Mcafee Epo 4.0 Documentation

McAfee ePolicy Orchestrator 4.
0 Documentation
Customer Title Document Name
Honda Motors and Scooters India Ltd Mcafee epolicy orchestratoe 4.0 Mcafee EPO 4.0 Document
Preparation
Action Prepared By Reviewed by Name Deepak Chauhan Gurvinder Singh
Confidential
Taarak India Pvt. Ltd A-22 Green Prak New Delhi 110016 Phone:- 01146105555 Fax 011-26561953
5/14/2009
Table of Content Overview of EPO 4.03 2. Installation Process 4 3. Login Process ..................................................................................................... 10 4. How to add software Packages.............................................................................. 11 5. Create schedule Update Task ................................................................................ 13 6. Create and modify Policy...................................................................................... 16 7. Configuring the Deployment task to install products on a managed system ................. 18 8. Modify policy on a Single System .......................................................................... 21 9. Modify Tasks on a Single System........................................................................... 25 10. Disaster Recovery ............................................................................................ 34
Confidential
5/14/2009
Overview of EPO 4.0 ePolicy Orchestrator 4.0 components and what they do The ePolicy Orchestrator software is comprised of these components: ePO server The center of your managed environment. The server delivers security policy and tasks, controls updates, and processes events for all managed systems. Master repository The central location for all McAfee updates and signatures, residing on the ePO server. Master repository retrieves user-specified updates and signatures from McAfee or user-defined source sites. Distributed repositories placed strategically throughout your environment to provide access for managed systems to receive signatures, product updates, and product installations with Minimal bandwidth impact. Depending on how your network is set up, you can set up Super Agent, HTTP, FTP, or UNC share distributed repositories. McAfee Agent A vehicle of information and enforcement between the ePO server and each managed system. The agent retrieves updates, ensures task implementation, enforces policies and forwards events for each managed system. The ePO server The ePO server provides management, reporting, and enforcement capabilities and includes: A robust database that accrues information about product operation on the client systems in your network. A querying system that lets you monitor the security status in your company, and quickly act on gathered data. A software repository that stores the products and product updates (for example, DAT files) that you deploy to your network. The ePolicy Orchestrator server can segment the user population into discrete groups for customized policy management. Each server can manage up to 250,000 systems. The McAfee Agent The agent is installed on the systems you intend to manage with ePolicy Orchestrator. While running silently in the background, the agent: Gathers information and events from managed systems and sends them to the ePolicy Orchestrator server.
Confidential
5/14/2009
Installs products and updates on managed systems. Enforces policies and tasks on managed systems and sends events back to the ePO server. You can deploy the agent from the console (to Windows systems) or copy the agent installation package onto removable media or into a network share for manual or login script installation on your systems. Agents must be installed manually on UNIX systems.
2. Installation Process NOTE: The installation process may require you to restart the system. Task I. Log on to the desired computer using an account with local administrator permissions. II. If you are using Microsoft SQL Server 2000 as the ePolicy Orchestrator database, verify that the SQL Server 2000 service is running.
iii.Run SETUP.EXE. From the product CD, select the desired language in the ePolicy Orchestrator autorun Window, then select Install ePolicy Orchestrator 4.0. From software downloaded from the McAfee website, go to the location containing the Extracted files and double-click SETUP.EXE.
Confidential
5/14/2009
NOTE: If any prerequisite software is missing from the installation target computer, a list of those items appears. Click Install. The installation process for each software item not listed as Optional begins automatically. For optional items, a dialog box appears where you can allow installation or reject it. NOTE: You must install the SQL 2005 Backwards Compatibility package before upgrading an ePolicy Orchestrator installation if your are using a remote database server or a local SQL 2005 server that does not already have it installed.
vi. After completing prerequisite installations, the Welcome window of the ePolicy Orchestrator Installation wizard appears. Click Next to review the license.
Confidential
5/14/2009
v. In the End User License Agreement dialog box, select the appropriate license type and the location where you purchased the software. The license type you select must match the license you purchased. If you are unsure which license you purchased, contact your account manager.
vi. Accept the agreement and click OK to continue. A warning message notifies you which products are no longer supported with this version of the software. These products are not migrated to the ePolicy Orchestrator 4.0 Repository when you click Next.
Confidential
5/14/2009
vii In the Choose Destination Location dialog box, accept the default installation path or click Browse to select a different location, then click Next. viii.If installing on a cluster server, the Set Database and Virtual Server Settings dialog box appears. Otherwise the Set Administrator Information dialog box appears.
ix. In the Set Administrator Information dialog box, type and verify the password for logging on to this ePolicy Orchestrator server for the first time, then click Next. For security reasons, ePolicy Orchestrator does not allow accounts with blank passwords.
Confidential
5/14/2009
x. In the Set Database Information dialog box, identify the type of account and authentication details that the ePolicy Orchestrator server will use to access the database. Indicate whether ePolicy Orchestrator will use a Windows NT user account or a SQL Server user account. McAfee recommends using Windows NT authentication. xi. Click Next to display the HTTP Configuration dialog box. The values that were set during the original installation cannot be changed here. Configure the Port..
Confidential
5/14/2009
xii. Click Next. In the Default Notification Email Address dialog box, type the email address for the recipient of messages from ePolicy Orchestrator Notifications, or keep the default address. Changing the address is not required at this time.
xiii. In the Start Copying Files dialog box, click Install to begin the installation.
Confidential
5/14/2009
xiv. In the Installation Complete dialog box, click Finish to complete the installation.
3. Login Process Logging on to ePO servers Use this task to log on to the ePO server. You must have valid credentials to do this. You can log on to multiple ePO servers by opening a new browser session for each ePO server. Task i. Open an Internet browser and go to the URL of the server. The Log On to ePolicy Orchestrator dialog box appears. Configuring ePolicy Orchestrator Servers MyAVERT Security Threats ii. Type the User name and Password of a valid account. NOTE: Passwords are case-sensitive. iii. Select the Language you want the software to display. iv. Click Log On.
Confidential
5/14/2009
4. How to add software Packages Checking in packages manually Use this task to manually check in the deployment packages to the master repository so that ePolicy Orchestrator can deploy them. Before you begin You must have the appropriate permissions to perform this task. NOTE: You cannot check in packages while pull or replication tasks are running. Task Deploying Software and Updates Checking in packages manually i. Go to Software | Master Repository, then click Check In Package.
Confidential
5/14/2009
The Check In Package wizard appears.
ii. Select the package type, then browse to and select the desired package file. iii. Click Next. The Package Options page appears.
Confidential
5/14/2009
iv. Click Save to begin checking in the package. Wait while the package checks in. The new package appears in the Packages in Master Repository list on the Master Repository tab. 5. Create schedule Update Task
Confidential
5/14/2009
i. Click Edit
ii. Select Unable and click next
Confidential
5/14/2009
iii. Select THHP and FTP mcafee site and click next
iv. Set the time and save the configuration
Confidential
5/14/2009
6. Create and modify Policy
i. Go to Systems > Policy Select Product
ii. Click Edit Assignment
Confidential
5/14/2009
iii. Click New Policy
iv. Enter the policy Name
Confidential
5/14/2009
v. Now you can modify the policy 7. Configuring the Deployment task to install products on a managed system
i. Go to system > Client Task > click new task
Confidential
5/14/2009
ii. Enter the task name >select the product
iii. Choose products and components which you need deploy > click next
Confidential
5/14/2009
iv. Select schedule type and time > click next
V. Now click to save
Confidential
5/14/2009
8. Modify policy on a Single System
i. On quick Systems search > enter the system name > click Go
ii. Click on the system name
Confidential
5/14/2009
iii. Click More action and select the >modify policy on single system
iv. Select the product
Confidential
5/14/2009
v. Click on edit
vi. Choose the second option in the inherit from: > select the policy
Confidential
5/14/2009
vii. Click save
Policy has been modify
Confidential
5/14/2009
9. Modify Tasks on a Single System
i. On quick Systems search > enter the system name > click Go
ii. Click on the system name
Confidential
5/14/2009
iii. Click More action and select the >modify policy on single system
iv. Click on edit
Confidential
5/14/2009
v. Uncheck the task and schedule setting
VI. Select the product and next if you want to change time schedule > or click to save
Confidential
5/14/2009
Introducing Host Intrusion Prevention McAfee Host Intrusion Prevention is a host-based intrusion detection and prevention system that protects system resources and applications from external and internal attacks. Host Intrusion Prevention protects against unauthorized viewing, copying, modifying, and deleting of information and the compromising of system and network resources and applications that store and deliver information. It accomplishes this through an innovative combination of host intrusion prevention system signatures (HIPS), network intrusion prevention system signatures (NIPS), behavioral rules, and firewall rules. Host Intrusion Prevention is fully integrated with ePolicy Orchestrator and uses the ePolicy Orchestrator framework for delivering and enforcing policies. The division of Host Intrusion Prevention functionality into IPS, Firewall, Application Blocking, and General features provides greater control in delivering policy protections and protection levels to the users. Protection is provided as soon as Host Intrusion Prevention is installed. The default protection settings require little or no tuning and allow for a rapid, large-scale deployment. For greater protection, edit and add policies to tune the deployment.
IPS feature
Confidential
5/14/2009
The IPS (Intrusion Prevention System) feature monitors all system and API calls and blocks those that might result in malicious activity. Host Intrusion Prevention determines which process is using a call, the security context in which the process runs, and the resource being accessed. A kernel-level driver, which receives redirected entries in the user-mode system call table, monitors the system call chain. When calls are made, the driver compares the call request against a database of combined signatures and behavioral rules to determine whether to allow, block, or log an action.
Signature rules Signature rules are patterns of characters than can be matched against a traffic stream. For example, a signature rule might look for a specific string in an HTTP request. If the string matches one in a known attack, action is taken. These rules provide protection against known attacks.
Confidential
5/14/2009
A reaction is what a client does when it recognizes a signature of a specific severity. A client reacts in one of three ways: Ignore No reaction; the event is not logged and the process is not prevented. Log The event is logged but the process is not prevented. Prevent The event is logged and the process is prevented. A security policy may state, for example, that when a client recognizes an Information level signature, it logs the occurrence of that signature and allows the process to be handled by the operating system; and when it recognizes a High level signature, it prevents the process.
Confidential
5/14/2009
Confidential
5/14/2009
Exception rules An exception is a rule for overriding blocked activity. In some cases, behavior that a signature defines as an attack may be part of a users normal work routine or an activity that is legal for a protected application. To override the signature, you can create an exception that allows legitimate activity. For example, an exception might state that for a particular client, a process is ignored. You can create these exceptions manually, or place clients in Adaptive mode and allow them to create client exception rules. To ensure that some signatures are never overridden, edit the signature and disable the Allow Client Rules options. You can track the client exceptions in the ePolicy Orchestrator console, viewing them in a regular and aggregated view. Use these client rules to create new policies or add them to existing policies that you can apply to other clients.
Firewall feature The Host Intrusion Prevention Firewall feature acts as a filter between a computer and the network or Internet it is connected to. The Firewall Rules policy uses static packet filtering with top-down rule matching. When a packet is analyzed and matched to a firewall rule, with criteria such as IP address, port number, and packet type, the packet is allowed or blocked. If no matching rule is found, the packet is dropped. The current version Firewall Rules policy uses both stateful packet filtering and stateful packet inspection. Other features include: A Quarantine Mode into which client computers can be placed and to which you can apply a strict set of firewall rules that defines with whom quarantined clients can and cannot communicate. Connection Aware Groups that let you create specialized rule groups based on a specific connection type for each network adapter.
Confidential
5/14/2009
Firewall rules You can create firewall rules as simple or complex as you need. Host Intrusion Prevention supports rules based on: Connection type (network or wireless). IP and non-IP protocols. Direction of the network traffic (incoming, outgoing, or both). Applications that generated the traffic. Service or port used by a computer (as the recipient or the sender). Service or port used by a remote computer (as the sender or the recipient). Source and destination IP addresses. Time of day or week that the packet was sent or received.
Confidential
5/14/2009
10. Disaster Recovery -----------------------------------------------------------------------------------------------------------------------------Backup Procedure The standard backup / restore method is commonly used as a simple method of allowing for disaster Recovery in ePolicy Orchestrator and database files. 1 Stop the McAfee ePolicy Orchestrator 4.0 Server service and ensure that the SQL Server (MSSQLSERVER) service is running. 2 Close all ePolicy Orchestrator consoles and remote console This tool cannot change the database location. 3 Double-click DBBAK.EXE. If you are upgrading from version 4.0.x, 4 Type the Database Server Name. 5 Select NT Authentications or SQL Account.
Confidential
5/14/2009
If you select SQL Account, type a user Name and Password for this database. 6 Type the Backup File path, then click Backup. 7 Click OK when the backup process is done. 8 Start the McAfee ePolicy Orchestrator 4.0 Server service and ensure that the MSSQLSERVER service is running.
Restore Procedure 1 Stop the McAfee ePolicy Orchestrator 4.0 Server service and ensure that the SQL Server (MSSQLSERVER) service is running. 2 Close all ePolicy Orchestrator consoles and remote consoles.ote This tool cannot change the database location. 3 Double-click DBBAK.EXE. If you are upgrading from version 3.0.x, the default location is: C:\PROGRAM FILES\NETWORK ASSOCIATES\EPO\3.0.X 4 Type the Database Server Name. 5 Select NT Authentications or SQL Account. If you select SQL Account, type a user Name and Password for this database. 6 Type the Restore File path, and then click Restore. 7 Click OK when the backup process is done. 8 Start the McAfee ePolicy Orchestrator 4.0 Server service and ensure that the MSSQLSERVER service is running.
Confidential
5/14/2009
Common Tasks Some of the common task information is available at below given URLs. Mcafee Support Center: http://www.mcafee.com/us/enterprise/support/index.html Query about Mcafee Products : http://knowledge.mcafee.com/ Mcafee online Support can be accessed at: http://mysupport.mcafee.com/eservice_enu McAfee Super-Dat can be downloaded from http://www.mcafee.com/us/enterprise/downloads/index.html
Confidential
5/14/2009

Mcafee Epo 4.0 Documentation

Uploaded by

Copyright:

Available Formats

Mcafee Epo 4.0 Documentation

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Mcafee Epo 4.0 Documentation

Uploaded by

Copyright:

Available Formats

McAfee ePolicy Orchestrator 4.

Customer Title Document Name

The Check In Package wizard appears.

ii. Select Unable and click next

iv. Set the time and save the configuration

6. Create and modify Policy

i. Go to Systems > Policy Select Product

ii. Click Edit Assignment

iii. Click New Policy

iv. Enter the policy Name

i. Go to system > Client Task > click new task

ii. Enter the task name >select the product

iv. Select schedule type and time > click next

V. Now click to save

8. Modify policy on a Single System

ii. Click on the system name

iv. Select the product

vii. Click save

Policy has been modify

9. Modify Tasks on a Single System

ii. Click on the system name

iv. Click on edit

v. Uncheck the task and schedule setting

You might also like