McAfee® Host Intrusion Prevention 6.1 Product Guide

Firewall Policies

 

Overview

5

Overview

The Host Intrusion Prevention firewall protects a networked computer from intrusions that compromise data, applications, or the operating system. It provides this protection by working at several layers of the network architecture, where different criteria are used to restrict network traffic. This network architecture is built on the seven-layer Open System Interconnection (OSI) model, where each layer handles specific network protocols.

Figure 5-1 Network layers and protocols

HIP 6.0 rules

The firewall in Host Intrusion Prevention 6.0 worked basically at Network Layer 3 and Transport Layer 4, routing network packets to their destination. At these layers the firewall uses static packet filtering with top-down rule matching. When a packet is analyzed and matched with a firewall rule, criteria such as IP address, port number, and packet type are used to allow or block the packet. If no matching rule is found, the packet is dropped. Bidirectional firewall rules are required, especially for UDP and ICMP protocols.

HIP 6.1 rules

The firewall in Host Intrusion Prevention 6.1 introduces a stateful firewall with both stateful packet filtering and stateful packet inspection.

69

Page 69
Image 69
McAfee manual HIP 6.0 rules, HIP 6.1 rules