McAfee Firewall

McAfee Firewall’s Intrusion Detection System

Unlike other intrusion detection tools, McAfee Firewall’s powerful Intrusion Detection System (IDS) is simple to configure and activate. Instead of requiring users to learn and understand a complex set of attacks to build their own defense lines against intrusions, McAfee Firewall’s development team created a tool that, when activated with the click of a button, detects common attack types and suspicious activity.

Unprotected computers can be victimized. For example, attackers can use a TCP port scan to find out what services you are running on your machine. Once this is accomplished, they can try to connect to those services and attack your computer. If the attacker discovers that you are running a TELNET, ftp, or Web server, the attacker can try each of your computer’s ports sequentially, from 1 to 65535, until an open port is found that they can connect to.

McAfee Firewall’s IDS feature looks for specific traffic patterns used by attackers. McAfee Firewall checks each packet that your machine receives to detect suspicious or known attack traffic. For example, if McAfee Firewall sees ICMP packets, it analyzes those packets for suspicious traffic patterns by comparing the ICMP traffic against known attack patterns. When McAfee Firewall matches packets with a known attack pattern, the software generates an event to warn you of a possible security breach.

When intrusion detection is on, traffic is checked by the intrusion detection system. When intrusion detection is active and McAfee Firewall detects an attack, you can block further communication from the suspected machine’s IP address indefinitely or for a specific time period. When an attack is detected, McAfee Firewall alerts you with a Windows system tray notification.

NOTE

Because McAfee Firewall is analyzing packets and looking for patterns of packets that identify specific types of attacks, this feature may result in a very slight impact on your machine’s performance.

How to Configure the Intrusion Detection System

Use the steps below to configure McAfee Firewall’s intrusion detection system:

1From the McAfee Firewall Home page, click Advanced Tasks.

2From the Advanced Tasks list, select Intrusion detection settings.

Refer to the instructions displayed on the Configure Intrusion Detection

Settings screen to complete this task.

Product Guide

85

Page 85
Image 85
McAfee 5 manual McAfee Firewall’s Intrusion Detection System, How to Configure the Intrusion Detection System