* McAfee Training Information Security Architect


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

* McAfee Training Information Security Architect

  1. 1. McAfee Training Information Security Architect Alan J. White, CISSP, CEH, GCIA
  2. 2. Agenda <ul><li>Product Overview </li></ul><ul><li>Virus Scan </li></ul><ul><li>Reports (Emailed or save as PDF) </li></ul><ul><li>System Compliance Profiler </li></ul><ul><li>Rogue System Detection </li></ul>
  3. 3. News <ul><li>Recent Spyware incident </li></ul><ul><li>News – McAfee flaw should have a patch very soon. </li></ul><ul><li>Virex does support Mac OS X, despite Apple no longer supporting the product, however a patch is needed for 7.7 to resolve an updating issue. </li></ul>
  4. 4. Best Higher Education Virus Website
  5. 5. Support <ul><li>URI has site license for several McAfee products, for both office and home use, but not for any commercial use. </li></ul><ul><li>Must use in accordance with McAfee terms of agreement </li></ul><ul><ul><li>http://www.uri.edu/virus/license.php </li></ul></ul>
  6. 6. Support <ul><li>Method of support and contacts: Primary: Alan White [email_address] 874-4787 Secondary: Tanya Roberts (Currently on maternity leave) [email_address] Tertiary: Mark Oliver [email_address] 874-4481 Information needed: - Issue - Product - Operating System and Patch Level (run winver.exe at CMD prompt) - Any actions performed in troubleshooting   Free Information (FAQs, Documentation, etc.):   http:// knowledge.mcafee.com / </li></ul>
  7. 7. Products <ul><li>Virus Scan </li></ul><ul><ul><li>‘ This year, reviews give the edge to McAfee VirusScan 2006 over the other industry leader, Norton Anti-Virus.’[1] </li></ul></ul><ul><ul><li>Many features and very customizable </li></ul></ul><ul><ul><ul><li>Block non authorized SMTP programs, main note that URI has had to add several programs for users to send email, most popular programs are already included such as Thunderbird, Eudora, Outlook, etc. </li></ul></ul></ul><ul><ul><ul><li>Change Daily scan time and frequency (Currently Daily) </li></ul></ul></ul><ul><ul><ul><li>Change local repository (Currently URI, then McAfee) </li></ul></ul></ul><ul><ul><ul><li>Change how often to check for new virus definitions (Currently every few hours) </li></ul></ul></ul>[1] http://www.consumersearch.com/www/software/antivirus-software/index.html
  8. 8. Products <ul><li>Virus Scan </li></ul><ul><ul><li>Disadvantage: System resource hog during daily scans </li></ul></ul><ul><ul><li>Need to realize the any changes made on a local machine are overridden every 5 minutes by central policy </li></ul></ul>
  9. 9. Products <ul><li>Anti-Spyware </li></ul><ul><ul><li>Advantage is that it adds Approx. 500+ additional definitions for known spyware. </li></ul></ul><ul><ul><li>No additional CPU overhead for running two separate products as with others (Ad-Aware, Spyware, etc) </li></ul></ul><ul><ul><li>McAfee paid support for Q&A </li></ul></ul><ul><ul><li>Rated #1 by independent review: </li></ul></ul><ul><ul><ul><li>http://www.uri.edu/virus/app/spywarereview.pdf </li></ul></ul></ul>
  10. 10. Products <ul><li>Anti-Phishing </li></ul><ul><ul><li>Free tool for IE Browsers </li></ul></ul><ul><ul><li>Warns and blocks access to Spoofed Websites (Picks up most, does miss some) </li></ul></ul><ul><ul><li>Note: A fake PayPal website looks the same in IE as it does in Firefox </li></ul></ul><ul><ul><li>Download at: www.uri.edu/virus/tools </li></ul></ul><ul><ul><li>Screen Shot: http://www.uri.edu/virus/app/phishing.doc </li></ul></ul>
  11. 11. Products <ul><li>Spam Submission Tool </li></ul><ul><ul><li>Free tool to promote better SPAM filters, as well as report Fake Phishing sites. </li></ul></ul><ul><ul><li>Disadvantage only works with Outlook 2000,XP,2003 (Not Outlook Express) </li></ul></ul><ul><ul><li>Download at: www.uri.edu/virus/tools </li></ul></ul>
  12. 12. Products <ul><li>Stinger </li></ul><ul><ul><li>Free tool that only runs when initiated and can only detect about 50-60 Viruses </li></ul></ul><ul><ul><li>Disadvantage must be downloaded each time you use as it will be out of date </li></ul></ul><ul><ul><li>Advantage is it is very fast as a ‘Seek and Destroy’ Stand Alone Tool </li></ul></ul><ul><ul><li>Note: Big misconception that it has a complete list of all viruses. It Doesn’t </li></ul></ul><ul><ul><li>Download at: http://vil.nai.com/vil/stinger/ or a bit out of date www.uri.edu/virus/tools </li></ul></ul>
  13. 13. Products <ul><li>SuperDat </li></ul><ul><ul><li>Free package with all Virus/Spyware definitions </li></ul></ul><ul><ul><li>Note: Dats contain only the last few definitions and Extra Dats are issued in between dats when URI detects Brand New Viruses (which has happened several times) </li></ul></ul><ul><ul><li>Note: Won’t install Spyware definitions is Anti-Spyware is not installed </li></ul></ul><ul><ul><li>Download at: http://www.mcafee.com/apps/downloads/security_updates/superdat.asp or local at www.uri.edu/virus/tools </li></ul></ul>
  14. 14. Products <ul><li>LinuxShield </li></ul><ul><ul><li>Linux AV protection </li></ul></ul><ul><ul><li>Don’t be ‘too cool’ not to install </li></ul></ul><ul><ul><li>Several Linux machines on campus would have detected hackers installing malicious code and back door programs if used </li></ul></ul><ul><ul><li>This can be monitored and generate reports via ePo console </li></ul></ul><ul><ul><li>Note: Be sure to check and install patches </li></ul></ul><ul><ul><li>RPM and Source Code available </li></ul></ul><ul><ul><li>Download at: http://www.uri.edu/virus/linux.php </li></ul></ul>
  15. 15. Products <ul><li>Virex </li></ul><ul><ul><li>Available for OS X </li></ul></ul><ul><ul><li>Current Version 7.7 with Patch </li></ul></ul><ul><ul><li>This can be monitored and generate reports via ePo console </li></ul></ul><ul><ul><li>The ePo agent is optional </li></ul></ul><ul><ul><li>Download at: http://www.uri.edu/virus/mac.php </li></ul></ul>
  16. 16. Products <ul><li>PDA </li></ul><ul><ul><li>Protection for Windows Pocket PC Only </li></ul></ul><ul><ul><li>URI has seen viruses on PDAs </li></ul></ul><ul><ul><li>Not much overhead, scans on ActiveSync or on demand </li></ul></ul><ul><ul><li>Download at: http://www.uri.edu/virus/pda.php </li></ul></ul><ul><ul><li>Screen shot: http://www.uri.edu/virus/img/ppc.jpg </li></ul></ul>
  17. 17. Products <ul><li>Firewall </li></ul><ul><ul><li>ePo Managed vs. Standalone </li></ul></ul><ul><ul><li>Managed allows an admin to control the Firewall rule set on several machines at once remotely. Standalone only gets patches and IPS updates from the ePo server, no policies. </li></ul></ul><ul><ul><li>Managed on default install, does not allow user to make rule changes, hides the icon, and has set of normally needed Microsoft ports blocked. </li></ul></ul>
  18. 18. Products <ul><li>Firewall </li></ul><ul><ul><li>Several Features </li></ul></ul><ul><ul><ul><li>Block IPs, Protocols, Ports, Programs, DNS Names (very granular rules) </li></ul></ul></ul><ul><ul><ul><li>Great logs, must choose activity to log, can change location </li></ul></ul></ul><ul><ul><ul><li>Includes several Buffer overflow attempt definitions </li></ul></ul></ul>
  19. 19. Firewall Managed
  20. 20. Products <ul><li>Command Line Scanners </li></ul><ul><ul><li>Available for Windows and many flavors of Linux </li></ul></ul><ul><ul><li>Advantage: No install just copy and run from cmd prompt </li></ul></ul><ul><ul><li>Example used on a URI email server: </li></ul></ul><ul><ul><ul><li>uvscan --noboot --secure -rv --summary --mime <directory>. </li></ul></ul></ul><ul><ul><li>Download at: www.uri.edu/virus/tools </li></ul></ul>
  21. 21. ePo Console <ul><li>Policy Control based on IP, Workgroup, Domain, Computer Name </li></ul><ul><li>Policies </li></ul><ul><li>Note: ePo console has to be at same patch level as sever, so each major patch release requires a local patch….can not be applied automatically or remotely </li></ul><ul><li>Same applies to McAfee Firewall ref. patches </li></ul>
  22. 22. ePo Agent <ul><li>Check ePo agent http://MachineIP:8081 </li></ul>
  23. 23. Virus Scan Control
  24. 24. Firewall
  25. 25. Rouge System Detection
  26. 26. Virus Type Report
  27. 27. ePo Console To Manually make a computer check for new policy:
  28. 28. Virex ePo
  29. 29. Custom Blocking of Programs
  30. 30. Coming Soon <ul><li>NAC – Network access control </li></ul><ul><ul><li>http://www.mcafee.com/us/enterprise/products/network_access_control/index.html </li></ul></ul><ul><li>HIPS – Replace McAfee Firewall with Host Intrusion Prevention </li></ul><ul><ul><li>http://www.mcafee.com/us/local_content/datasheets/partners/ds_hips.pdf </li></ul></ul>
  31. 31. Questions <ul><li>Download Copy of Presentation: </li></ul><ul><ul><li>www.uri.edu/virus/app/mcafee.ppt </li></ul></ul>