Mcafee Training Information Security Architect3248
-
Upload
saravanan-purushothaman -
Category
Documents
-
view
220 -
download
0
Transcript of Mcafee Training Information Security Architect3248
![Page 1: Mcafee Training Information Security Architect3248](https://reader034.fdocuments.in/reader034/viewer/2022052516/577cd0b21a28ab9e7892e596/html5/thumbnails/1.jpg)
8/12/2019 Mcafee Training Information Security Architect3248
http://slidepdf.com/reader/full/mcafee-training-information-security-architect3248 1/31
February 23, 2014
McAfee Training
Information Security Architect
Alan J. White, CISSP, CEH, GCIA
![Page 2: Mcafee Training Information Security Architect3248](https://reader034.fdocuments.in/reader034/viewer/2022052516/577cd0b21a28ab9e7892e596/html5/thumbnails/2.jpg)
8/12/2019 Mcafee Training Information Security Architect3248
http://slidepdf.com/reader/full/mcafee-training-information-security-architect3248 2/31
February 23, 2014
Agenda
• Product Overview
• Virus Scan
• Reports (Emailed or save as PDF)
• System Compliance Profiler
• Rogue System Detection
![Page 3: Mcafee Training Information Security Architect3248](https://reader034.fdocuments.in/reader034/viewer/2022052516/577cd0b21a28ab9e7892e596/html5/thumbnails/3.jpg)
8/12/2019 Mcafee Training Information Security Architect3248
http://slidepdf.com/reader/full/mcafee-training-information-security-architect3248 3/31
February 23, 2014
News
• Recent Spyware incident
• News – McAfee flaw should have a patch
very soon.
• Virex does support Mac OS X, despite
Apple no longer supporting the product,
however a patch is needed for 7.7 to
resolve an updating issue.
![Page 4: Mcafee Training Information Security Architect3248](https://reader034.fdocuments.in/reader034/viewer/2022052516/577cd0b21a28ab9e7892e596/html5/thumbnails/4.jpg)
8/12/2019 Mcafee Training Information Security Architect3248
http://slidepdf.com/reader/full/mcafee-training-information-security-architect3248 4/31
February 23, 2014
Best Higher Education Virus
Website
![Page 5: Mcafee Training Information Security Architect3248](https://reader034.fdocuments.in/reader034/viewer/2022052516/577cd0b21a28ab9e7892e596/html5/thumbnails/5.jpg)
8/12/2019 Mcafee Training Information Security Architect3248
http://slidepdf.com/reader/full/mcafee-training-information-security-architect3248 5/31
February 23, 2014
Support
• URI has site license for several McAfee
products, for both office and home use,
but not for any commercial use.
• Must use in accordance with McAfee
terms of agreement
– http://www.uri.edu/virus/license.php
![Page 6: Mcafee Training Information Security Architect3248](https://reader034.fdocuments.in/reader034/viewer/2022052516/577cd0b21a28ab9e7892e596/html5/thumbnails/6.jpg)
8/12/2019 Mcafee Training Information Security Architect3248
http://slidepdf.com/reader/full/mcafee-training-information-security-architect3248 6/31
February 23, 2014
Support
• Method of support and contacts:Primary: Alan White [email protected] 874-4787Secondary: Tanya Roberts (Currently on maternityleave) [email protected] Tertiary: Mark Oliver [email protected] 874-4481
Information needed:- Issue- Product- Operating System and Patch Level (run winver.exe at
CMD prompt)- Any actions performed in troubleshooting
Free Information (FAQs, Documentation, etc.):http://knowledge.mcafee.com/
![Page 7: Mcafee Training Information Security Architect3248](https://reader034.fdocuments.in/reader034/viewer/2022052516/577cd0b21a28ab9e7892e596/html5/thumbnails/7.jpg)
8/12/2019 Mcafee Training Information Security Architect3248
http://slidepdf.com/reader/full/mcafee-training-information-security-architect3248 7/31
February 23, 2014
Products
• Virus Scan
– ‘This year, reviews give the edge to McAfee VirusScan 2006 over the
other industry leader, Norton Anti-Virus.’[1]
– Many features and very customizable
• Block non authorized SMTP programs, main note that URI has had to add
several programs for users to send email, most popular programs are
already included such as Thunderbird, Eudora, Outlook, etc.
• Change Daily scan time and frequency (Currently Daily)
• Change local repository (Currently URI, then McAfee)• Change how often to check for new virus definitions (Currently every few
hours)
[1] http://www.consumersearch.com/www/software/antivirus-software/index.html
![Page 8: Mcafee Training Information Security Architect3248](https://reader034.fdocuments.in/reader034/viewer/2022052516/577cd0b21a28ab9e7892e596/html5/thumbnails/8.jpg)
8/12/2019 Mcafee Training Information Security Architect3248
http://slidepdf.com/reader/full/mcafee-training-information-security-architect3248 8/31
February 23, 2014
Products
• Virus Scan
– Disadvantage: System resource hog during
daily scans
– Need to realize the any changes made on a
local machine are overridden every 5 minutes
by central policy
![Page 9: Mcafee Training Information Security Architect3248](https://reader034.fdocuments.in/reader034/viewer/2022052516/577cd0b21a28ab9e7892e596/html5/thumbnails/9.jpg)
8/12/2019 Mcafee Training Information Security Architect3248
http://slidepdf.com/reader/full/mcafee-training-information-security-architect3248 9/31
February 23, 2014
Products
• Anti-Spyware
– Advantage is that it adds Approx. 500+
additional definitions for known spyware.
– No additional CPU overhead for running two
separate products as with others (Ad-Aware,
Spyware, etc)
– McAfee paid support for Q&A – Rated #1 by independent review:
• http://www.uri.edu/virus/app/spywarereview.pdf
![Page 10: Mcafee Training Information Security Architect3248](https://reader034.fdocuments.in/reader034/viewer/2022052516/577cd0b21a28ab9e7892e596/html5/thumbnails/10.jpg)
8/12/2019 Mcafee Training Information Security Architect3248
http://slidepdf.com/reader/full/mcafee-training-information-security-architect3248 10/31
February 23, 2014
Products
• Anti-Phishing
– Free tool for IE Browsers
– Warns and blocks access to Spoofed
Websites (Picks up most, does miss some)
– Note: A fake PayPal website looks the same
in IE as it does in Firefox
– Download at: www.uri.edu/virus/tools – Screen Shot:
http://www.uri.edu/virus/app/phishing.doc
![Page 11: Mcafee Training Information Security Architect3248](https://reader034.fdocuments.in/reader034/viewer/2022052516/577cd0b21a28ab9e7892e596/html5/thumbnails/11.jpg)
8/12/2019 Mcafee Training Information Security Architect3248
http://slidepdf.com/reader/full/mcafee-training-information-security-architect3248 11/31
February 23, 2014
Products
• Spam Submission Tool
– Free tool to promote better SPAM filters, as
well as report Fake Phishing sites.
– Disadvantage only works with Outlook
2000,XP,2003 (Not Outlook Express)
– Download at: www.uri.edu/virus/tools
![Page 12: Mcafee Training Information Security Architect3248](https://reader034.fdocuments.in/reader034/viewer/2022052516/577cd0b21a28ab9e7892e596/html5/thumbnails/12.jpg)
8/12/2019 Mcafee Training Information Security Architect3248
http://slidepdf.com/reader/full/mcafee-training-information-security-architect3248 12/31
February 23, 2014
Products
• Stinger – Free tool that only runs when initiated and can only
detect about 50-60 Viruses
– Disadvantage must be downloaded each time youuse as it will be out of date
– Advantage is it is very fast as a ‘Seek and Destroy’Stand Alone Tool
– Note: Big misconception that it has a complete list of
all viruses. It Doesn’t – Download at: http://vil.nai.com/vil/stinger/ or a bit out
of date www.uri.edu/virus/tools
![Page 13: Mcafee Training Information Security Architect3248](https://reader034.fdocuments.in/reader034/viewer/2022052516/577cd0b21a28ab9e7892e596/html5/thumbnails/13.jpg)
8/12/2019 Mcafee Training Information Security Architect3248
http://slidepdf.com/reader/full/mcafee-training-information-security-architect3248 13/31
February 23, 2014
Products
• SuperDat
– Free package with all Virus/Spyware definitions
– Note: Dats contain only the last few definitions and
Extra Dats are issued in between dats when URIdetects Brand New Viruses (which has happened
several times)
– Note: Won’t install Spyware definitions is Anti-
Spyware is not installed – Download at:
http://www.mcafee.com/apps/downloads/security_upd
ates/superdat.asp or local at www.uri.edu/virus/tools
![Page 14: Mcafee Training Information Security Architect3248](https://reader034.fdocuments.in/reader034/viewer/2022052516/577cd0b21a28ab9e7892e596/html5/thumbnails/14.jpg)
8/12/2019 Mcafee Training Information Security Architect3248
http://slidepdf.com/reader/full/mcafee-training-information-security-architect3248 14/31
February 23, 2014
Products
• LinuxShield – Linux AV protection
– Don’t be ‘too cool’ not to install
– Several Linux machines on campus would havedetected hackers installing malicious code and backdoor programs if used
– This can be monitored and generate reports via ePoconsole
– Note: Be sure to check and install patches – RPM and Source Code available
– Download at: http://www.uri.edu/virus/linux.php
![Page 15: Mcafee Training Information Security Architect3248](https://reader034.fdocuments.in/reader034/viewer/2022052516/577cd0b21a28ab9e7892e596/html5/thumbnails/15.jpg)
8/12/2019 Mcafee Training Information Security Architect3248
http://slidepdf.com/reader/full/mcafee-training-information-security-architect3248 15/31
February 23, 2014
Products
• Virex
– Available for OS X
– Current Version 7.7 with Patch
– This can be monitored and generate reports
via ePo console
– The ePo agent is optional
– Download at:http://www.uri.edu/virus/mac.php
![Page 16: Mcafee Training Information Security Architect3248](https://reader034.fdocuments.in/reader034/viewer/2022052516/577cd0b21a28ab9e7892e596/html5/thumbnails/16.jpg)
8/12/2019 Mcafee Training Information Security Architect3248
http://slidepdf.com/reader/full/mcafee-training-information-security-architect3248 16/31
February 23, 2014
Products
• PDA
– Protection for Windows Pocket PC Only
– URI has seen viruses on PDAs
– Not much overhead, scans on ActiveSync or
on demand
– Download at: http://www.uri.edu/virus/pda.php
– Screen shot:https://reader010.{domain}/reader010/html5/0619/
![Page 17: Mcafee Training Information Security Architect3248](https://reader034.fdocuments.in/reader034/viewer/2022052516/577cd0b21a28ab9e7892e596/html5/thumbnails/17.jpg)
8/12/2019 Mcafee Training Information Security Architect3248
http://slidepdf.com/reader/full/mcafee-training-information-security-architect3248 17/31
February 23, 2014
Products
• Firewall
– ePo Managed vs. Standalone
Managed allows an admin to control the Firewall rule
set on several machines at once remotely.Standalone only gets patches and IPS updates from
the ePo server, no policies.
Managed on default install, does not allow user to makerule changes, hides the icon, and has set of normally
needed Microsoft ports blocked.
![Page 18: Mcafee Training Information Security Architect3248](https://reader034.fdocuments.in/reader034/viewer/2022052516/577cd0b21a28ab9e7892e596/html5/thumbnails/18.jpg)
8/12/2019 Mcafee Training Information Security Architect3248
http://slidepdf.com/reader/full/mcafee-training-information-security-architect3248 18/31
February 23, 2014
Products
• Firewall
– Several Features
• Block IPs, Protocols, Ports, Programs, DNS
Names (very granular rules)• Great logs, must choose activity to log, can change
location
• Includes several Buffer overflow attempt definitions
![Page 19: Mcafee Training Information Security Architect3248](https://reader034.fdocuments.in/reader034/viewer/2022052516/577cd0b21a28ab9e7892e596/html5/thumbnails/19.jpg)
8/12/2019 Mcafee Training Information Security Architect3248
http://slidepdf.com/reader/full/mcafee-training-information-security-architect3248 19/31
February 23, 2014
Firewall Managed
![Page 20: Mcafee Training Information Security Architect3248](https://reader034.fdocuments.in/reader034/viewer/2022052516/577cd0b21a28ab9e7892e596/html5/thumbnails/20.jpg)
8/12/2019 Mcafee Training Information Security Architect3248
http://slidepdf.com/reader/full/mcafee-training-information-security-architect3248 20/31
February 23, 2014
Products
• Command Line Scanners
– Available for Windows and many flavors of
Linux
– Advantage: No install just copy and run from
cmd prompt
– Example used on a URI email server:
• uvscan --noboot --secure -rv --summary --mime<directory>.
– Download at: www.uri.edu/virus/tools
![Page 21: Mcafee Training Information Security Architect3248](https://reader034.fdocuments.in/reader034/viewer/2022052516/577cd0b21a28ab9e7892e596/html5/thumbnails/21.jpg)
8/12/2019 Mcafee Training Information Security Architect3248
http://slidepdf.com/reader/full/mcafee-training-information-security-architect3248 21/31
February 23, 2014
ePo Console
• Policy Control based on IP, Workgroup,Domain, Computer Name
• Policies
• Note: ePo console has to be at samepatch level as sever, so each major patchrelease requires a local patch….can not
be applied automatically or remotely• Same applies to McAfee Firewall ref.
patches
![Page 22: Mcafee Training Information Security Architect3248](https://reader034.fdocuments.in/reader034/viewer/2022052516/577cd0b21a28ab9e7892e596/html5/thumbnails/22.jpg)
8/12/2019 Mcafee Training Information Security Architect3248
http://slidepdf.com/reader/full/mcafee-training-information-security-architect3248 22/31
February 23, 2014
ePo Agent
• Check ePo agent http://MachineIP:8081
![Page 23: Mcafee Training Information Security Architect3248](https://reader034.fdocuments.in/reader034/viewer/2022052516/577cd0b21a28ab9e7892e596/html5/thumbnails/23.jpg)
8/12/2019 Mcafee Training Information Security Architect3248
http://slidepdf.com/reader/full/mcafee-training-information-security-architect3248 23/31
February 23, 2014
Virus Scan Control
![Page 24: Mcafee Training Information Security Architect3248](https://reader034.fdocuments.in/reader034/viewer/2022052516/577cd0b21a28ab9e7892e596/html5/thumbnails/24.jpg)
8/12/2019 Mcafee Training Information Security Architect3248
http://slidepdf.com/reader/full/mcafee-training-information-security-architect3248 24/31
February 23, 2014
Firewall
![Page 25: Mcafee Training Information Security Architect3248](https://reader034.fdocuments.in/reader034/viewer/2022052516/577cd0b21a28ab9e7892e596/html5/thumbnails/25.jpg)
8/12/2019 Mcafee Training Information Security Architect3248
http://slidepdf.com/reader/full/mcafee-training-information-security-architect3248 25/31
February 23, 2014
Rouge System Detection
![Page 26: Mcafee Training Information Security Architect3248](https://reader034.fdocuments.in/reader034/viewer/2022052516/577cd0b21a28ab9e7892e596/html5/thumbnails/26.jpg)
8/12/2019 Mcafee Training Information Security Architect3248
http://slidepdf.com/reader/full/mcafee-training-information-security-architect3248 26/31
February 23, 2014
Virus Type Report
![Page 27: Mcafee Training Information Security Architect3248](https://reader034.fdocuments.in/reader034/viewer/2022052516/577cd0b21a28ab9e7892e596/html5/thumbnails/27.jpg)
8/12/2019 Mcafee Training Information Security Architect3248
http://slidepdf.com/reader/full/mcafee-training-information-security-architect3248 27/31
February 23, 2014
ePo Console
To Manually make a computer check for new policy:
![Page 28: Mcafee Training Information Security Architect3248](https://reader034.fdocuments.in/reader034/viewer/2022052516/577cd0b21a28ab9e7892e596/html5/thumbnails/28.jpg)
8/12/2019 Mcafee Training Information Security Architect3248
http://slidepdf.com/reader/full/mcafee-training-information-security-architect3248 28/31
February 23, 2014
Virex ePo
![Page 29: Mcafee Training Information Security Architect3248](https://reader034.fdocuments.in/reader034/viewer/2022052516/577cd0b21a28ab9e7892e596/html5/thumbnails/29.jpg)
8/12/2019 Mcafee Training Information Security Architect3248
http://slidepdf.com/reader/full/mcafee-training-information-security-architect3248 29/31
February 23, 2014
Custom Blocking of
Programs
![Page 30: Mcafee Training Information Security Architect3248](https://reader034.fdocuments.in/reader034/viewer/2022052516/577cd0b21a28ab9e7892e596/html5/thumbnails/30.jpg)
8/12/2019 Mcafee Training Information Security Architect3248
http://slidepdf.com/reader/full/mcafee-training-information-security-architect3248 30/31
February 23, 2014
Coming Soon
• NAC – Network access control
– http://www.mcafee.com/us/enterprise/product
s/network_access_control/index.html
• HIPS – Replace McAfee Firewall with Host
Intrusion Prevention
– http://www.mcafee.com/us/local_content/data
sheets/partners/ds_hips.pdf
![Page 31: Mcafee Training Information Security Architect3248](https://reader034.fdocuments.in/reader034/viewer/2022052516/577cd0b21a28ab9e7892e596/html5/thumbnails/31.jpg)
8/12/2019 Mcafee Training Information Security Architect3248
http://slidepdf.com/reader/full/mcafee-training-information-security-architect3248 31/31
February 23 2014
Questions
• Download Copy of Presentation:
www.uri.edu/virus/app/mcafee.ppt