44. Network Security Strategy 65. Security Monitoring Strategy 7 Summary 8Government is undergoing a transformation. The global economic condition, coupled with explosion of IT capability, and an evolving, persistent threat landscape, has forced a reinvention of the service delivery and business model of the government. This change in business requirements is also forcing a change in how security is perceived and implemented throughout the enterprise.In order for the government to realise the value it can achieve through digital services, the resilience of systems must be assured and enterprises must improve their capability to defend against continuous cyber assaults. The 10 Steps to Cyber Security guidance, produced by Communications-Electronics Security Group (CESG), the information security arm of the UK Government Communications Headquarters (GCHQ), represents a template for threat prevention capabilities that will help enterprises tangibly improve their cyber defence capacity and the resilience of their digital systems. This white paper describes the five measures McAfee believes will help an organisation successfully implement the CESG guidance to improve their cyber resilience and security posture.1. Develop an Information Security and Risk-Management RegimeA successful information risk management programme starts at the top of the organisation. Establishing a culture of risk management and accountability ensures that security becomes part of the business and not an afterthought. Secondly, articulating the information assurance policy framework formally anchors the security programme. This framework will include the policies and processes that form a secure, high-assurance foundation for the organisation. The 10 Steps to Cyber Security policy framework, recommended by CESG, should include some of the following key components:• Home and mobile worker.• Acceptable use of government systems.• Malware prevention.• Privileged account management.• Removable media.An associated 10 Steps process framework will include some of the following key components:• Training, certification, and awareness programme for users, operators, and security specialists.• Secure configuration development and patch management.• Incident management programme that includes monitoring and incident response processes.• Penetration testing to assess security processes and control readiness.Finally, incorporating cyber risk factors into business decisions regarding service assurance or new service deployment ensures that security becomes operational in the business.McAfee® Foundstone Strategic Consulting Services, as part of strategic security engagement, can assess the current security programme and guide an organisation through the essential elements of developing an effective Information Security and Risk Management Regime.2. Secure System Configuration Management StrategyEmploying baseline secure configurations of system architecture is an essential component of cyber risk management. However, secure configurations are not static elements. They must be continually reviewed to keep up with threat condi-tions, new business functionality, or policy requirements. A process of Design, Test, Monitor, and Control will enable a secure configuration management process. Typically, the process starts with a system assessment to Design the baseline configuration, added security functionality, and change management process. Baseline configurations are usually available for commercial off-the-shelf operating systems and applications. However, custom web applications and databases may need further testing to develop a secure configuration.McAfee Foundstone Services , as part of a strategic security engagement, can assess the current security configurations, conduct additional penetration testing, and conduct code review for the custom applications.Once deployed, the system should be continually tested for new vulnerabilities and monitored for unauthorised changes to the baseline and any potential intrusions. The 10 Steps to Cyber Security recommends conducting regular scans to assess vulnerabilities using automated tools that support open standards like the Security Content Automation Protocol (SCAP). McAfee Vulnerability Manager and McAfee Policy Auditor solutions support these open standards and facilitate configuration monitoring through the McAfee ePolicy Orchestrator ® (McAfee ePO ™) security management platform. In addition to operating system vulnerabilities, it is important to test web applications and databases. These applications form a critical backbone of most digital government systems but are usually not tested nor monitored regularly as part of this process. Through the same management platform, organisations can also use McAfee Web Application Assessment Module and McAfee Vulnerability Manager for Databases to scan and test these critical applications and systems.Figure 1: Basic secure configuration management reference architecture.One of the most important functions in this process is selecting the additional security controls that will harden the system against a variety of threat vectors. According to the 10 Steps to Cyber Security, the baseline security controls must include the capabilities to restrict removable media devices, conduct regular antivirus scans, and implement data-at-rest encryption. The McAfee ePO security management platform, first employed to conduct vulnerability and configuration assessments, can be now be used to easily deploy those additional baseline security controls.3. Establish an Anti-Malware StrategyMalware is the tool of choice for any cyberattacker and has many potential vectors into an organisation. However, most organisations mistakenly equate anti-malware with antivirus. As malware has become increasingly sophisticated and the attack surface increasingly diverse, a successful anti-malware strategy must include a dynamic capability to Prevent, Detect, and Respond in order to limit the impact of malware as an attack vector.Although not mentioned directly in the 10Steps guide, it is a good practice to identifyand label these critical assets within thesecurity information and event managementsystem. This information on the criticality ofsystems provides essential context duringincident response.Although the 10 Step s guide requiresmanaging and monitoring privilegedusers’ accounts, it is very challenging fororganisations to get granular control andvisibility over the use of administrativeaccounts. Through the McAfee ePO securitymanagement platform and McAfee SecurityInnovation Alliance (SIA) partner Avecto,McAfee makes it easy for governmentorganisations to meet this requirement.Check the McAfee SIA website for moreinformation on the McAfee-AVECTOintegration.A layered defence to malware starts with the user. Although layered defences most often addresses technology, users must be trained to recognise attack methods, such as phishing, and understand where to report suspicious activity. Since many successful attacks often target a specific user, training is an essential anti-malware control. McAfee Foundstone services, as part of a strategic engagement, will design a recurring and accountable user security awareness programme. This programme ensures that both users and specialists become the first and last line of defence against malware. In addition, McAfee Foundstone can provide specialist security training, such as Forensic and Malware Analysis, for the Security Operations and Intelligence Centre (SOIC) analysts.Protecting the user device is the next stage in the strategy. The end-user device baseline security config-uration recommended by CESG already includes antivirus as a first layer of defence. Hardening the end-user devices or servers with additional security capability beyond antivirus, such as application whitelisting and reputation intelligence, will provide an effective defence at the host layer, even against malware that uses zero-day exploits. Security and change events generated at the host should be centrally collected, monitored, and analysed by the SOIC to detect potential incidents. Through the McAfee ePO security management platform, McAfee makes it simple to deploy application controls and enable extended behavioural-based security functions, such as reputation intelligence within McAfee VirusScan ® Enterprise software already deployed at the endpoint. Security events are also collected through the McAfee ePO platform and reported to the McAfee Enterprise Security Manager, the McAfee Security Information and Event Management (SIEM) system, for correlation and incident response services. Although application whitelisting and antivirus are effective prevention tools, malware is a multi-stage attack utilising several vectors into and out of the protected network. A comprehensive anti-malware strategy must include a network capability to recognise malware behaviours on the network and to protect end-user devices that may not support host-based security controls, such as smartphones or tablets. Since the most common delivery and command vector for malware is via the web, it is recommended to deploy web content anti-malware inspection at the Internet perimeter to betterprotect end-user devices or detect behavioural evidence of malware already inside the network. Byemploying the McAfee Web Gateway with its strong anti-malware capability—including sophisticatedcontent emulation, a gateway anti-malware engine, botnet identification, and reputation intelligence—organisations not only increase their resilience against malware but also their agility to adopt newenabling technologies. As with host-security events, events from McAfee Web Gateway should becentrally collected, monitored, and analysed by the SOIC to detect potential incidents.As mentioned, a comprehensive anti-malware strategy involves a people, process, and technology approach.One of the key processes is a breach response strategy that will Identify, Validate, Contain, and Respond tosecurity incidents. When a suspicious event is identified, security analysts in the SOIC must rapidly validate themalware, uncover its characteristics, and find affected hosts in order to contain the impact, such as data lossor further compromise. Having direct access to automated malware analysis tools and real-time data sourceswill greatly increase the speed of analysis and reduce the impact of malicious cyber activity. The McAfeeadvanced sensor grid, including the McAfee Network Security Platform and McAfee Web Gateway, willidentify malware in motion.Today, McAfee uses the McAfee Global Threat Intelligence ™ (McAfee GTI ™) network to quickly sharedetections of emerging malware threats. The McAfee host and network products detect a suspicious fileand contact the McAfee Global Threat Intelligence network to see if it has a reputation. Based on thatreputation, as well as network connection reputation, and other factors, the McAfee products can make a decision to block the file.McAfee ApplicationContro l also enablesthe organisation tomeet other controlsrecommended by the 10Steps to Cyber Security,such as locking downoperating systemsand software. McAfeeApplication Controlcan also be extendedto include real-time fileintegrity checking formonitoring changesto critical systems. Theadditional data providedby Application Controlcan be monitored withinthe McAfee EnterpriseSecurity Manager. Thiswill improve the incidentmanagement programmeby enabling more effectivedetection of breach attempts.McAfee Application Control can also be deployed on embedded operating systems.McAfee Web Gateway also meets the require-ment in the 10 Steps to Cyber Security guide for a proxy at the network perimeter. By extending the web security to include identity controls, an organisation coulddevelop a fuller pictureof user behaviour andmore effective policyenforcement.McAfee is also developing a new integrated, advanced malware detection appliance, called McAfee Advanced Threat Defense. If the content cannot be validated immediately, it will be automatically sent to the Advanced Threat Defense system for behaviour deconstruction and analysis. Advanced Threat Defense will assign a fingerprint to the malicious file and distribute this threat intelligence locally—to McAfee-protected endpoints and network gateways—and, if you permit, that DAT will also be sent to the McAfee Global Threat Intelligence network. Through this intelligence exchange, McAfee products on your site and at other customer sites will be able to protect against this newly identified malware.• The new DAT will allow any infected system to be identified and cleaned by McAfee VirusScan (the scanning engine inside McAfee endpoint protections).• The network security products will block transmission of that content over the network to prevent reinfection within your infrastructure.• The web and email gateways will block inbound reinfections.• The endpoint protections will block infection directly on the host (through an infected USB stick, for example.)• Real Time for McAfee ePO can be used to ensure all endpoints have pulled down the new DAT and run a scan to seeif the malware is present.This combination of sensor, analysis, and automated response is unique in the industry and will greatly reduce the impact of malware on the environment.Figure 2: Basic anti-malware reference architecture.4. Network Security StrategyThe role of network security is expanding and changing with the expansion of digital services in government. Traditionally, network security devices functioned as traffic cops governing which network addresses can pass or which protocols can traverse the Internet perimeter. While still providing that function, the goal of the network security strategy is to Deny, Delay, and Disrupt the ability of an attacker to get in and move around on the protected network systems.To enable this strategy, network security devices have evolved from controlling addresses to identifying and controlling application access across multiple security zones within the enterprise. This is aligned with the 10 Steps to Cyber Security recommendations to protect both the internal and external network boundaries.Dividing the network into logical security zones requires different checkpoints for an attacker. T ypically, one of the internal security zones is the consolidated or shared-services datacentre. An effective datacentre network security strategy requires an application layer firewall for controlling application access and an intrusion prevention sensor to protect the sensitive applications from vulnerability exploitation. Other potential network security zones include partner and cross-domain network interconnections. Each of those connections requires an application firewall to control access, although the risk of vulnerability or malware exploitation is low across these perimeters. The greater concern is the access to, or loss of, sensitive data to unauthorised business or coalition partners. Best practice recommends a network data loss prevention solution be deployed and monitored at these perimeter locations.The adoption of cloud services presents unique challenges for traditional perimeter security solutions. While an application layer firewall provides granular traffic control at the Internet perimeter, many applications are exposed to external cloud services through application programme interfaces. Today, on-premises deployment of a centralised service gateway is recognised as the best practice deployment pattern for the application-to-application, web-based service interaction models. A service gateway enables the organisation to develop a standards-based policy enforcement point that is integrated with internal identity management and auditing/monitoring infrastructure.5. Security Monitoring StrategyWith the sophistication and persistence of malicious cyber activity combined with the complexity of security information, detecting or anticipating a security breach requires an organisational monitoring and intelligence strategy, trained specialists, and a 24/7 SOIC. Developing a monitoring strategy starts with an understanding of attack methods. Using threat intelligence will determine the data sources that are most effective to identify and validate an incident. The monitoring strategy must also reflect other requirements from regulations such as GPG13. Once requirements are established, the data collection architecture can be built to support the various breach response or other monitoring use cases.The 10 Steps to Cyber Security recommends collecting various data types such as network traffic, security events, server and device events, and user behaviour, as the foundation of the monitoring capability. Centralising this data inside McAfee Enterprise Security Manager will facilitate rapid data mining for both identification and validation. The McAfee Enterprise Security Manager easily scales to handle high-volume data sources while still enabling rapid data retrieval for reporting and analysis. One of the key processes of the SOIC is Incident or Breach Response. This is the process of Identifying, Validating, Containing, and Mitigating a cyber incident. A successful strategy also starts with threat intelligence of attack methods to determine what are the most effective indicators. For example, identifying an insider attack usually requires identity and database activity monitoring since these provide the mostlikely indicators. Identifying an attempted breach from an outside attacker usually requires network andhost sensors and automated malware intelligence as described in the anti-malware section. Designingthe sensor grid that will expose the right indicators is one of the key foundations to this strategy. ExistingMcAfee ePO infrastructure can easily be extended to include McAfee Database Activity Monitoring andPrivileged Identity data that supports insider monitoring use cases. McAfee Advanced Threat Defenseand McAfee Web Gateway will reveal indications of remote attackers using malware as the entry vector.Centralising this data and incident workflow within the McAfee Enterprise Security Manager allows forrapid identification and validation of malicious activity.Once a breach is identified, speed of response is critical. McAfee Enterprise Security Manager is a centralcommand and control platform that can adjust policy on the McAfee Network Security Platformto rapidly block malicious files or update security policy through McAfee ePO software to contain anincident at the host level. McAfee FoundstoneServices can design anincident-managementprogramme from policydevelopment, to processemployment throughspecialised training inmalware analysis and attacker techniques. The SIA partner, TITUS, can monitor user behaviour related to data and data policy. TITUS is fully integrated with the McAfee ePO security management platform for deployment and management. TITUSevents can also be sentto McAfee EnterpriseSecurity Manager foruser behaviour trendingand further user-relatedcorrelation scenarios2821 Mission College Boulevard Santa Clara, CA 95054888 847 8766 McAfee, the McAfee logo, McAfee ePolicy Orchestrator, McAfee ePO, McAfee Global Threat Intelligence, McAfee GTI, and McAfee VirusScan are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other marks and brands may be claimed as the property of others. The product plans, specifications, and descriptions herein are provided for information only and subject to change without notice, and are provided without warranty of any kind, express or implied. Copyright © 2013 McAfee, Inc.Figure 3: Basic monitoring reference architecture.SummaryThis solution brief represents McAfee ideas for improving cyber resilience and security posture through implementation of the CESG’s 10 Steps to Cyber Security. While this guide does not address all areas of security or cyber defence requirements, it does provide proven cyber risk reduction steps that could allow an organisation to withstand a cyber threat. For further information and consultation, please contact your local McAfee representative or visit .。
Mcafee企业版配置手册(for EPO4.5)目录1.软件部署 (4)1.1安装后任务 (4)2.软件配置 (4)2.1登录控制台 (4)2.2界面定制 (6)2.3配置ePO4.5 (8)2.3.1过程概述 (8)2.3.2用户管理 (9)2.3.3服务器及相关参数配置 (10)2.3.4创建存储库 (14)2.3.5添加系统到系统树 (23)2.3.6部署管理代理 (32)2.3.7策略配置 (36)2.3.8部署产品和软件 (43)承接《Mcafee企业版部署手册》1. 软件部署1.1 安装后任务✓计划ePolicy Orchestrator 系统树和更新方案。
✓创建ePolicy Orchestrator 系统树。
✓将McAfee Agent 分发到要通过ePolicy Orchestrator 管理的系统。
✓创建更新存储库。
✓将那些要由ePolicy Orchestrator 管理的产品签入存储库。
然后配置这些产品的策略设置。
✓将产品部署到托管计算机。
✓配置ePolicy Orchestrator 的高级功能。
2. 软件配置2.1 登录控制台➢可选择在服务端点击桌面的图标登录➢通过远程登录:在浏览器(IE或之上的版本、Firefox3.0以上版本)中输入:https://xxx.xxx.xxx.xxx:8443(IP为可访问IP,端口为安装时配置的端口)输入用户名和密码后:2.2 界面定制➢菜单栏“菜单”是4.5 版ePolicy Orchestrator 软件中的新增功能。
“菜单”使用类别来对各种ePO 特性和功能进行比较。
每个类别都包含与一个唯一图标相关联的主要功能页列表。
可通过菜单选项选择自己需要的功能区域进行配置。
➢导航栏在ePolicy Orchestrator 4.5 中,可以自定义导航栏。
可以通过将任何菜单项拖入或拖出导航栏来确定导航栏上显示的图标。
在导航到菜单中的某个页面或者单击导航栏中的某个图标时,该页的名称将显示在“菜单”旁的蓝框中。
Mcafee企业版安装部署手册(for EPO4.5)1. 安装所需1.1 硬件可用磁盘空间—最低 1 GB(首次安装);最低 1.5 GB(升级);建议 2 GB(现在空间肯定不缺);内存— 1 GB 可用内存;建议 2-4 GB(最少保证1G内存,否则安装过程中会报错);处理器— Intel Pentium III 或更高配置;1 GHz 或更高频率;1.2 软件服务器类操作系统— 32 位或64 位(Windows Server 2003 R2 Enterprise Service Pack 2 或更高版本);数据库(SQL Server 2005、SQL Server 2005 Express、SQL Server 2008、SQL Server 2008 Express),不支持SQL Server 2000;浏览器(Firefox 3.0、Microsoft Internet Explorer 7.0 或8.0);Internet 信息服务(IIS);Mcafee ePolicy Orchestrator 4.5及相关的升级补丁(EPO450L.Zip、ePO450P3.Zip、ePO450P补丁升级.Zip、EPOAGENTMETA.zip、MA450P1Win.zip);McAfee VirusScan 8.7及升级补丁(VSE870EMLRP2.Zip、VSE870LMLRP3.Zip、VSE870P3.Zip)2. 软件部署2.1 服务器系统*本文不做说明(将主机名改为Mcafee,主机名即后来的数据库名)2.2 安装Internet 信息服务(IIS);*本文不做说明2.3 安装SQL Server 2005 Express请参考《SQL Server 2005 Express安装说明》【安装过程请点击下面图标】SQL Server 2005Express安装说明【注意事项】2.4 插件安装确认系统是否装有下列插件msxml 6.0 parser.msi(此插件必需先安装,否则无法安装ePO,具体可去微软官方下载) Windows .Net Framework 2.0或更高(此插件必需先安装,否则无法安装ePO,具体可去微软官方下载);Microsoft Visual C++ 2005 SP1 Redistributable Package (x86).exe(此插件可在安装过程中由Mcafee自动安装,也可自行先下载安装);Microsoft Visual C++ 2008 Redistributable Package (x86).exe(此插件可在安装过程中由Mcafee自动安装,也可自行先下载安装);2.5 安装Mcafee ePolicy Orchestrator 4.5请参考《Mcafee ePO 4.5安装说明》【安装过程请点击下面图标】Mcafee ePO4.5安装说明2.6 更新安装补丁包在server端运行安装ePO450P3.Zip、ePO450P补丁升级.Zip升级补丁包2.7 安装后任务✓计划 ePolicy Orchestrator 系统树和更新方案。
McAfee 麦咖啡8.5企业版使用规则全攻略说明教程麦咖啡全球最畅销的杀毒软件之一,McAfee防毒软件,除了操作介面更新外,也将该公司的WebScanX 功能合在一起,增加了许多新功能!除了帮你侦测和清除病毒,它还有VShield自动监视系统,会常驻在SystemTray,当你从磁盘、网络上、E-mail夹文件中开启文件时便会自动侦测文件的安全性,若文件内含病毒,便会立即警告,并作适当的处理,而且支持鼠标右键的快速选单功能,并可使用密码将个人的设定锁住让别人无法乱改你的设定。
首先,下载McAfee VirusScan v8.5i 企业版多国语言正式版。
安装如图:安装方法.现在我们来看安装好后。
开始升级。
一般选手工比较好.在右下角如图位置更新后主要的来了。
另外不仅是Mcafee,如SAFESYSTEM和SENSIVEGUARD这样的FD也一样可以用!当然规则编写见仁见智,如果你有更好的规则,请予以补正!更欢迎你对我们的工作作出评论.如上图中。
点第一个。
VIRUSSCAN控制台.再在菜单中点属性。
如图:如上图中,这个要勾上的哦。
图上有详细说明.保护IE不受侵害. 再看下一个.这个选项还是要勾上。
装软件时(指正规软件可暂停。
装好了再勾上。
)不过软件装好后还是要勾上的哦。
防止某些恶意网站来更改你的注册表。
加进东西。
第七个选项是用于邮件的。
这时为了FOXMAIL好用。
我们要自己加进一条。
点编辑。
最后添加foxmail.exe 如图.下面这个选项建议不选。
因为傲游(Maxthon)等大部分程序会严重变慢,如果你确实要选,请添加maxthon.exe才可以。
按图上就行,不要多选图上加箭头的一定要选上,安全第一.哈.禁止HTTP可能导致IE7等软件上网错误.建议取消.McAfee麦咖啡8.5企业版高级教程首先,先下载McAfee VirusScan v8.5i 企业版多国语言正式版,接着看.这儿如果你怕MCAFEE一个不够用。
文章标题:深度解析:McAfee ePO操作手册在当今互联网时代,网络安全问题愈发凸显,各种网络攻击与病毒泛滥成灾。
而企业级的网络安全管理更是面临着更为复杂和严峻的挑战。
为了更好地管理和维护企业网络安全,McAfee ePO成为了许多企业的首选工具之一。
本文将深度探讨McAfee ePO操作手册,在全面了解其功能和操作方法的基础上,帮助读者更好地应对网络安全挑战。
1. 了解McAfee ePOMcAfee ePO是McAfee公司开发的一个企业级的安全管理评台,主要用于集中管理企业网络中的安全防护设备和安全软件。
它为企业提供了统一的安全管理界面,帮助企业更好地监控和保护其网络安全。
在当今信息安全威胁不断增加的环境下,McAfee ePO成为了各大企业保护其网络安全的重要利器。
2. 操作手册详解为了更好地使用McAfee ePO,首先需要全面了解其操作手册。
在操作手册中,包括了软件的安装、配置、管理和维护等方面的内容。
通过仔细研读操作手册,用户可以更好地理解McAfee ePO的各项功能,并灵活运用于实际的网络安全管理工作中。
3. 软件安装与配置在使用McAfee ePO之前,首要任务是进行软件的安装与配置。
在操作手册中,用户可以学习到如何进行服务器端和客户端的安装步骤,以及如何对软件进行必要的配置。
这一部分内容十分重要,它直接关系到软件的正常运行和使用。
4. 安全策略管理McAfee ePO可以帮助用户制定和管理安全策略,以应对网络安全威胁。
在操作手册中,用户可以学习如何根据企业的实际情况,制定合适的安全策略,并进行灵活的管理和调整。
这对于提高企业的网络安全水平至关重要。
5. 定期维护与更新软件的定期维护与更新是保证其正常运行和安全性的重要手段。
在操作手册中,用户可以学习到如何进行软件的定期维护和更新,以确保软件始终保持在最佳状态。
6. 个人观点作为一名网络安全专家,我对McAfee ePO的重要性有着非常深刻的认识。
目录一、服务器要求 (2)二、EPO安装步骤 (3)三、EPO配置 (8)3.1登陆EPO (8)3.2添加客户端软件包及策略包 (11)3.2.1添加软件包 (11)3.2.2添加策略包 (13)3.3配置二及更新FTP服务器 (14)3.3.1添加二级服务器 (14)3.3.2管理二级服务器 (16)3.4服务器更新测试及更新任务 (19)3.4.1EPO服务器更新测试 (19)3.4.2二级更新服务器更新测试 (20)3.4.3服务器更新任务建立 (21)3.5 EPO Agent配置 (25)3.6 TASK任务设置 (27)3.6.1客户端安装TASK任务 (27)3.6.2新建TASK任务 (29)3.7 EPO Agent程序的生成 (32)3.8 客户端安装 (34)3.9客户端软件版本的升级配置 (34)3.10 VirusScan8.0新增特性说明 (38)一、服务器要求ePolicy Orchestrator 服务器和控制台可以安装和运行在具有如下配置的任何CPU :PIII 1.0G以上内存:256M以上可用磁盘空间:至少250MB (首次安装);至少650MB (升级);建议为1GB。
浏览器: Microsoft Internet Explorer 6.0。
注:如果管理的客户机超过250 台,建议使用专用服务器。
文件系统:建议使用NTFS (NT 文件系统)分区。
IP 地址:我们建议对ePolicy Orchestrator 服务器采用静态IP 地址。
操作系统:以下任何Microsoft Windows 操作系统:Windows 2000 Advanced Server+SP4。
Windows 2000 Server+SP4。
Windows Server 2003 Enterprise。
Windows Server 2003 Standard。
Windows Server 2003 Web。
McAfee Application Control 8.1.0 -Windows 产品手册目录5. 在epo服务器设置上输入ACS及CHS的许可密钥 ------------------ 错误!未定义书签。
6. 对华为云终端下发任务,推送ACS及CHS ------------------------- 错误!未定义书签。
3,启用应用白名单及变更控制软件功能 ------------------------------ 错误!未定义书签。
4,在终端上确认epo下发的策略已执行并检查系统是否完成固化操作---- 错误!未定义书签。
5,在华为云终端验证ACS功能,执行PE文件被阻挡------------------ 错误!未定义书签。
6,在华为云终端验证Change control功能,创建变更保护策略,以TXT为样板错误!未定义书签。
6.1,选中单个主机修改分配策略,分配新建的测试策略 --------- 错误!未定义书签。
6.2,修改文件被阻止 --------------------------------------- 错误!未定义书签。
7,在epo上查可以查看所有来自MAC所产生的事件------------------ 错误!未定义书签。
产品概述概述McAfee® Application Control 是一款安全软件,可以阻止未经授权的应用程序在您的系统上运行。
Application Control 采用动态白名单,以确保只有受信任的应用程序才能在服务器、设备和台式计算机上运行。
有了它,无需IT 管理员手动维护已批准应用程序的列表。
它还提供对端点的IT 控制,以帮助强制实施软件许可合规性。
此软件采用动态信任模型和创新安全功能,可以阻止高级持续威胁(APT),无需更新特征码。
它可以提供保护保障而不影响生产效率。
使用Application Control,您可以:•防止执行任何恶意的、不可信的或有害软件。
一McAfee共有8个进程(企业版8.0i与8.5i的进程个数、安装目录名称和.exe文件所在路径略有差别: 以下是以8.5i为例进行说明的。
8.0i的安装目录是 Network Associate 文件夹)1、Mcshield.exe (On-Access Scanner service)按访问扫描C:\Program Files\McAfee\VirusScan Enterprise\McShield.exe它是McAfee的核心进程,对应的“服务”为 network Associates McShield,所以关闭此服务就关闭了实时监控2、shstat.exe: (VirusScan tray icon)系统托盘中McAfee盾牌图标。
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE启动项处于注册表内。
不过即使没有该图标,实时监控仍在运行,计算机仍受到保护。
如果偶尔发生系统启动时没有启动该进程,可以在安装目录找到并双击shstat.exe文件3、frameworkservice.exe: 对应的“服务”为McAfee framework。
C:\Program Files\McAfee\Common Framework\FrameworkService.exe停止该服务不影响McAfee实时监控。
启动该服务才能升级。
4、naPrdMgr.exe (NAI Product Manager)C:\Program Files\McAfee\Common Framework\naPrdMgr.exe它与frameworkservice.exe关联在一起,若关闭frameworkservice.exe 它也会消失。
5、UpdateUI.exe: (Common User Interface)C:\Program Files\McAfee\Common Framework\UdaterUI.exe 该进程是升级的前提。
GUIDEMULTI-LAYERED NETWORK SECURITYfor Your NonprofitNonprofit organizations come in all shapes and sizes - from large scale museums and healthcare facilities to smaller, community-based organizations, but they all have one thing in common, Nonprofits are high value targets for cyber criminals. Nonprofit organizations manage and handle large amounts of data every day. This data can range from donor information, staff and volunteer information to the personal information of those who take advantage of their services. And, similar to small-to-medium sized businesses, nonprofits continue to suffer from limited IT budget and staffing, leaving easily detectable vulnerabilities within their network. Nonprofits can increase their network security policies and protocols by implementing a multi-layered security solution that builds a formidable and, at times, flexible, wall against cyber attack.BUILDING A MUL TI-LAYERED SOLUTIONWhen network administrators or IT professionals think of a multi-layered security solution, they approach it like putting together a puzzle. Within this puzzle there are pieces that work together, building up to the larger image when everything is in place.So, what are some steps that nonprofits can take to build their multi-layered solution? #1PAIR A NEXT-GENERATION FIREWALL WITH ENDPOINT SECURITYNext Generation Firewalls (NG Firewalls) prevent malicious Internet traffic and content fromentering the network at the gateway, while endpoint security protects authorized devicesthat routinely connect to the network. These technologies pair well together becausepolicies and protocols can be established within the NG Firewall system and, with endpointsecurity, the same protections can be set for mobile devices, laptops, printers, or other IoTdevices when they connect to the main network.#2USE BOTH CLOUD-BASED INFRASTRUCTURE AND ON-PREMISES DATACENTERS FOR DATA BACKUPSBacking up data should be done in multiple places. If an attack does occur, accessing thecloud-based data can significantly reduce any downtime while systems are being restored.The back up at an off-network location is a safety net to be accessed in large scale situationswhere internet access is denied.#3COMBINE CAPTIVE PORTAL LOGIN WITH ACTIVE DATABASE MANAGEMENTWith so many employee types associated with a nonprofit (staff, volunteer, and vendororganizations), credential security and network access is critical. Ensure each person whoaccesses the network is logging in through a captive portal will decrease the likelihoodof credentials being compromised. Maintaining an active database where data access isdefined by employment type will also create a secondary layer of security, giving access toonly pertinent information needed at the time.#4PASSWORD MAINTENANCE WITH CONTINUED EMPLOYEE EDUCATIONWe all understand the importance of keeping passwords updated, but adding two-factorauthentication (2FA) along with continued employee education will create a proactiveworking environment against cyber attack. Employees will know how to identify suspiciousemails or network activity and passwords will be tied to a secondary authentication methodto reduce stolen credential access.Nonprofit organizations will remain targets for cybercriminals as long as they continue to collect data from donors or clients. What will also remain is their need for several security layers to ward off these attacks. By implementing outlined security measures, increasing network security, and remaining vigilant, organizations can prevent cyber attack with minimal financial investment.PROTECTUntangle’s Web Filter helps cybersecurity teams get a handle on rogue applications and malicious content that causes harm when accessed from web pages. Advanced web filtering technology also deploys “safe search” parameters, blocking harmful content on the most common search engines, such as Google, Yahoo, and Bing.FILTERUntangle’s Web Filter helps cybersecurity teams get a handle on rogue applications and malicious content that causes harm when accessed from web pages. Advanced web filtering technology also deploys “safe search” parameters, blocking harmful content on the most common search engines, such as Google, Yahoo, and Bing. In addition, KidzSearch filtering ensures that all results are filtered through an additional layer for age-appropriate content. CONNECTUntangle’s OpenVPN and Tunnel VPN solutions help cybersecurity teams keep users and data safe, no matter their location or level of access. Administrative teams can create private and secure connections for remote students, teachers, and other district employees, and thus maintain visibility and control over remote workers. MANAGEUntangle’s Policy Manager lets administrators define network privileges based on username, group, device, time, protocol, and more to control who can access websites, data, or apps. In addition, the Reports app provides teams with detailed views of network traffic, and Command Center enables staff to manage network traffic across multiple locations.BACKUPSchools and districts can utilize NG Firewall’s Configuration Backup tool to ensure uninterrupted protection, availability, and business continuity. Recover easily from unavoidable hardware failures and unforeseen disasters by safeguarding policies and other settings in the cloud, via either Untangle’s Command Center or Google Drive.Customers choose Untangle for next generation web filtering which includes application control, SSL inspection and bandwidth management, along with the ability to block, flag and alert on search terms, enforce safe search, and log YouTube searches, breaking down the glass wall of how students and teachers can safely access educational materials from across the internet.HOW CAN UNTANGLE HELP?。
