McAfee Application Control / Change Control Administration Intel Security Education Services Administration Course



Similar documents
McAfee VirusScan and epolicy Orchestrator Administration Course

McAfee Security Information Event Management (SIEM) Administration Course 101

McAfee Host Data Loss Prevention Administration Intel Security Education Services Administration Course

McAfee Network Data Loss Prevention Administration Intel Security Education Services Administration Course

McAfee Network Security Platform Administration Course

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

McAfee Solidcore Product Guide

About this release. McAfee Application Control and Change Control Addendum. Content change tracking. Configure content change tracking rule

McAfee VirusScan Enterprise for Linux Software

McAfee Certified Product Specialist McAfee epolicy Orchestrator

McAfee MOVE AntiVirus Multi-Platform 3.5.0

Data Center Connector for vsphere 3.0.0

How To Set Up A Security System For A Network Security System (Netware)

McAfee Asset Manager Console

Release Notes for McAfee epolicy Orchestrator 4.5

Installing and Administering VMware vsphere Update Manager

McAfee Content Security Reporter 2.0.0

Desktop Release Notes. Desktop Release Notes 5.2.1

epolicy Orchestrator Log Files

Product Guide. McAfee epolicy Orchestrator Software

McAfee Public Cloud Server Security Suite

McAfee SiteAdvisor Enterprise 3.5.0

ALTIRIS Software Delivery Solution for Windows 6.1 SP3 Product Guide

Data Center Connector for OpenStack

Product Guide. McAfee epolicy Orchestrator Software

McAfee Endpoint Security Software

Performance Optimizer Software

Upgrade Guide. McAfee Vulnerability Manager Microsoft Windows Server 2008 R2

McAfee Firewall Enterprise System Administration Intel Security Education Services Administration Course

Installation Guide. McAfee VirusScan Enterprise for Linux Software

Product Guide. McAfee Endpoint Protection for Mac 2.1.0

Hardware Sizing and Bandwidth Usage Guide. McAfee epolicy Orchestrator Software

McAfee epolicy Orchestrator Software

About Help Desk. McAfee Help Desk 2.0 Software. Product Guide. Functions of McAfee Help Desk software. Quarantine release.

Best Practices Guide Revision B. McAfee epolicy Orchestrator Software

McAfee Database Activity Monitoring 5.0.0

McAfee Optimized Virtual Environments - Antivirus for VDI. Installation Guide

NETWRIX EVENT LOG MANAGER

Kaseya Server Instal ation User Guide June 6, 2008

User Guidance. CimTrak Integrity & Compliance Suite

When your users take devices outside the corporate environment, these web security policies and defenses within your network no longer work.

Authoring for System Center 2012 Operations Manager

Setting up Microsoft Office 365

McAfee DAT Reputation Implementation Guide. Version 1.0 for Enterprise

Veritas Cluster Server Database Agent for Microsoft SQL Configuration Guide

VMware vcenter Update Manager Administration Guide

Unprecedented Malware Growth

McAfee Network Security Platform 8.2

VMware vcenter Update Manager Administration Guide

Installation Guide. McAfee Security for Microsoft Exchange Software

McAfee Endpoint Encryption for PC 7.0

Dell Active Administrator 8.0

McAfee Solidcore Change Reconciliation and Ticket-based Enforcement

Oracle Data Integrator 11g: Integration and Administration

Oracle Enterprise Manager

Application Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.1

Product Guide. McAfee epolicy Orchestrator Software

McAfee epolicy Orchestrator

Configuring ThinkServer RAID 100 on the TS140 and TS440

POC Installation Guide for McAfee EEFF v4.1.x using McAfee epo 4.6. New Deployments Only Windows Deployment

How To Encrypt Files And Folders With A Password Protected By A Password Encrypted By A Safesafe (Mafee) (Eeff) 4

Setting up Microsoft Office 365

Product Guide. McAfee Endpoint Security 10

QUICK START GUIDE FOR CORE AND SELECT SECURITY CENTER 10 ENDPOINT SECURITY 10

Lenovo Partner Pack for System Center Operations Manager

Release Notes McAfee Risk Advisor Software For use with epolicy Orchestrator and Software

McAfee Enterprise Security Manager 9.3.2

Version 4.61 or Later. Copyright 2013 Interactive Financial Solutions, Inc. All Rights Reserved. ProviderPro Network Administration Guide.

LogLogic Trend Micro OfficeScan Log Configuration Guide

Novell ZENworks Asset Management

IBM Security SiteProtector System Configuration Guide

AV Management Dashboard

McAfee Directory Services Connector extension

Product Guide. McAfee SaaS Endpoint Protection (October, 2012 release)

Service Release Notes 8.2

Release Notes for McAfee(R) VirusScan(R) Enterprise for Linux Version Copyright (C) 2014 McAfee, Inc. All Rights Reserved.

Configuring ThinkServer RAID 100 on the Lenovo TS130

McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software

Patch Management. Module VMware Inc. All rights reserved

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

SC-T35/SC-T45/SC-T46/SC-T47 ViewSonic Device Manager User Guide

CA ARCserve Backup r16.x Professional Exam (CAT-360) Study Guide Version 1.1

McAfee Agent Handler

NETWRIX ACCOUNT LOCKOUT EXAMINER

Oracle Data Integrator 12c: Integration and Administration

McAfee Web Gateway 7.4.1

Best Practices Guide. McAfee Endpoint Protection for Mac 1.1.0

McAfee Threat Intelligence Exchange Software

5nine Security for Hyper-V Datacenter Edition. Version 3.0 Plugin for Microsoft System Center 2012 Virtual Machine Manager

Smart Business Architecture for Midsize Networks Network Management Deployment Guide

User Guide. Version 3.2. Copyright Snow Software AB. All rights reserved.

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide

McAfee SIEM Alarms. Setting up and Managing Alarms. Introduction. What does it do? What doesn t it do?

McAfee VirusScan Enterprise 8.8 software Product Guide

Best Practices Guide. McAfee epolicy Orchestrator Software

McAfee Risk Advisor 2.7

Core Protection for Virtual Machines 1

Product Guide. McAfee Endpoint Security for Mac Threat Prevention

Transcription:

McAfee Application Control / Change Control Administration Intel Security Education Services Administration Course The McAfee University Application Control / Change Control Administration course enables attendees to receive in-depth training on the full benefits and deployment of McAfee Application Control / Change Control products. Enabling administrators to fully understand the capabilities of their security solution not only reduces the risks of mis-configuration but also ensures an organization gets the maximum protection from their installation. Course Goals Understand the capabilities of McAfee s Application Control / Change Control solution install and administer ACCC. Manage remote clients. Protect end points. Agenda At A Glance Day 1 McAfee Security Connected and epolicy Orchestrator Overview Introduction to the McAfee Application Control/Change Control Planning a McAfee AC/CC-ePO Deployment McAfee Agent Application Control/Change Control Extension Installation MACCC Application Control/ Change Control Server Tasks and Permissions Solidcore Clients Audience System and network administrators, security personnel, auditors, and/or consultants concerned with network and system security should take this course. Register Now for Training

Agenda At A Glance Continued Day 2 Day 3 Introduction to Application Control Policies Policy Modifications Inventory Events and Alerts Introduction to Change Control and Integrity Monitoring Change Control Dashboards and Reporting Day 4 Troubleshooting Case Studies CLI Administration Best Practices Recommended Pre-Work It is recommended that the students have a working knowledge of Microsoft Windows administration, system Administration concepts, a basic understanding of computer security concepts, and a general understanding of viruses and anti-virus technologies. Course Outline Module 1: Introduction to the McAfee Application Control/Change Control What is MACCC? Supported Operating Systems Solidcore Architecture Multi-layered Security Solution Whitelisting Trust Model Image Deviation Differentiators Visibility and Enforcement for Endto-end Compliance File Integrity Monitoring Change Prevention Install Workflow Navigation to Solidcore Components Solidcore Updaters or Publishers Solidcore Installers Solidcore Policies Windows Path Definitions Solidcore Server Tasks Solidcore: Purge Task Migration Server Task Calculate Predominant Observations (Deprecated) Content Change Tracking Report Generation Solidcore: Run Image Deviation Image Deviation (Application Control) Specifying a Golden Image Solidcore: Scan a Software Repository Module 2: Planning a McAfee epolicy Orchestrator Deployment Platform Requirements epo Server Hardware Requirements epo Server Operating Systems epo Server Prerequisite Software Supported Web Browsers Supported SQL Server Releases Default Communication Ports Default Ports Determining Ports in Use Virtual Infrastructure Requirements Deployment Guidelines

Deployment Scenario: Basic Plan Solution A: One epo Server Solution B: Two epo Servers Solution C: epo server with Agent Handlers Deployment Scenario: Disk Solution: Less than 5,000 Nodes Solution: 5,000 to 25,000 Nodes Deployment Scenario: Disk Solution: 25,000 to 75,000 Nodes Solution: More than 75,000 Nodes Database Sizing How Products and Events Affect Calculations Example: Calculating Averages Calculating Your Environment Managing Scalability Environmental Factors Module 3: Security Connected and McAfee epolicy Orchestrator Overview Security Evolution Security Connected Breadth and Depth for Security epo Solution Overview New for this Release Basic Solution Components How epo Works Essential Features Integration with Third-Party Products epo Web Interface Menu Page Customizing the User Interface Architecture and Communication Functional Process Logic Data Storage Module 4: McAfee Agent McAfee Agent Overview New for This Release Agent Components Agent-Server Secure Communication Keys Communication after Agent Installation Typical Agent-to-Server Communication McAfee Agent-to-Product Communication Forcing Agent Activity from Server Wake-up Calls and Wake-up Tasks Configuring Agent Wake-up Locating Agent Node Using DNS Using System Tray Icon Forcing McAfee Agent Activity from Client Viewing McAfee Agent Log epo 4.x/McAfee Agent 4.x Feature Dependencies Agent Files and Directories Sitelist.xml McAfee Agent Log Files Using Log Files Installation Folders Module 5: Application Control/Change Control Extension Installation Extensions in epo Extensions Menu Integration of AC/CC Extension Installation Requirements System Requirements epo Database Sizing Installation of Extension Solidcore Licensing

What is Solidcore? Install Workflow Review Installing Licenses Solidcore Database Tables Module 6: Solidcore Client Solidcore Architecture The agent plug-in and how it works Types of Platforms Protected Supported Systems Check in Agent Plug-in Package into epo Deploying the Solidcore Agent Plugin Verifying Installation from the Endpoint Solidcore Client Tasks Enable Solidcore Agent Task Disable Solidcore Agent Task Initial Scan to Create Whitelist Pull Inventory Begin Update Mode End Update Mode Change Local CLI Access Collect Debug Info Run Commands Get Diagnostics for Programs Features for the Client Client Notifications and Events Client Events and Approvals Customizing Client Notifications Module 7: Application Control Initial What are Observations? Observe Mode Manage requests Review requests Process requests Allow by checksum on all endpoints Allow by publisher on all endpoints Ban by checksum on all endpoints Define custom rules for specific endpoints Allow by adding to whitelist for specific endpoints Define bypass rules for all endpoints Delete requests Review created rules Throttle observations Define the threshold value Review filter rules Manage accumulated requests Exit Observe mode Inventory Introduction Fetch Inventory GTI Integration Trust level and score Cloud Trust Score Inventory Without Access to GTI Fetch McAfee GTI ratings for isolated networks Export SHA1s of all binaries Run the Offline GTI tool Fetch Inventory Bad File Found Event Manage the inventory Manage Binaries Application Control Policies Role of the Policy Application Control Managing Rule Groups Creating an Application Control Rule Group Updater Tab Trusted Users

Exceptions Using a Rule Group to Block an Application Module 8: Application Control Feature Administration What is Update Mode? How to Update a Solidified System Auto-Updaters Authorized Updaters Determining Updaters Understanding Publishers Understanding Installers Scan a Software Repository Revisit - Solidcore Permission Sets Reboot Free Activation Inventory Management Enhancements Inventory Management Pull Inventory Inventory By Application Inventory By Systems Inventory Application Drill-down Inventory Binary Drill-down Search Filters Modifying Enterprise Trust Level Module 9: Event and Alerts Understanding Events What Creates an Event When Are Events Sent Back? Viewing Events Advanced Filters Selecting Columns to Display Viewing the Details of an Event Solidcore Events Example of Solidcore Events Application Control Events Planning Automatic Responses Throttling, Aggregation, and Grouping Alerts Understanding Alerts Scenarios Configuring a Solidcore Alert Viewing an Alert Support of SNMP Alerts Customizing End User Notifications Syslog Enhancements Module 10: Change Control Initial Application Control & Change Control Change Control & Integrity Monitoring Scenario File Integrity Monitoring Workflow Disable Solidcore Enable Solidcore on the Endpoint Verifying Client Task Completion Integrity Monitoring Policies Using Integrity Monitor Creating an Integrity Monitor policy Integrity Monitoring Policies Testing your Monitoring Reducing Noise Example of Reducing Noise Module 11: Using the Policy Catalog and Managing Policies Change Control Policies Role of the Policy Variables for Use in Policies Example of Variables in a Rule Group Scenario Write Protect a File, Trusted Program

can Alter Write Protect a Registry Key, Program can Alter Write Protect a File, Trusted User can Alter Verifying only Trusted User can Alter Read Protection must be Enabled Read Protect a File, Trusted Program can Access Emergency Changes Content Change Tracking One Click Exclusion (Advanced Exclusion Filtering) One Click Exclusion Troubleshooting Module 12: Dashboards and Reporting The Dashboard epo Dashboards Queries As Dashboard Monitors Dashboard Access Dashboard Solidcore Dashboards Application Control Dashboard Change Control Dashboard Integrity Monitor Dashboard Inventory Dashboard Solidcore Queries Reporting > Solidcore Application Control > Inventory Application Control > Image Deviation Automation > Solidcore Client Task Log Scenario Creating a Customized Dashboard Making a Dashboard Public Set the Default Dashboard Module 13: Troubleshooting Solidcore Architecture and Components Solidcore 6.1.3 Architecture Troubleshooting References Location of Solidcore Files on Endpoint epolicy Orchestrator Application Server Service Logs Solidcore Registry Keys on Endpoint Solidcore Services Troubleshooting Best Practice Escalation Best Practices Troubleshooting GTI Cloud Issues Best Practice Top Issues Task Failure Top Issues - Denied Execution Issues Top Issues - Denied Execution of a Network Share Top Issues Network Share Top Issues - KB Useful Tools Solidcore Event Logs Solidcore User Notifications Solidcore Troubleshooting Tools Escalation Tools Solidcore Database Tables Minimum Escalation Requirements (MER) Running MER Tool on Client Dump Tools Module 14: Case Studies A Case from History Unpatched, Known Vulnerabilities in the Client Browser-based Exploits The Remedy Application Whitelisting

Increasing Compliance Requirements Remedy File Monitoring Complete the Task Module 15: CLI Administration Solidcore CLI Location of Solidcore Files on Endpoint Viewing the CLI Access Enabling the CLI Unlocking the CLI Locally Securing the CLI Using the CLI SADMIN Commands Solidifying from the CLI Unsolidifying What is Solidcore s Status? Beginning the Update Status Ending the Update Status Enabling and Disabling Solidifier SADMIN Commands Advanced SADMIN Commands Solidcore Commands New CLI Commands Application Control Rules & Helpful Commands Read/Write Protect Files Change Control Commands Write Protection How To Write Protect a File Modifying a Read/Write Protected Files Change Control Features Write Protection Application Control Authorize Command Arguments Discovering and Adding Updaters SADMIN Diag Notations Discovering and Adding Updaters Using Attributes to Control File Execution Attributes Using Attributes to Control File Execution Viewing Solidcore Events Event Sinks Logging Events Event Names and Log Entries Product Tools Module 16: Best Practices Review of Initial Setup Tasks Systems Tree Infrastructure Communication between epo and Agent Activation Options: Application Control Only Inventory Collection Scan Protection State Selection Protection State Delivery Testing Protection mechanisms Policies and Rule Groups Policy Tuning Bypass Rules and Exclusions Inventory and Whitelist Updaters Application Control Memory Protection Maintenance Basic Troubleshooting and FAQs Solving Memory Discrepancies Helpful Resources Intel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or other countries. McAfee and the McAfee logo are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. The product plans, specifications and descriptions herein are provided for information only and subject to change without notice, and are provided without warranty of any kind, express or implied. Copyright 2015 McAfee, Inc. To order, or for further information, please contact McAfee Education at: 1-866-210-2715. NA, LTAM, and APAC: education@mcafee.com EMEA: proserv@mcafee.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information