McAfee Firewall Enterprise System Administration Intel Security Education Services Administration Course



Similar documents
McAfee Security Information Event Management (SIEM) Administration Course 101

McAfee Network Security Platform Administration Course

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

McAfee Firewall Enterprise 8.3.1

McAfee Firewall Enterprise 8.2.1

McAfee Network Data Loss Prevention Administration Intel Security Education Services Administration Course

McAfee Next Generation Firewall (NGFW) Administration Course

Best Practices Revision A. McAfee Gateway 7.x Appliances

FortiGate Multi-Threat Security Systems I Administration, Content Inspection and SSL VPN Course #201

McAfee Application Control / Change Control Administration Intel Security Education Services Administration Course

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

When your users take devices outside the corporate environment, these web security policies and defenses within your network no longer work.

F-Secure Messaging Security Gateway. Deployment Guide

IINS Implementing Cisco Network Security 3.0 (IINS)

Implementing Cisco IOS Network Security

McAfee VirusScan and epolicy Orchestrator Administration Course

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

Installation Guide Revision B. McAfee Gateway 7.x Virtual Appliances

McAfee Endpoint Encryption for PC 7.0

McAfee Asset Manager Console

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Cisco AnyConnect Secure Mobility Solution Guide

Barracuda Link Balancer

Securing Networks with PIX and ASA

IBM Security SiteProtector System Configuration Guide

Course Syllabus. Fundamentals of Windows Server 2008 Network and Applications Infrastructure. Key Data. Audience. Prerequisites. At Course Completion

Data Center Connector for vsphere 3.0.0

BorderWare Firewall Server 7.1. Release Notes

FortiMail Filtering Course 221-v2.2 Course Overview

Citrix NetScaler 10 Essentials and Networking

HP IMC Firewall Manager

TABLE OF CONTENTS NETWORK SECURITY 2...1

Data Center Connector for OpenStack

Cisco Certified Security Professional (CCSP)

Installation and configuration guide

"Charting the Course...

Fireware Essentials Exam Study Guide

SWSA ((SECURING WEB WITH CISCO WEB SECURITY APPLIANCE)) 2.1

Barracuda Link Balancer Administrator s Guide

NETASQ MIGRATING FROM V8 TO V9

Configuring SSL VPN on the Cisco ISA500 Security Appliance

IBM Security QRadar Vulnerability Manager Version User Guide

Security Technology: Firewalls and VPNs

NEFSIS DEDICATED SERVER

Sophos for Microsoft SharePoint startup guide

HP A-IMC Firewall Manager

Case Study for Layer 3 Authentication and Encryption

Implementing Core Cisco ASA Security (SASAC)

McAfee Data Loss Prevention 9.3.0

Network Access Security. Lesson 10

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Trend Micro Encryption Gateway 5

Deploying Virtual Cyberoam Appliance in the Amazon Cloud Version 10

Cisco ASA, PIX, and FWSM Firewall Handbook

Configuring the Transparent or Routed Firewall

Configuring Windows Server 2008 Network Infrastructure

A Guide to New Features in Propalms OneGate 4.0

Installation and configuration guide

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

Use QNAP NAS for Backup

Web Application Firewall

FortiMail Filtering Course 221-v2.0. Course Overview. Course Objectives

R4: Configuring Windows Server 2008 Network Infrastructure

Web Request Routing. Technical Brief. What s the best option for your web security deployment?

Vantage Report. User s Guide. Version /2006 Edition 1

INTRODUCTION TO FIREWALL SECURITY

CounterACT 7.0 Single CounterACT Appliance

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide

Implementing Cisco IOS Network Security v2.0 (IINS)

QUICK START GUIDE. Cisco S170 Web Security Appliance. Web Security Appliance

Step-by-Step Configuration

IBM Security QRadar SIEM Version MR1. Administration Guide

MS-55115: Planning, Deploying and Managing Microsoft Project Server 2013

CNS-208 Citrix NetScaler 10.5 Essentials for ACE Migration

SESA Securing with Cisco Security Appliance Parts 1 and 2

6445A - Implementing and Administering Windows Small Business Server 2008

McAfee Enterprise Security Manager 9.3.2

Setup Guide. Archiving for Microsoft Exchange Server 2003

Forward proxy server vs reverse proxy server

F-SECURE MESSAGING SECURITY GATEWAY

Application Note. Protecting Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

Product Guide. McAfee Endpoint Protection for Mac 2.1.0

Citrix NetScaler 10.5 Essentials for ACE Migration CNS208; 5 Days, Instructor-led

Configuring IPsec VPN with a FortiGate and a Cisco ASA

Managing Remote Access

Networking for Caribbean Development

Introduction to Endpoint Security

Configuration Information

CNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions

Stonesoft 5.5. Firewall/VPN Reference Guide. Firewall Virtual Private Networks

Basic & Advanced Administration for Citrix NetScaler 9.2

FortiMail Filtering. Course for FortiMail v4.0. Course Overview

SuperLumin Nemesis. Administration Guide. February 2011

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0

QUICK START GUIDE. Cisco C170 Security Appliance

F IREWALL/VPN REFERENCE GUIDE

Administrators Guide Revision A. McAfee Gateway Appliances

Implementing Secured Converged Wide Area Networks (ISCW) Version 1.0

Disaster Recovery White Paper

Fundamentals of Windows Server 2008 Network and Applications Infrastructure

Transcription:

McAfee Firewall Enterprise System Administration Intel Security Education Services Administration Course The McAfee Firewall Enterprise System Administration course from McAfee University is a fast-paced, hands-on introduction to the product. It supplies a broad familiarity with dayto-day administration skills and the knowledge required to use those skills effectively. Course Goals Customize SMTP application to increase system and network security. Customize McAfee Firewall Enterprise auditing. Configure firewall to send logs to an off-board server. Perform configuration backups and restores. Agenda At A Glance Day 1 Firewall Security Features and Components System Planning & Integration Firewall Routing Zones Audience System and network administrators, security personnel, auditors, and/or consultants concerned with network and system security should take this course. Register Now for Training

Agenda At A Glance Continued Day 2 Man Pages Day 3 tcpdump Auditing & Reporting DNS Configuration Policy Management Application Rule Endpoints Application Defenses Day 4 NAT and Redirection Authentication Network Integrity Agent GeoLocation IPS Inspection SSL Decryption/Re-Encryption Mail Day 5 Global Threat Intelligence SmartFilter Backup & Restoration IPSEC VPN s High AvailabilityCase Studies CLI Administration Best Practices Working with SIEM IPv6 Control Center Recommended Pre-Work It is recommended that the students have a working knowledge of Microsoft Windows administration, system administration concepts, a basic understanding of computer security concepts, and a general understanding of Internet services. Course Outline Module 0: About The Course McAfee university Product Curriculum No Duplication Facilities McAfee Technical Support Introduction Prerequisites Course Objectives Course Materials Acronyms Used in Course Lab Environment Standalone Firewalls Lab Topology Standalone Firewalls Lab Environment HA Cluster Lab Topology HA Cluster Module 1: Firewall Security The Basics Packet Filter Firewall Security Concepts Stateful Inspection Firewall Security Concepts Application Defense Firewall Security Concepts Differences Between Firewall Security Types Next-Generation Firewall Next-Generation Firewall Use Cases

Module 2: Firewall Enterprise Features and Components Background of McAfee Firewall Enterprise Global Threat Intelligence (GTI) Features and Components Module 3: Firewall Enterprise System McAfee Firewall Enterprise Product Portfolio Multi-Firewall Appliance Options 3rd Party Integration Options Virtual Appliance Software Only SecureOS Type Enforcement Concept Type Enforcement Benefits Type Enforcement Implementation Type Enforcement Controls Disk Format Boot Options Packet Processing Module 4: Planning for Firewall Enterprise Integrations Interactions with Other Network Devices Zones Before Firewall Enterprise Zones Physical Zones Virtual Zones Zones Zones: Sample Multi-Zone Configuration Firewall Integration Planning Zones Zones After Firewall Enterprise Routing Before Firewall Enterprise Firewall Integration Planning Routing Routing After Firewall Enterprise DNS Before Firewall Enterprise Firewall Integration Planning DNS DNS After Firewall Enterprise Mail Before Firewall Enterprise Firewall Integration Planning SMTP Mail after Firewall Enterprise Integration Policy Integration Wrap-Up Cutover Considerations Module 5: Firewall Enterprise Firewall Enterprise Software Creating Initial Configuration Initial Configuration Methods Text-Based Quick Start Program Quick Start Wizard Lab Management software and

Quick Start Wizard Firewall Enterprise Administration Remote Administration Firewall Enterprise Admin Console Firewall Enterprise Admin Console Setup Connecting to Admin Console Firewall Admin Console Firewall Enterprise Keyboard Mapping Secure Command Line Access Connecting to the SSH Server Lab - Secure Command Line Access Firewall Enterprise License Lab Activate Firewall Enterprise License Software Management Managing Firewall Enterprise Packages Software Management Creating a CD with Firewall Enterprise Packages Installing Admin Console Patches Lab Load and Install Patches Using MFE GUI Lab Verify the MFE Module 6: Routing Routing Dynamic Routing Static Routes Lab - Static Routes Module 7: Firewall Enterprise Zones Zone Zone Configuration Physical Zone Configuration Lab - Physical Zone Configuration Module 8: man Pages Using the Firewall s built in Manual System Reading Firewall Enterprise man Pages Lab man pages Module 9: tcpdump Looking at network traffic on Firewall Enterprise Command Line tcpdump Introduction Sample command line test of HTTP server Sample tcpdump output of command line HTTP test Connection setup Client data transfer Server data transfer and connection close Looking deeper into the packet Decoding application data Example of Netprobe Traffic

Example of ACL Deny Traffic Example of Upstream Network Problem (1) Example of Upstream Network Problem (2) Using tcpdump in the Admin Console Module 10: Auditing and Reporting Audit Process syslog Audit Process Components Pre-Defined Audit Filters Advanced Pre-Defined Audit Filters Audit Process Tools Audit Viewing Audit Viewing A Specific Filter Type Audit Viewing Detail View Audit Viewing Ascii View Audit Viewing Export Output Audit Viewing An Ascii Exported File Audit Viewing A SEF Exported File Audit Viewing A XML Exported File showaudit Custom Audit Filters Custom Audit Filters Admin Console Custom Audit Filters Command Line acat and sacap_filter Understanding Audit Messages Exporting Audit Reporting Exporting Audit Archiving Lab syslog Log Administration Crontab Admin Console GUI File Editor rollaudit.conf Lab - Audit File Rotation Attack and System Event Responses Attack Responses Pre-Defined Attack Responses System Responses Pre-Defined System Response Events (1 of 2) Attack Response Configuration Attack Response Settings Attack Response Configuration cf audit Command Lab - Attack Response Configuration Module 11: Firewall Enterprise DNS Configuration Module Topic DNS Before Firewall Enterprise Firewall Enterprise DNS Configuration Options Split DNS Servers Architecture Split DNS Servers - Outbound Flow Split DNS Internet Name Server Split DNS Unbound Name Server Split DNS File Contents Split DNS Single DNS Server Architecture Single DNS Server Outbound Flow Single DNS Unbound Server Single DNS File Contents

Single DNS Transparent DNS Transparent DNS Flow Transparent DNS Split DNS Name Server Log Examples Split DNS Internet Name Server Log Examples dig host Nslookup DNS Administration GUI Firewall Enterprise DNS Administration Lab - Transparent DNS Configuration Module 12: Policy Management Policy Terminology Policy Rules Access Control Rules Access Control Rule Groups Access Control SSL Rules SSL Rule Interactions Rule Organization Firewall Enterprise Default Policy Default Policy - Initial Configuration Default Policy Disabled Rules Default SSL Rules Use Case Scenarios Policy Command-line Administration Lab Policy Management Application Discovery Application Evaluation/Discovery Configuring Application Discovery Lab Application Discovery Module 13: Application About Applications Application Elements Types of Applications Application Type Scenarios Application Management Rule Interactions Application Selection Outbound Web Browsing Application Rule Verification Lab - Outbound Web Browsing Application Rule Outbound Web Traffic Using A Proxy Outbound Web Traffic Using A Proxy Verification Lab - Outbound Web Traffic Using A Proxy Allowing Outbound Access Using a Zone Group Lab - Allowing Outbound Access Using a Zone Group Deny/Drop Traffic Lab Allow Web Traffic with Restrictions Deny/Drop Traffic Example using the Deny option Verification Example using the Drop option Verification Lab - Deny/Drop Access Control

Rules Rules with Multiple Applications Application Group Management Application Group Selection Lab Allow Outbound Traffic Using Multiple Services in a Rule Servers Administration Access Control Rules Remote Access Management Run the SSH Server and Application Together Lab - Run the SSH Server and Application Together Module 14: Rule Endpoints Condition Elements Condition Elements Sources and Destinations Policy Refinement - Network Objects Policy Refinement Groups Network Objects and Netgroups Network Object Administration Netmap Network Objects Adding a Netmap Network Object Reviewing Membership of a Network Group Object Usage Special Objects Policy Refinement Time Periods Advanced Area Endpoint Usage Rule Endpoints and Redirection Policy Command-line Administration Lab - Network Objects and Netgroups Rule Elements Module 15: Application Defenses Application Defense Application Defense Profiles Application Defense Groups Configuration Application Defense Configuration Specialized Application Defenses Administration Generic Application Defense Administration Transparent vs. Non-Transparent Access Anti-Virus Feature Virus Scanning Lab - MIME/Virus/Spyware Scanning for Outbound HTTP Traffic Module 16: NAT and Redirection NAT vs. Redirection Inbound Connections Redirected Inbound Connections Re-directed Rule Operation Re-directed Access Control Rules Operation Multiple Inbound Redirected Connections NAT and Redirect Rule Properties Inbound Policy Using a Netmap Rule Groups

Lab - Allowing Inbound Access Module 17: Authentication Authentication Administrator Accounts Users and User Groups Requiring Authentication on a Rule Lab - Users and Administrator Account Users of Authenticators Configuring Password Authenticator Configuring Off-Board Authenticators Active Passport Active Passport Authenticators Active Passport Configuration Passport Authentication Example Passport Authentication Example Removing Users from Authentication Cache Lab - Passport Authentication Passive Passport McAfee Login Collector MLC Component MLC Operation MLC Product Integration MLC Deployment General MLC Deployment Firewall Enterprise MLC 2.0 New Features Configuring Passive Passport Validate MLC Architecture Requirements Install the MLC Configure the MLC Configure Passive Passport on MFE Configure Rules to use Passive Passport Passive Passport Audit Logs Module 18: Network Integrity Agent Hardware and Software Requirements Limitations Deployment via epo Manual Deployment NIA Configuration Certificate Configuration Configure Firewall Enterprise NIA Settings NIA Hosts and Discovery NIA Advanced Settings Command Line Configuration Discovery Mode Command Line Explicit NIA Communication Rule Active Hosts Firewall View NIA Audit Agent Status and Logs Lab Install and Configure NIA Module 19: Geo-Location Firewall Enterprise Geo-Location Geo-Location Configuration Geo-Location License Lab Geo-Location for Inbound Traffic

Module 20: IPS Inspection Background IPS Strategies - Anomaly based IPS Strategies - Signature based Firewall Enterprise s IPS Feature IPS Inspection High Level Process Flow IPS Configuration Signatures Attributes Category Signatures Attributes Class Type Signatures Attributes - Threat Level IPS Configuration IPS Responses Signature Groups Signature Browser Adding IPS Inspection to Rules IPS Inspection IPS Inspection Verification Lab - IPS Inspection for Inbound HTTP Traffic Module 21: SSL Decryption/Re-Encryption Terminology Traffic Interaction Decrypt Only Traffic Interaction Decrypt/Re- Encrypt SSL Rule and Access Control Rule Interactions No Decryption Configuration Decrypt Only Configuration Traffic Interaction Decrypt Only SSL Decryption Configuration Prerequisites Decrypt Only Configuration SSL Rule Decrypt Only Configuration Access Control Rule Decrypt Only Configuration Lab - SSL Decryption Decryption/Re-Encryption Configuration Decrypt/Re-Encrypt Configuration SSL Rules Decryption Exemption Configuration SSL Rules Decrypt/Re-Encrypt Configuration Access Control Rules Decrypt/Re-Encrypt Configuration Summary Decrypt/Re-Encrypt Configuration Module 22: Mail Mail Before Firewall Enterprise How Mail Flows before Firewall Enterprise Mail Sendmail External Sendmail Server Internal Sendmail Server Common_Sendmail Server Outbound Mail Flow Using Sendmail Inbound Mail Flow Using Sendmail Sendmail Controls Sendmail Controls Incoming Mail

Sendmail Controls Outgoing Mail Sendmail Configuration Sendmail Operations Sendmail Server Log Examples Testing Mail Reconfigure Mail Transparent Mail Transparent Configuration Mail Flow Transparent Mail Configuration Mail Addressed to root Lab Mail Transparent Mail Configuration Module 23: Global Threat Intelligence (GTI) GTI Using GTI GTI License Reputation Classes Filtering Mail with GTI TrustedSource Reputation Scores Enabling GTI Filtering Reviewing Log Files Reviewing Log Files Command Line Examples Checking Reputation Lab TrustedSource Filtering Module 24: SmartFilter SmartFilter Feature SmartFilter Architecture SmartFilter Architecture Option 1 SmartFilter Architecture Option 2 Filter Policies Custom Categories SmartFilter Auditing SmartFilter Configuration Management Source and Licensing Download SmartFilter Database Define Policy Non-Transparent Access Allow Non-Transparent HTTP Connections Apply Policy Using Application Defenses Configure Client to Use a Proxy Server Deny or Warn Access Based on SmartFilter Policy Lab SmartFilter Module 25: Firewall Enterprise Backup/ Restore Options Backup and Restore Configuration Backups and Restores Configuration Backup and Restore Options Client System Configuration Backup Manage Configuration Backups Disaster Recovery Backup and Restore Restoring a Configuration Backup from Local HDD Schedule Automatic Configuration Backups Lab Firewall Enterprise Backup/

Restore Module 26: VPN s VPN VPN Encapsulation Types Firewall Enterprise Specific Encapsulation Types How an Inside Tunnel VPN works Virtual Zone Firewall Enterprise Specific Encapsulation Types VPN Key Exchange Rules VPN Key Exchange Protocols Certificate Authority Functionality Authentication and Encryption Algorithms NAT-Traversal with IPSec VPN Configuration VPN Configuration - ISAKMP Server VPN Configuration ISAKMP Rule VPN Configuration - VPN Definitions VPN Administration VPN Scenarios VPN Scenario #1 Lab - Gateway to Gateway Shared Password VPN Certificate/Key Management VPN Scenario #2 Lab - Gateway to Gateway Certificate/Virtual Zone VPN Module 27: High Availability High Availability Concepts HA Concepts Configuration Options HA Concepts Failover Event HA Concepts Firewall Boot Sequence Load Sharing High Availability Concepts LSHA Concepts - Layer 2 Modes Multicast LSHA Concepts - Layer 2 Modes Unicast Mirrored LSHA Concepts - Layer 2 Modes Unicast Flooded LSHA Concepts Traffic Handling LSHA Concepts Load Sharing Method LSHA Concepts VPNs LSHA Concepts Failover Event LSHA Concepts Firewall Boot Sequence High Availability Remote Test IP/ Interface Test HA Configuration Remote Test IP/ Interface Test LSHA Configuration Remote Test IP/Interface Test HA/LSHA Stateful Failover Cluster Management Cluster Management HA Cluster Management Cluster Setup Cluster Management Registration Cluster Management Entrelayd Cluster Management Administration Cluster Management HA/LSHA Configuration HA/LSHA Configuration 1st firewall HA Configuration 1st firewall Step 2 HA Configuration 1st firewall Step 3 HA Configuration 1st firewall Step 4 HA Configuration 2nd firewall

HA Configuration 2nd firewall Step 3 HA Configuration Verification Restarting an HA Cluster Lab - High Availability Removing Firewalls from an HA Cluster Lab Removing Firewalls from HA Cluster Module 28: SIEM What is SIEM How SIEM is used McAfee SIEM Components McAfee SIEM Architecture Combo Boxes McAfee SIEM Architecture ESM McAfee SIEM Architecture Receiver McAfee SIEM Architecture DEM McAfee SIEM Architecture ADM McAfee SIEM Architecture ACE McAfee SIEM Architecture - McAfee SIEM Sizing Receiver Data Sources Receiver Properties Add Data Source System Navigation Add Data Source Data Source Screen Add Data Source Data Source Auto Learn Data Sources Event Reporter Dashboard SIEM Course Module 29: IPv6 IPv6 IPv6 Address Subnets Interfaces Initial Allocations Unique Local Unicast MAC Address IPv6 Improvements The Death of NAT Automatic Network Configuration The Death of Broadcast The Death of ARP Path MTU IP Header Changes for Faster Routing Controlling BGP Table Size at the Core Firewall Enterprise IPv6 Support Using IPv6 on Firewall Enterprise Lab IPv6 Module 30: Control Center About McAfee Firewall Enterprise Control Center Key Feature What s New in Control Center Components Control Center Appliance Options

McAfee Firewall Enterprise Management Portfolio Supported Features and Functions Policy Management Tools Client Application Dashboard Icon Policy Icon Monitor Icon Maintenance Icon Control Center Icon epolicy Orchestrator Integration Intel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or other countries. McAfee and the McAfee logo are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. The product plans, specifications and descriptions herein are provided for information only and subject to change without notice, and are provided without warranty of any kind, express or implied. Copyright 2015 McAfee, Inc. To order, or for further information, please contact McAfee Education at: 1-866-210-2715. NA, LTAM, and APAC: education@mcafee.com EMEA: proserv@mcafee.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information