
McAfee® Host Intrusion Prevention 6.1 Installation/Configuration Guide | Basic Concepts |
| Deployment and management |
2
Deployment and management
The deployment and management of Host Intrusion Prevention clients are handled from ePolicy Orchestrator. In the ePO console tree you can group clients hierarchically by attributes. For example, you might group a first level by geographic location and a second level by operating system platform or IP address. We recommend grouping clients by Host Intrusion Prevention configuration criteria, including system type (server or desktop), use of major applications (web, database, or mail server), and strategic locations (DMZ or intranet). You can place clients that fit a common usage profile into a common group on the console tree. In fact, you might name a group after its usage profile, for example, Web Servers.
With computer grouped in the console tree according to type, function, or geographic location, you can easily divide administrative functions along the same lines. With Host Intrusion Prevention you can also divide administrative duties based on product features, such as IPS or firewall.
With this release of Host Intrusion Prevention and ePolicy Orchestrator, policies are independent entities that are shareable across multiple nodes. You assign one policy for each category in a feature of Host Intrusion Prevention. Some categories, such as IPS rules, allow for several policies, with some either inherited from a parent node or applied at the node itself. In this instance, Host Intrusion Prevention handles conflicts by applying the stricter rule first. Through inheritance in ePolicy Orchestrator, when you assign a group node the appropriate policies, every system under that node automatically inherits its parent’s configuration.
Deploying Host Intrusion Prevention clients to thousands of computers is easily managed because most clients fit into a few usage profiles. Managing a large deployment is reduced to maintaining a few policy rules. As a deployment grows, newly added systems should fit one or more existing profiles, and can be placed under the correct group node on the console tree.
Preset protection
Host Intrusion Prevention offers basic protection through the McAfee default policy settings. This
Advanced protection is also available from some preset IPS and firewall policies. A profile for servers, for example, needs stronger protection than that offered in basic workstation protection. Or you can use the preset advanced protection policies as a basis for creating custom policies.
Adaptive and Learn mode
To further tune protection settings, Host Intrusion Prevention clients can create
21