SlideShare a Scribd company logo

Deployment websese

Download as DOCX, PDF
T
thanglx

Deployment websese

Science
1 of 39
Deployment Websense TRITON Enterprise includes Web Security Gateway Anywhere, Data Security, and Email Security Gateway Anywhere. Core Email Security Gateway Anywhere components can reside only on Websense appliances. Web Security Gateway Anywhere may be deployed on Websense appliances, dedicated Windows and Linux servers, or a combination of both. Data Security is located on Windows servers and elsewhere in the network. The TRITON management interface for Web, Email, and Data Security, resides on a separate Windows server. The following illustration is a high-level diagram of a basic V10000 G2- based deployment of TRITON Enterprise.
Remote office and off-site users You can use the hybrid Web service to provide Web security for small remote offices. This is accomplished by designating a remote office as a hybrid filtered location. See Initial configuration for more information. Either the hybrid service or Websense remote filtering software can provide Web filtering for off-site users (e.g., telecommuters or traveling personnel). To use the hybrid service, a PAC file or Websense Web Endpoint is installed on the user's machine. This directs Web browsing to be filtered through the hybrid service according to policies in place. To use remote filtering software, Remote Filtering Server is installed in your network and Remote Filtering Client is installed on user machines. See Deploying Remote Filtering Server and Client.
Data Security is a comprehensive data loss prevention (DLP) system that discovers, monitors, and protects your critical information holdings, whether that data is stored on your servers, currently in use or located in off-network endpoints. Data Security protects against data loss by quickly analyzing data and enforcing customized policies automatically, whether users are on the network or offline. Administrators manage who can send what information, where, and how. Data Security can also work as a part of Websense TRITON Enterprise to protect the whole of your enterprise. The basic components of Websense Data Security are: The Data Security Management Server Optional Data Security servers The protector Agents Endpoints The Data Security Management Server, which resides on the TRITON management server, is the core of the system, providing complete data loss prevention analysis to the network. In addition, the Data Security Management Server gathers and stores all management statistics. For load balancing purposes, analysis can be shared among a number of Data Security servers. The protector can provide added blocking capabilities to the loss-prevention system. Optionally, the protector works in tandem with the Data Security Management Server. The Data Security Management Server performs discovery (performed by Crawler) and provides advanced analysis capabilities. The protector sits in the network, intercepts and analyzes traffic, and can either monitor or block traffic as needed. The protector supports analysis of SMTP, HTTP, FTP, Generic Text and IM traffic (chat and file transfer). The protector is also an integration point for third-party solutions that support ICAP. The protector fits into your existing network with minimum configuration and necessitates no network infrastructure changes. Websense Data Security agents are also an integral part of the system. These agents are installed on the relevant servers (the ISA agent on the Microsoft ISA server, printer agent on the print server, etc.) to enable Data Security to access the data necessary to analyze the traffic from these servers. Agents, such as the Data Endpoint, enable administrators to analyze content within a user's working environment (PC, laptop, etc.) and block or monitor policy breaches. Deployment A basic deployment might have just one management server and one protector. The protector includes several agents, including SMTP, HTTP, FTP, IM, and ICAP. The servers are easily configurable to simply monitor or monitor and protect sensitive data. It is ideal for small to medium businesses with a single Internet egress point. The following illustration is a high-level diagram of a basic deployment of Data Security. Such a deployment is ideal for a smaller- to medium-sized organization with a
single Internet egress point. Note that this illustration is intended to show the general distribution of components and does not include network details (such as segmenting, internal firewalls, routing, switching, and so forth). The following illustration is a high-level diagram of a larger deployment of Data Security.
This shows the extended capabilities of Data Security incorporated into a more complex network environment. It shows an extra Data Security server and several additional agents deployed for businesses with larger transaction volumes and numbers of users. Such a deployment is suited for large organizations with multiple Internet egress points distributed over multiple geographical locations. Very large deployments can have multiple Data Security servers and protectors. For diagrams of the most common customer deployments, see Most common deployments. Before you deploy your Data Security system, it is important to analyze your existing resources and define how security should be implemented to optimally benefit your specific organization. Plan your deployment by: 1.Deciding what data to protect
2.Determining where your confidential data resides 3.Determining your information flow 4.Defining the business owners for the data 5.Deciding who will manage incidents 6.Planning access control 7.Analyzing network structure 8.Planning network resources 9.Planning a phased approach
What is McAfee Device Control? McAfee Host Data Loss Prevention software is one of the core security functions which protects enterprises from the risk associated with unauthorized transfer of data from within or outside the organization. Data loss is defined as confidential or private information leaving the enterprise as a result of unauthorized communication through channels such as applications, physical devices, or network protocols. Memory sticks are the smallest, easiest, cheapest, and least-traceable method of downloading large amounts of data, which is why they are often considered the “weapon of choice” for unauthorized data transfer. McAfee Device Control allows monitoring and controlling external device behaviour based on the device attributes rather than the content being copied. Using McAfee Device Control, devices attached to enterprise computers, such as smart phones, removable storage devices, Bluetooth devices, MP3 players, or Plug and Play devices, can be monitored, blocked, or configured to be read- only. Components of McAfee Device Control (McAfee DLP Endpoint) software is a content based agent solution that inspects enterprise users’ actions concerning sensitive content in their own work environment, their computers. McAfee DLP Endpoint software version 9.3 runs in McAfee ePolicy Orchestrator (McAfee ePO™) software, the centralized policy manager for security products and systems. Version 9.3 can be installed in ePolicy Orchestrator 4.5, 4.6, or 5.0.
Recommended Architecture The recommended installation for a simple McAfee Data Loss Prevention Endpoint implementation is on a single server together with McAfee ePolicy Orchestrator software
Installation Steps We need to presume that you have already installed the McAfee ePolicy Orchestrator software on a server which runs with Microsoft SQL Server as this is the Central Management Software which the various parts of the Endpoint Suite connect in to.  Check all pre-requisites are met for the ePolicy Orchestrator server to work with McAfee Device Control  Disable Microsoft Enhanced Security Configuration on the ePolicy Orchestrator server  Verify that Microsoft .NET Framework 3.5 SP1, 4.0, or 4.5 is installed on the ePolicy Orchestrator server.
 Verify that the ePolicy Orchestrator server name is listed under Trusted Sites in the Internet Explorer security settings.  Create and Configure Repository Folders on the ePolicy Orchestrator Server Repository folders contain information used by the McAfee DLP Endpoint software for creating policies and for reporting. Two folders and network shares must be created, and their properties and security settings must be configured appropriately. The folders do not need to be on the same computer as the McAfee DLP Endpoint Database server, but it is usually convenient to put them there.• d:dlp_resources • d:dlp_resourcesevidence • d:dlp_resourceswhitelistEvidence folder — Certain protection rules allow for storing evidence, so you must designate, in advance, a place to put it. If, for example, an email is blocked, a copy of the email is placed in the Evidence folder.Whitelist folder — Text fingerprints to be ignored by the endpoint software are placed in a whitelist repository folder. An example is standardized text such as disclaimers or copyright. McAfee DLP Endpoint software saves time by skipping these chunks of text that are known to not include sensitive content.Check Sharing and Security settings according to Page 26 of the Product Guide for McAfee Data Loss Prevention Endpoint 9.3.  Some of the installation scripts require the NETWORK SERVICE account to have write permission for the C:WindowsTemp folder. In secure systems, this folder might be locked down. In that case, you must temporarily change the permissions for this folder. Otherwise, the installation fails. McAfee recommend completing all software installations before resetting the permissions.  Right click the evidence / whitelist folder and select Properties.  Click the Sharing tab, then click Advanced sharing. Select the Share this folder option.  Modify Share name to evidence$ / whitelist$. Click OK  Click the Security tab, then click Advanced.  In the Permissions tab, deselect the Include inheritable permissions from the object’s parent option. A confirmation message explains the effect this change will have on the folder.  Click Remove. The Permissions tab in the Advanced Security Settings window shows all permissions eliminated.  Click Add to select an object type.  In the Enter the object name to select field, type Domain Computers, then click OK  The Permission Entry dialog box is displayed.  In the Allow column, select:  Create Files/Write Data and Create Folders/Append Data for the evidence folder  List Folder/Read Data for the whitelist folder  Verify that the Apply onto option says This folder, subfolders and files, then click OK. The Advanced Security Settings window now includes Domain Computers.  Click Add again to select an object type.  In the Enter the object name to select field, type Administrators, then click OK to display the Permission Entry dialog box. Set the required permissions.  Next Download McAfee Device Control 9.3 from the McAfee website and save to the D Drive of SHS-MGT-001 and unzip  This will contain the license key in a text file an the mgmt zip and an agent zip
 Install the McAfee Data Loss Prevention Endpoint extension. The default installation is a 90-day license for McAfee Device Control software. If you purchased a license for full McAfee Data Loss Prevention Endpoint software, you must upgrade the license after you complete the installation.  The McAfee DLP Endpoint software extension and the Help module are installed in ePolicy Orchestrator.  Note: McAfee DLP Endpoint software does not currently support the McAfee ePolicy Orchestrator 4.6 and 5.0 Software Manager Feature  In ePolicy Orchestrator, select Menu | Software | Extensions, then click Install Extension. Browse to the D Drive and locate the zip file called D:McAfee Device ControlMcAfeeDeviceControl93300Licensedunzipped McAfeeDeviceControl93300LicensedT AG_MGMT_9_3_300_16Signed ExtensionDLPE_Package_9_3_300_16_1.zip  Click OK. The extension is installed  The following applications are installed:  McAfee DLP Endpoint policy console (in ePolicy Orchestrator | Data Protection  McAfee DLP Monitor (in ePolicy Orchestrator | Data Protection)  DLP Event Parser  Click OK.  After doing that, you will have to use the license key that there is inside the DLP package in a .txt to activate it.  Next Initialize the McAfee DLP Endpoint policy console  Note: The wizard can be run at any time by selecting Initialization Wizard from the Tools menu in the McAfee DLP Endpoint policy console.  The McAfee DLP Endpoint Management Tools installer and McAfee DLP Endpoint policy console initialization wizard use ActiveX technology. To prevent the installer from being blocked, verify that the following are enabled in Internet Explorer  Tools | Internet Options | Security | Custom level:  Automatic prompting for ActiveX controls  Download signed ActiveX controls
 In ePolicy Orchestrator, select Menu | Data Protection | DLP Policy.  The McAfee DLP Endpoint Management Tools installer runs and, after a brief delay, the Welcome window of the DLP Management Tools Setup wizard appears.  Accept the License Agreement  Select Installation folder
 After the McAfee DLP Endpoint Management Tools installation has completed, the McAfee DLP Endpoint policy console begins loading. If you have an existing policy, you are prompted to convert it to the new format.  If no previous policy exists, the message DLP global policy is unavailable. Loading default policy appears. Click OK to continue  When the message Agent configuration is unavailable. Loading a default agent appears, click OK  You may get a box with View/Update License  Click Update  Put in the License key as per below
 Click Apply and you will get the below message. Click Yes  Click OK to close the message box, and click Close to close the Update License window, then log off ePolicy Orchestrator.  Log on to ePolicy Orchestrator to complete the upgrade.  From the Agent Configuration menu, select Edit Global Agent Configuration.  Go to the File Tracking tab and select Device Control and full content protection.  Go to the Miscellaneous tab. Only the Agent Popup service, Device Blocking, and Reporting Service modules are selected. Select the remaining modules you require to enable them and click OK  On the Toolbar, click Apply. The policy changes are applied to ePolicy Orchestrator.  In ePolicy Orchestrator, issue a wake-up call to deploy the policy change to the workstations.  When the McAfee DLP Endpoint policy console First Time Initialization wizard appears, complete the following steps:  Select the Backward Compatibility Mode
 For troubleshooting, when you need to review an easily readable version of the policy, select Generate verbose policy. For most installations, we recommend leaving these checkboxes deselected.  Select your directory access protocol: Microsoft Active Directory or OpenLDAP. When using Microsoft AD in very large organizations where search times could be excessive, select Restrict AD searches to default domain.  Configure the Agent Override Key Password EPOAdm1n!. McAfee DLP Endpoint software requires strong passwords, that is, at least 8 characters with at least one each uppercase, lower case, digit, and special character (symbol).  Browse to the Whitelist storage share, then click Next. The UNC whitelist path is required to apply the policy to ePolicy Orchestrator. Size limits are displayed, but cannot be changed in the Initialization wizard.
 Modify the agent popup service options (optional). Agent popup managed features are displayed, but cannot be changed in the Initialization wizard. Manual/automatic popup close and release code lockout policy can be set. Modify the default notification messages (optional). Select each event type in turn, and type the message in the text field. Click Next.
 Browse to the evidence storage share and click Next. The evidence storage path is required to apply the policy to ePolicy Orchestrator. Select a user account and password for copying evidence (optional). Set the required Evidence Replication option. Click Next.  Note: The Storage share will be shs-mgt-001evidence$
 Click Finish and Apply McAfee Initial Configuration  Check in the McAfee DLP Endpoint package to ePolicy Orchestrator.  Any enterprise computer with data protected by McAfee software must have the McAfee Agent installed, making it a managed computer. To add data loss protection, you must also deploy the McAfee DLP Endpoint plug in for McAfee Agent. The installation can be performed using the ePolicy Orchestrator infrastructure.  In McAfee ePolicy Orchestrator, select Menu | Software | Master Repository.  In the Master Repository, select Actions | Check In Package.  Select package type Product or Update (.ZIP), browse to ..HDLP_Agent_9_2_0_xxx.zip, then click Next.  The Check in Package page appears.  Review the details on the screen, then click Save. I have currently added this to Evaluation rather than current  The package is added to the master repository Defining and Deploying Policies
 The final stage of McAfee DLP Endpoint software installation is to define a policy, deploy McAfee DLP Endpoint agents to the managed computers, and verify the installation. (See following steps)  Follow Page 43 of the DLP Endpoint Product Guide to create a default Classification and Protection rule as per below instructions The rule described is an example of a simple rule that can be used to test the system. Create a classification rule:  In the McAfee DLP Endpoint policy console navigation pane under Content Protection, select Classification Rules.  Right-click in the Classification Rules window and select Add New | Content Classification Rule. Rename the rule Email Classification Rule.  Double-click the rule icon to modify the rule.  In step 1 of the rule creation wizard, select either of the options (ANY or ALL) then scroll down the text patterns list and select Email Address. Click Next three times, skipping to step 4.  In step 4 of the rule creation wizard, click Add New to create a new category. Name it Email Category, click OK to accept the new category, then click Finish.  Right-click the rule icon and select Enable. Create a protection rule  In the McAfee DLP Endpoint policy console navigation pane under Content Protection, select Protection Rules.  Right-click in the Protection Rules window and select Add New | Removable Storage Protection Rule.  Double-click the rule icon to modify the rule.  Click through to step 2 of the rule creation wizard and add the Email Category created when creating the classification rule in the Included column.  Click through to step 7 of the rule creation wizard. Select Monitor then click Finish.  Right-click the rule icon and select Enable.  From the Tools menu, select Run Policy Analyzer. You should receive warnings, but no errors.
 If you receive errors, they probably come from improper initialization, such as not specifying an evidence folder or override password. You can rerun the initialization from the Tools menu to correct this.  On the toolbar, click Apply. The policy is applied to McAfee ePolicy Orchestrator. Deploy McAfee DLP Endpoint Agent with ePolicy Orchestrator Before policies can be applied, McAfee DLP Endpoint must be deployed to the endpoint computers by ePolicy Orchestrator.  Create a new subgroup – System Tree > System Tree Actions > Create new subgroup  In the System Tree, select the level at which to deploy McAfee DLP Endpoint.  If you select a level under My Organization, the right-hand pane displays the available workstations. You can also deploy McAfee DLP Endpoint to individual workstations. (Need to select which Test Machines to use)  In the Name field, type a suitable name, for example, Install DLP Endpoint. Typing a description is optional.  Click the Assigned Client Tasks tab. Select Actions | New Client Task Assignment.  The Client Task Builder wizard opens.  In ePolicy Orchestrator 4.6 and 5.0, in the Product field, select McAfee Agent. In the Task Type field, select Product Deployment. Click Create New Task  In the Products and Components field, select Data Loss Prevention 9.3.0.xx. The Action field automatically resets to Install.  In ePolicy Orchestrator 4.6 and 5.0, click Save.  Change the Schedule type to Run immediately. Click Next.  Review the task summary. When you are satisfied that it is correct, click Save. The task is scheduled for the next time the McAfee Agent updates the policy. To force the installation to take place immediately, issue an agent wake-up call.  After McAfee DLP Endpoint has been deployed, restart the managed computers. Verify the installation After installing McAfee DLP Endpoint software, you should verify the installation in the McAfee DLP Monitor.  Verify the McAfee DLP Endpoint installation and apply the policy enforcement by using the cmdagent.exe /s command. See the McAfee ePolicy Orchestrator McAfee Agent documentation for more information.
 Select Menu | Data Protection | DLP Operational Events. Click an event to view the details.  Verify the McAfee DLP Endpoint client software installation from the McAfee system tray icon on the endpoint computer by selecting About. Scroll through the information for McAfee DLP Endpoint. Deploy Policies with McAfee ePolicy Orchestrator and Device Console McAfee DLP Endpoint policies contain definitions, rules, assignment groups and agent configuration. A policy is first applied (saved) to the ePolicy Orchestrator server, then assigned (deployed) to the endpoints. McAfee DLP Endpoint works with three policies:  DLPE policy  Agent configuration  Computer assignment group DLPE policy is created in the McAfee DLP Endpoint policy console; agent configuration and computer assignment group are created in ePolicy Orchestrator. Each of these policies is assigned the revision number 1 when it is created, and the number is incremented each time the policy is changed. The revision number is important for supporting troubleshooting processes, to ensure that policy changes are actually applied to the endpoint computers. It is also used when requesting an agent bypass or uninstall key. Both the McAfee DLP Endpoint policy console in ePolicy Orchestrator and the DLP Endpoint console on the client computer display the current policy revision numbers. Before applying a policy, verify that:  All settings are configured correctly.  All rules are enabled  User assignment groups (where required) are assigned to each rule.  The agent configuration and the computer assignment groups are assigned to the relevant groups and computers in the ePolicy Orchestrator Policy Catalog. The below steps are what was used to set up the current Policy to Block USB Devices based on2 Active Directory Global Groups which Allow or Deny  Log into EPO  Click on Menu > Data Protection > DLP Policy > Policy Assignment > User Assignment Groups > Add New  Click Add and add the GG-DLP-USBStorage-Allow group. Click on Exclude to exclude this group from the Block Rule  Click Add and add the GG-DLP-USBStorage-Block group. Click on Include to include this group in the Block Rule  Click on Protection Rules and put a tick in Apply on Logged on User
 Click on Protection Rules  Go to Device Management > Device Definitions  Click on Add New and give it a name Removable Storage Device Definition Block USB Devices  Double click on this and select Bus Type (USB,PCI) and put a tick here and click the Edit button
 When you click the Edit button, select the following
 Click OK  Go to Device Management > Device Rules > Click Add New  Call it Removable Storage Device Rule Block Rule  Select to include the previously created Device Definition – name Removable Storage Device Definition Block USB Devices  Click Next  Choose what actions to take. Note: It may be best to Monitor for a few weeks so you can see what devices your users are plugging in.
 Assign the rule to the Assignment User group you created
 Click Finish  Apply the System PolicyWhen a policy is completed, it must be applied to ePolicy Orchestrator. From there, it is deployed to the managed computers that enforce the policy.  In ePolicy Orchestrator, select Menu | Data Protection | DLP Policy  Verify the policy before applying it: select Tools | Run Policy Analyzer.  From the McAfee DLP Endpoint policy console File menu, select Apply to ePO. The Applying to ePO window appears.  The policy is saved to the ePolicy Orchestrator database, and an administrative event is generated. Assign a policy or agent configuration Policies applied to ePolicy Orchestrator must be assigned and deployed to managed computers in order to be used.  In ePolicy Orchestrator, click System Tree.  Locate the directory containing the computers that will be assigned a policy, and select them.  Select Actions | Agent | Wake Up Agents.  Select Agent Wake-Up Call, and set Randomization to 0 minutes. Click OK.  When the agent wake-up call is completed, you are returned to the System Tree. Reselect the computers that will be assigned a policy, and click Actions | Agent | Set Policy & Inheritance.  On the Assign Policy page, select the Product, Category, and Policy to be applied.  Click Save. What happens now if a blocked User plugs a USB Device in?
They will see the below McAfee message pop up in the bottom of the screen How do you view these events in the ePolicy Orchestrator/DLP Console?  Go to Menu > Data Protection > DLP Incident Manager . There are 2 filters set up to show any Device Plug or Unplug Event or you can simply scroll through the log. You should see any devices which have been picked up under the block policy  You can also have a look at the Threat Event Log which also shows these types of events although the DLP Incident Manager has more comprehensive information Information on Smartphones
Info on iPhones (It looks like McAfee have confirmed that we cannot allow phones to be Read Only and allow charging at the moment. Symantec have also confirmed the same) This has proved to be a tricky one. When an USB iPhone Connector is connected to USB port of Computer, the iPhone installs a set of drivers (or ITunes Software identifies the iPhone). Until and unless the Drivers can be installed or detection takes place the Phone would not be charged. IPhone also carries the HDD within it. So, when you insert the Connector, it detects the HDD as well. (You can see the iPhone HDD in the My Computer option) It is also worth reading the below article which relates to a recently reported USB Flaw which reinforces the idea that we should not be allowing people to plug mobile phones into end points. http://www.bbc.co.uk/news/technology-29475566 The only information I have found on this is the following for allowing Apple devices to charge and make them read only is below (Needs testing w/c 13/10/14) 1. Create a Removable Storage Device Definition for Apple devices using Vendor ID – 05AC for Apple. 2. Create a Removable Storage Device Rule with Actions of Monitor and Read Only. 3. Apply to Everyone and Local User Assignment Group. You cannot create a Plug and Play Device rule for Apple devices that will make them Read Only – you can only Block, Monitor and Notify User for those rules. In order for you to be able to allow your devices to charge and be RO you will need to create your rules as above because a blocking P&P rule does not allow the device to charge. If the above rule does not work for you please review your other rules – if you have other rules that “Block” and can be associated with Apple Devices then that device will be blocked as Device Control will go with the most secure rule How to create granular device rules. E.g Per Device per User OK So when we first put this in it was very generic. Users were either allowed to plug USB devices in or were not. What we were asked to do next was to block Everyone generally but then allow devices rules which were literally per device per user. The below steps show you how to do this. Create one Device rule which blocks all devices to everyone  First of all you need to monitor what devices are actually being used on your network and what have been picked up by McAfee  So as an example we monitored our infrastructure and as a result we will pick one example which a Canon EOS 450D Camera which came up in the DLP Incident Manager which you can see below  We now need to create a Device Definition for this device and also an AD User Group who will be allowed access to these which will be included in a User Assignment Group  Log into ePolicy Orchestrator and click on Menu > Data Protection > DLP Policy  Scroll down to Device Management and click on Device Definitions > Add New Removable Storage Definition Group and name it as you wish
 Click Add New again and choose Removable Storage Device Definition  I have named this Device Definition so it can easily be recognised  Double click on this rule and add as much detail into this Definition as possible to distinguish this camera based on the information in the DLP Incident Manager
 Click OK  Now go to your Removable Storage Device Definition Group and add in the Device Definition you just created
 Click OK  Next create one Device Rule which blocks all devices to everyone.  Click on Device Rules  Add New Removable Storage Device Rule  Call it something recognisable  Double click on this rule  You want to put a tick in Include for All Removal Storage Devices (Windows)  You want to put a tick in Exclude for your Removable Storage Definition Group (Windows) I’ve just shown you the Excluded tick as I can’t get both in the screenprint
 Click Next  Put a tick in Block, Monitor and Notify User
 Create a User Assignment Group for the Everyone Group and put a tick in here
 Click Finish  Next we have to create a separate device rule for each Device-User pair, include the device definition, set Reaction to Block,  Include “Everyone” and exclude that particular user to whom you want to allow the device.  First of all we need to create a new User Assignment Group which contains the Everyone Group and the Users we want to allow
 Next Click on Device Management > Device Rules Add New> Removable Storage Device Rule (supports MAC)  Call it Removable Storage Device Rule Canon EOS 450D Camera  Double click on the rule and include the Canon EOS 540D Devie Definition and click Include on your Device Definition for the Canon EOS 540D Camera
 Click Next  Choose Block, Monitor and Notify
 Click Next  Choose your User Assignment Group which says User Assignment Group Everyone and Canon EOS 540D
 Click Finish  Now you have added the 2 Device Rules which should block Everyone but the users you select from accessing a Canon EOS 540D Camera

Recommended

Symantec Messaging Gateway - Technical Proposal (General)
Symantec Messaging Gateway - Technical Proposal (General)Symantec Messaging Gateway - Technical Proposal (General)
Symantec Messaging Gateway - Technical Proposal (General)Iftikhar Ali Iqbal
 
Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015SLBdiensten
 
Mitigating Rapid Cyberattacks
Mitigating Rapid CyberattacksMitigating Rapid Cyberattacks
Mitigating Rapid CyberattacksErdem Erdogan
 
SYMANTEC ENDPOINT PROTECTION Performing Server and Database Management
SYMANTEC ENDPOINT PROTECTION Performing Server and Database ManagementSYMANTEC ENDPOINT PROTECTION Performing Server and Database Management
SYMANTEC ENDPOINT PROTECTION Performing Server and Database ManagementDsunte Wilson
 
SYMANTEC ENDPOINT PROTECTION Advanced Monitoring and Reporting
SYMANTEC ENDPOINT PROTECTION Advanced Monitoring and ReportingSYMANTEC ENDPOINT PROTECTION Advanced Monitoring and Reporting
SYMANTEC ENDPOINT PROTECTION Advanced Monitoring and ReportingDsunte Wilson
 
Icomm agentless-architecture
Icomm agentless-architectureIcomm agentless-architecture
Icomm agentless-architectureIcomm Technologies
 
Symantec Endpoint Protection 12.1 RU6 MP6
Symantec Endpoint Protection 12.1 RU6 MP6Symantec Endpoint Protection 12.1 RU6 MP6
Symantec Endpoint Protection 12.1 RU6 MP6Sarah Isaacs
 
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5AlienVault
 

Recommended

Symantec Messaging Gateway - Technical Proposal (General)
Symantec Messaging Gateway - Technical Proposal (General)Symantec Messaging Gateway - Technical Proposal (General)
Symantec Messaging Gateway - Technical Proposal (General)Iftikhar Ali Iqbal
 
Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015SLBdiensten
 
Mitigating Rapid Cyberattacks
Mitigating Rapid CyberattacksMitigating Rapid Cyberattacks
Mitigating Rapid CyberattacksErdem Erdogan
 
SYMANTEC ENDPOINT PROTECTION Performing Server and Database Management
SYMANTEC ENDPOINT PROTECTION Performing Server and Database ManagementSYMANTEC ENDPOINT PROTECTION Performing Server and Database Management
SYMANTEC ENDPOINT PROTECTION Performing Server and Database ManagementDsunte Wilson
 
SYMANTEC ENDPOINT PROTECTION Advanced Monitoring and Reporting
SYMANTEC ENDPOINT PROTECTION Advanced Monitoring and ReportingSYMANTEC ENDPOINT PROTECTION Advanced Monitoring and Reporting
SYMANTEC ENDPOINT PROTECTION Advanced Monitoring and ReportingDsunte Wilson
 
Icomm agentless-architecture
Icomm agentless-architectureIcomm agentless-architecture
Icomm agentless-architectureIcomm Technologies
 
Symantec Endpoint Protection 12.1 RU6 MP6
Symantec Endpoint Protection 12.1 RU6 MP6Symantec Endpoint Protection 12.1 RU6 MP6
Symantec Endpoint Protection 12.1 RU6 MP6Sarah Isaacs
 
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5AlienVault
 
Automating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceAutomating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceQualys
 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideAlienVault
 
Configuring Data Sources in AlienVault
Configuring Data Sources in AlienVaultConfiguring Data Sources in AlienVault
Configuring Data Sources in AlienVaultAlienVault
 
MOP Product Presentation
MOP Product PresentationMOP Product Presentation
MOP Product Presentationtswong
 
GDI Product Presentation
GDI Product PresentationGDI Product Presentation
GDI Product Presentationtswong
 
Ece seminar 20070927
Ece seminar 20070927Ece seminar 20070927
Ece seminar 20070927Todd Deshane
 
SYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection Center
SYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection CenterSYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection Center
SYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection CenterDsunte Wilson
 
HPE ArcSight RepSM Plus 1.6 Release Notes
HPE ArcSight RepSM Plus 1.6 Release NotesHPE ArcSight RepSM Plus 1.6 Release Notes
HPE ArcSight RepSM Plus 1.6 Release Notesprotect724rkeer
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
HPE ArcSight RepSM Plus Model Import Connector Config Guide
HPE ArcSight RepSM Plus Model Import Connector Config GuideHPE ArcSight RepSM Plus Model Import Connector Config Guide
HPE ArcSight RepSM Plus Model Import Connector Config Guideprotect724rkeer
 
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...Qualys
 
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsThe 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsBeyondTrust
 
0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討Timothy Chen
 
The ultimate guide to cloud computing security-Hire cloud expert
The ultimate guide to cloud computing security-Hire cloud expertThe ultimate guide to cloud computing security-Hire cloud expert
The ultimate guide to cloud computing security-Hire cloud expertChapter247 Infotech
 
Information Security Whitepaper
Information Security WhitepaperInformation Security Whitepaper
Information Security Whitepaperrun_frictionless
 
SYMANTEC ENDPOINT PROTECTION Configuring Replication and Failover and Load Ba...
SYMANTEC ENDPOINT PROTECTION Configuring Replication and Failover and Load Ba...SYMANTEC ENDPOINT PROTECTION Configuring Replication and Failover and Load Ba...
SYMANTEC ENDPOINT PROTECTION Configuring Replication and Failover and Load Ba...Dsunte Wilson
 
SCB 2013 DLP, công nghệ, và phương pháp triển khai
SCB 2013 DLP, công nghệ, và phương pháp triển khaiSCB 2013 DLP, công nghệ, và phương pháp triển khai
SCB 2013 DLP, công nghệ, và phương pháp triển khaiSecurity Bootcamp
 
The Truth About Viruses on Power Systems - Powertech
The Truth About Viruses on Power Systems - PowertechThe Truth About Viruses on Power Systems - Powertech
The Truth About Viruses on Power Systems - PowertechHelpSystems
 
cloud Resilience
cloud Resilience cloud Resilience
cloud Resilience Integral university, India
 
Network Diagram of a company ABCD Roshan basnet it 29
Network Diagram of a company ABCD Roshan basnet it 29Network Diagram of a company ABCD Roshan basnet it 29
Network Diagram of a company ABCD Roshan basnet it 29rosu555
 
10 server security hacks to secure your web servers
10 server security hacks to secure your web servers10 server security hacks to secure your web servers
10 server security hacks to secure your web serversTemok IT Services
 
How Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External AttacksHow Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External AttacksEmmanuel Oshogwe Akpeokhai
 

More Related Content

What's hot

Automating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceAutomating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceQualys
 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideAlienVault
 
Configuring Data Sources in AlienVault
Configuring Data Sources in AlienVaultConfiguring Data Sources in AlienVault
Configuring Data Sources in AlienVaultAlienVault
 
MOP Product Presentation
MOP Product PresentationMOP Product Presentation
MOP Product Presentationtswong
 
GDI Product Presentation
GDI Product PresentationGDI Product Presentation
GDI Product Presentationtswong
 
Ece seminar 20070927
Ece seminar 20070927Ece seminar 20070927
Ece seminar 20070927Todd Deshane
 
SYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection Center
SYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection CenterSYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection Center
SYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection CenterDsunte Wilson
 
HPE ArcSight RepSM Plus 1.6 Release Notes
HPE ArcSight RepSM Plus 1.6 Release NotesHPE ArcSight RepSM Plus 1.6 Release Notes
HPE ArcSight RepSM Plus 1.6 Release Notesprotect724rkeer
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
HPE ArcSight RepSM Plus Model Import Connector Config Guide
HPE ArcSight RepSM Plus Model Import Connector Config GuideHPE ArcSight RepSM Plus Model Import Connector Config Guide
HPE ArcSight RepSM Plus Model Import Connector Config Guideprotect724rkeer
 
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...Qualys
 
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsThe 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsBeyondTrust
 
0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討Timothy Chen
 
The ultimate guide to cloud computing security-Hire cloud expert
The ultimate guide to cloud computing security-Hire cloud expertThe ultimate guide to cloud computing security-Hire cloud expert
The ultimate guide to cloud computing security-Hire cloud expertChapter247 Infotech
 
Information Security Whitepaper
Information Security WhitepaperInformation Security Whitepaper
Information Security Whitepaperrun_frictionless
 
SYMANTEC ENDPOINT PROTECTION Configuring Replication and Failover and Load Ba...
SYMANTEC ENDPOINT PROTECTION Configuring Replication and Failover and Load Ba...SYMANTEC ENDPOINT PROTECTION Configuring Replication and Failover and Load Ba...
SYMANTEC ENDPOINT PROTECTION Configuring Replication and Failover and Load Ba...Dsunte Wilson
 
SCB 2013 DLP, công nghệ, và phương pháp triển khai
SCB 2013 DLP, công nghệ, và phương pháp triển khaiSCB 2013 DLP, công nghệ, và phương pháp triển khai
SCB 2013 DLP, công nghệ, và phương pháp triển khaiSecurity Bootcamp
 
The Truth About Viruses on Power Systems - Powertech
The Truth About Viruses on Power Systems - PowertechThe Truth About Viruses on Power Systems - Powertech
The Truth About Viruses on Power Systems - PowertechHelpSystems
 
Network Diagram of a company ABCD Roshan basnet it 29
Network Diagram of a company ABCD Roshan basnet it 29Network Diagram of a company ABCD Roshan basnet it 29
Network Diagram of a company ABCD Roshan basnet it 29rosu555
 

What's hot (20)

Automating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceAutomating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and Compliance
 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's Guide
 
Configuring Data Sources in AlienVault
Configuring Data Sources in AlienVaultConfiguring Data Sources in AlienVault
Configuring Data Sources in AlienVault
 
MOP Product Presentation
MOP Product PresentationMOP Product Presentation
MOP Product Presentation
 
GDI Product Presentation
GDI Product PresentationGDI Product Presentation
GDI Product Presentation
 
Ece seminar 20070927
Ece seminar 20070927Ece seminar 20070927
Ece seminar 20070927
 
SYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection Center
SYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection CenterSYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection Center
SYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection Center
 
HPE ArcSight RepSM Plus 1.6 Release Notes
HPE ArcSight RepSM Plus 1.6 Release NotesHPE ArcSight RepSM Plus 1.6 Release Notes
HPE ArcSight RepSM Plus 1.6 Release Notes
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM
 
HPE ArcSight RepSM Plus Model Import Connector Config Guide
HPE ArcSight RepSM Plus Model Import Connector Config GuideHPE ArcSight RepSM Plus Model Import Connector Config Guide
HPE ArcSight RepSM Plus Model Import Connector Config Guide
 
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
 
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsThe 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
 
0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討
 
The ultimate guide to cloud computing security-Hire cloud expert
The ultimate guide to cloud computing security-Hire cloud expertThe ultimate guide to cloud computing security-Hire cloud expert
The ultimate guide to cloud computing security-Hire cloud expert
 
Information Security Whitepaper
Information Security WhitepaperInformation Security Whitepaper
Information Security Whitepaper
 
SYMANTEC ENDPOINT PROTECTION Configuring Replication and Failover and Load Ba...
SYMANTEC ENDPOINT PROTECTION Configuring Replication and Failover and Load Ba...SYMANTEC ENDPOINT PROTECTION Configuring Replication and Failover and Load Ba...
SYMANTEC ENDPOINT PROTECTION Configuring Replication and Failover and Load Ba...
 
SCB 2013 DLP, công nghệ, và phương pháp triển khai
SCB 2013 DLP, công nghệ, và phương pháp triển khaiSCB 2013 DLP, công nghệ, và phương pháp triển khai
SCB 2013 DLP, công nghệ, và phương pháp triển khai
 
The Truth About Viruses on Power Systems - Powertech
The Truth About Viruses on Power Systems - PowertechThe Truth About Viruses on Power Systems - Powertech
The Truth About Viruses on Power Systems - Powertech
 
cloud Resilience
cloud Resilience cloud Resilience
cloud Resilience
 
Network Diagram of a company ABCD Roshan basnet it 29
Network Diagram of a company ABCD Roshan basnet it 29Network Diagram of a company ABCD Roshan basnet it 29
Network Diagram of a company ABCD Roshan basnet it 29
 

Similar to Deployment websese

10 server security hacks to secure your web servers
10 server security hacks to secure your web servers10 server security hacks to secure your web servers
10 server security hacks to secure your web serversTemok IT Services
 
How Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External AttacksHow Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External AttacksEmmanuel Oshogwe Akpeokhai
 
McAfee CDCR Case Study
McAfee CDCR Case StudyMcAfee CDCR Case Study
McAfee CDCR Case Studyjoepanora
 
Security assignment (copy)
Security assignment (copy)Security assignment (copy)
Security assignment (copy)Amare Kassa
 
Locking Down Your Data: Best Practices for Database Security
Locking Down Your Data: Best Practices for Database SecurityLocking Down Your Data: Best Practices for Database Security
Locking Down Your Data: Best Practices for Database SecurityFredReynolds2
 
Tools of noc
Tools of nocTools of noc
Tools of nocmunawarul
 
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docx
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docxWorksheet 4 LANWAN Compliance and Auditinglook on the docume.docx
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docxgriffinruthie22
 
Connect security to your business with mc afee epo software
Connect security to your business with mc afee epo softwareConnect security to your business with mc afee epo software
Connect security to your business with mc afee epo softwarewardell henley
 
Securing Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudSecuring Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudRightScale
 
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docxWeek 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docxcockekeshia
 
Architecting Secure Web Systems
Architecting Secure Web SystemsArchitecting Secure Web Systems
Architecting Secure Web SystemsInnoTech
 
Start Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesStart Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesAmazon Web Services
 
Mcafee data loss_prevention_11.6.x_product_guide_9-28-2021
Mcafee data loss_prevention_11.6.x_product_guide_9-28-2021Mcafee data loss_prevention_11.6.x_product_guide_9-28-2021
Mcafee data loss_prevention_11.6.x_product_guide_9-28-2021Chaitanya chandra sekhar
 
CSE_Instructor_Materials_Chapter7.pptx
CSE_Instructor_Materials_Chapter7.pptxCSE_Instructor_Materials_Chapter7.pptx
CSE_Instructor_Materials_Chapter7.pptxMohammad512578
 
Operations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyOperations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyAmazon Web Services
 

Similar to Deployment websese (20)

10 server security hacks to secure your web servers
10 server security hacks to secure your web servers10 server security hacks to secure your web servers
10 server security hacks to secure your web servers
 
How Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External AttacksHow Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External Attacks
 
McAfee CDCR Case Study
McAfee CDCR Case StudyMcAfee CDCR Case Study
McAfee CDCR Case Study
 
SECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESSECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKES
 
Security assignment (copy)
Security assignment (copy)Security assignment (copy)
Security assignment (copy)
 
Locking Down Your Data: Best Practices for Database Security
Locking Down Your Data: Best Practices for Database SecurityLocking Down Your Data: Best Practices for Database Security
Locking Down Your Data: Best Practices for Database Security
 
Tools of noc
Tools of nocTools of noc
Tools of noc
 
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docx
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docxWorksheet 4 LANWAN Compliance and Auditinglook on the docume.docx
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docx
 
Connect security to your business with mc afee epo software
Connect security to your business with mc afee epo softwareConnect security to your business with mc afee epo software
Connect security to your business with mc afee epo software
 
Securing Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudSecuring Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid Cloud
 
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docxWeek 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
 
Operations: Security
Operations: SecurityOperations: Security
Operations: Security
 
Architecting Secure Web Systems
Architecting Secure Web SystemsArchitecting Secure Web Systems
Architecting Secure Web Systems
 
PROJECT REPORT.docx
PROJECT REPORT.docxPROJECT REPORT.docx
PROJECT REPORT.docx
 
Windows server hardening 1
Windows server hardening 1Windows server hardening 1
Windows server hardening 1
 
Start Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesStart Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best Pratices
 
Mcafee data loss_prevention_11.6.x_product_guide_9-28-2021
Mcafee data loss_prevention_11.6.x_product_guide_9-28-2021Mcafee data loss_prevention_11.6.x_product_guide_9-28-2021
Mcafee data loss_prevention_11.6.x_product_guide_9-28-2021
 
CSE_Instructor_Materials_Chapter7.pptx
CSE_Instructor_Materials_Chapter7.pptxCSE_Instructor_Materials_Chapter7.pptx
CSE_Instructor_Materials_Chapter7.pptx
 
Unit 2.pptx
Unit 2.pptxUnit 2.pptx
Unit 2.pptx
 
Operations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyOperations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your Company
 

Recently uploaded

Botany 4th semester series (krishna).pdf
Botany 4th semester series (krishna).pdfBotany 4th semester series (krishna).pdf
Botany 4th semester series (krishna).pdfSumit Kumar yadav
 
Natural Polymer Based Nanomaterials
Natural Polymer Based NanomaterialsNatural Polymer Based Nanomaterials
Natural Polymer Based NanomaterialsAArockiyaNisha
 
Stunning ➥8448380779▻ Call Girls In Panchshil Enclave Delhi NCR
Stunning ➥8448380779▻ Call Girls In Panchshil Enclave Delhi NCRStunning ➥8448380779▻ Call Girls In Panchshil Enclave Delhi NCR
Stunning ➥8448380779▻ Call Girls In Panchshil Enclave Delhi NCRDelhi Call girls
 
Green chemistry and Sustainable development.pptx
Green chemistry and Sustainable development.pptxGreen chemistry and Sustainable development.pptx
Green chemistry and Sustainable development.pptxRajatChauhan518211
 
GBSN - Microbiology (Unit 2)
GBSN - Microbiology (Unit 2)GBSN - Microbiology (Unit 2)
GBSN - Microbiology (Unit 2)Areesha Ahmad
 
Broad bean, Lima Bean, Jack bean, Ullucus.pptx
Broad bean, Lima Bean, Jack bean, Ullucus.pptxBroad bean, Lima Bean, Jack bean, Ullucus.pptx
Broad bean, Lima Bean, Jack bean, Ullucus.pptxjana861314
 
Nightside clouds and disequilibrium chemistry on the hot Jupiter WASP-43b
Nightside clouds and disequilibrium chemistry on the hot Jupiter WASP-43bNightside clouds and disequilibrium chemistry on the hot Jupiter WASP-43b
Nightside clouds and disequilibrium chemistry on the hot Jupiter WASP-43bSérgio Sacani
 
Spermiogenesis or Spermateleosis or metamorphosis of spermatid
Spermiogenesis or Spermateleosis or metamorphosis of spermatidSpermiogenesis or Spermateleosis or metamorphosis of spermatid
Spermiogenesis or Spermateleosis or metamorphosis of spermatidSarthak Sekhar Mondal
 
GFP in rDNA Technology (Biotechnology).pptx
GFP in rDNA Technology (Biotechnology).pptxGFP in rDNA Technology (Biotechnology).pptx
GFP in rDNA Technology (Biotechnology).pptxAleenaTreesaSaji
 
Animal Communication- Auditory and Visual.pptx
Animal Communication- Auditory and Visual.pptxAnimal Communication- Auditory and Visual.pptx
Animal Communication- Auditory and Visual.pptxUmerFayaz5
 
All-domain Anomaly Resolution Office U.S. Department of Defense (U) Case: “Eg...
All-domain Anomaly Resolution Office U.S. Department of Defense (U) Case: “Eg...All-domain Anomaly Resolution Office U.S. Department of Defense (U) Case: “Eg...
All-domain Anomaly Resolution Office U.S. Department of Defense (U) Case: “Eg...Sérgio Sacani
 
Labelling Requirements and Label Claims for Dietary Supplements and Recommend...
Labelling Requirements and Label Claims for Dietary Supplements and Recommend...Labelling Requirements and Label Claims for Dietary Supplements and Recommend...
Labelling Requirements and Label Claims for Dietary Supplements and Recommend...Lokesh Kothari
 
PossibleEoarcheanRecordsoftheGeomagneticFieldPreservedintheIsuaSupracrustalBe...
PossibleEoarcheanRecordsoftheGeomagneticFieldPreservedintheIsuaSupracrustalBe...PossibleEoarcheanRecordsoftheGeomagneticFieldPreservedintheIsuaSupracrustalBe...
PossibleEoarcheanRecordsoftheGeomagneticFieldPreservedintheIsuaSupracrustalBe...Sérgio Sacani
 
SOLUBLE PATTERN RECOGNITION RECEPTORS.pptx
SOLUBLE PATTERN RECOGNITION RECEPTORS.pptxSOLUBLE PATTERN RECOGNITION RECEPTORS.pptx
SOLUBLE PATTERN RECOGNITION RECEPTORS.pptxkessiyaTpeter
 
Formation of low mass protostars and their circumstellar disks
Formation of low mass protostars and their circumstellar disksFormation of low mass protostars and their circumstellar disks
Formation of low mass protostars and their circumstellar disksSérgio Sacani
 
Chromatin Structure | EUCHROMATIN | HETEROCHROMATIN
Chromatin Structure | EUCHROMATIN | HETEROCHROMATINChromatin Structure | EUCHROMATIN | HETEROCHROMATIN
Chromatin Structure | EUCHROMATIN | HETEROCHROMATINsankalpkumarsahoo174
 
DIFFERENCE IN BACK CROSS AND TEST CROSS
DIFFERENCE IN BACK CROSS AND TEST CROSSDIFFERENCE IN BACK CROSS AND TEST CROSS
DIFFERENCE IN BACK CROSS AND TEST CROSSLeenakshiTyagi
 
Chemistry 4th semester series (krishna).pdf
Chemistry 4th semester series (krishna).pdfChemistry 4th semester series (krishna).pdf
Chemistry 4th semester series (krishna).pdfSumit Kumar yadav
 

Recently uploaded (20)

Botany 4th semester series (krishna).pdf
Botany 4th semester series (krishna).pdfBotany 4th semester series (krishna).pdf
Botany 4th semester series (krishna).pdf
 
9953056974 Young Call Girls In Mahavir enclave Indian Quality Escort service
9953056974 Young Call Girls In Mahavir enclave Indian Quality Escort service9953056974 Young Call Girls In Mahavir enclave Indian Quality Escort service
9953056974 Young Call Girls In Mahavir enclave Indian Quality Escort service
 
Natural Polymer Based Nanomaterials
Natural Polymer Based NanomaterialsNatural Polymer Based Nanomaterials
Natural Polymer Based Nanomaterials
 
Stunning ➥8448380779▻ Call Girls In Panchshil Enclave Delhi NCR
Stunning ➥8448380779▻ Call Girls In Panchshil Enclave Delhi NCRStunning ➥8448380779▻ Call Girls In Panchshil Enclave Delhi NCR
Stunning ➥8448380779▻ Call Girls In Panchshil Enclave Delhi NCR
 
Green chemistry and Sustainable development.pptx
Green chemistry and Sustainable development.pptxGreen chemistry and Sustainable development.pptx
Green chemistry and Sustainable development.pptx
 
GBSN - Microbiology (Unit 2)
GBSN - Microbiology (Unit 2)GBSN - Microbiology (Unit 2)
GBSN - Microbiology (Unit 2)
 
Broad bean, Lima Bean, Jack bean, Ullucus.pptx
Broad bean, Lima Bean, Jack bean, Ullucus.pptxBroad bean, Lima Bean, Jack bean, Ullucus.pptx
Broad bean, Lima Bean, Jack bean, Ullucus.pptx
 
Nightside clouds and disequilibrium chemistry on the hot Jupiter WASP-43b
Nightside clouds and disequilibrium chemistry on the hot Jupiter WASP-43bNightside clouds and disequilibrium chemistry on the hot Jupiter WASP-43b
Nightside clouds and disequilibrium chemistry on the hot Jupiter WASP-43b
 
Spermiogenesis or Spermateleosis or metamorphosis of spermatid
Spermiogenesis or Spermateleosis or metamorphosis of spermatidSpermiogenesis or Spermateleosis or metamorphosis of spermatid
Spermiogenesis or Spermateleosis or metamorphosis of spermatid
 
GFP in rDNA Technology (Biotechnology).pptx
GFP in rDNA Technology (Biotechnology).pptxGFP in rDNA Technology (Biotechnology).pptx
GFP in rDNA Technology (Biotechnology).pptx
 
Engler and Prantl system of classification in plant taxonomy
Engler and Prantl system of classification in plant taxonomyEngler and Prantl system of classification in plant taxonomy
Engler and Prantl system of classification in plant taxonomy
 
Animal Communication- Auditory and Visual.pptx
Animal Communication- Auditory and Visual.pptxAnimal Communication- Auditory and Visual.pptx
Animal Communication- Auditory and Visual.pptx
 
All-domain Anomaly Resolution Office U.S. Department of Defense (U) Case: “Eg...
All-domain Anomaly Resolution Office U.S. Department of Defense (U) Case: “Eg...All-domain Anomaly Resolution Office U.S. Department of Defense (U) Case: “Eg...
All-domain Anomaly Resolution Office U.S. Department of Defense (U) Case: “Eg...
 
Labelling Requirements and Label Claims for Dietary Supplements and Recommend...
Labelling Requirements and Label Claims for Dietary Supplements and Recommend...Labelling Requirements and Label Claims for Dietary Supplements and Recommend...
Labelling Requirements and Label Claims for Dietary Supplements and Recommend...
 
PossibleEoarcheanRecordsoftheGeomagneticFieldPreservedintheIsuaSupracrustalBe...
PossibleEoarcheanRecordsoftheGeomagneticFieldPreservedintheIsuaSupracrustalBe...PossibleEoarcheanRecordsoftheGeomagneticFieldPreservedintheIsuaSupracrustalBe...
PossibleEoarcheanRecordsoftheGeomagneticFieldPreservedintheIsuaSupracrustalBe...
 
SOLUBLE PATTERN RECOGNITION RECEPTORS.pptx
SOLUBLE PATTERN RECOGNITION RECEPTORS.pptxSOLUBLE PATTERN RECOGNITION RECEPTORS.pptx
SOLUBLE PATTERN RECOGNITION RECEPTORS.pptx
 
Formation of low mass protostars and their circumstellar disks
Formation of low mass protostars and their circumstellar disksFormation of low mass protostars and their circumstellar disks
Formation of low mass protostars and their circumstellar disks
 
Chromatin Structure | EUCHROMATIN | HETEROCHROMATIN
Chromatin Structure | EUCHROMATIN | HETEROCHROMATINChromatin Structure | EUCHROMATIN | HETEROCHROMATIN
Chromatin Structure | EUCHROMATIN | HETEROCHROMATIN
 
DIFFERENCE IN BACK CROSS AND TEST CROSS
DIFFERENCE IN BACK CROSS AND TEST CROSSDIFFERENCE IN BACK CROSS AND TEST CROSS
DIFFERENCE IN BACK CROSS AND TEST CROSS
 
Chemistry 4th semester series (krishna).pdf
Chemistry 4th semester series (krishna).pdfChemistry 4th semester series (krishna).pdf
Chemistry 4th semester series (krishna).pdf
 

Deployment websese

  • 1. Deployment Websense TRITON Enterprise includes Web Security Gateway Anywhere, Data Security, and Email Security Gateway Anywhere. Core Email Security Gateway Anywhere components can reside only on Websense appliances. Web Security Gateway Anywhere may be deployed on Websense appliances, dedicated Windows and Linux servers, or a combination of both. Data Security is located on Windows servers and elsewhere in the network. The TRITON management interface for Web, Email, and Data Security, resides on a separate Windows server. The following illustration is a high-level diagram of a basic V10000 G2- based deployment of TRITON Enterprise.
  • 2.
  • 3. Remote office and off-site users You can use the hybrid Web service to provide Web security for small remote offices. This is accomplished by designating a remote office as a hybrid filtered location. See Initial configuration for more information. Either the hybrid service or Websense remote filtering software can provide Web filtering for off-site users (e.g., telecommuters or traveling personnel). To use the hybrid service, a PAC file or Websense Web Endpoint is installed on the user's machine. This directs Web browsing to be filtered through the hybrid service according to policies in place. To use remote filtering software, Remote Filtering Server is installed in your network and Remote Filtering Client is installed on user machines. See Deploying Remote Filtering Server and Client.
  • 4. Data Security is a comprehensive data loss prevention (DLP) system that discovers, monitors, and protects your critical information holdings, whether that data is stored on your servers, currently in use or located in off-network endpoints. Data Security protects against data loss by quickly analyzing data and enforcing customized policies automatically, whether users are on the network or offline. Administrators manage who can send what information, where, and how. Data Security can also work as a part of Websense TRITON Enterprise to protect the whole of your enterprise. The basic components of Websense Data Security are: The Data Security Management Server Optional Data Security servers The protector Agents Endpoints The Data Security Management Server, which resides on the TRITON management server, is the core of the system, providing complete data loss prevention analysis to the network. In addition, the Data Security Management Server gathers and stores all management statistics. For load balancing purposes, analysis can be shared among a number of Data Security servers. The protector can provide added blocking capabilities to the loss-prevention system. Optionally, the protector works in tandem with the Data Security Management Server. The Data Security Management Server performs discovery (performed by Crawler) and provides advanced analysis capabilities. The protector sits in the network, intercepts and analyzes traffic, and can either monitor or block traffic as needed. The protector supports analysis of SMTP, HTTP, FTP, Generic Text and IM traffic (chat and file transfer). The protector is also an integration point for third-party solutions that support ICAP. The protector fits into your existing network with minimum configuration and necessitates no network infrastructure changes. Websense Data Security agents are also an integral part of the system. These agents are installed on the relevant servers (the ISA agent on the Microsoft ISA server, printer agent on the print server, etc.) to enable Data Security to access the data necessary to analyze the traffic from these servers. Agents, such as the Data Endpoint, enable administrators to analyze content within a user's working environment (PC, laptop, etc.) and block or monitor policy breaches. Deployment A basic deployment might have just one management server and one protector. The protector includes several agents, including SMTP, HTTP, FTP, IM, and ICAP. The servers are easily configurable to simply monitor or monitor and protect sensitive data. It is ideal for small to medium businesses with a single Internet egress point. The following illustration is a high-level diagram of a basic deployment of Data Security. Such a deployment is ideal for a smaller- to medium-sized organization with a
  • 5. single Internet egress point. Note that this illustration is intended to show the general distribution of components and does not include network details (such as segmenting, internal firewalls, routing, switching, and so forth). The following illustration is a high-level diagram of a larger deployment of Data Security.
  • 6. This shows the extended capabilities of Data Security incorporated into a more complex network environment. It shows an extra Data Security server and several additional agents deployed for businesses with larger transaction volumes and numbers of users. Such a deployment is suited for large organizations with multiple Internet egress points distributed over multiple geographical locations. Very large deployments can have multiple Data Security servers and protectors. For diagrams of the most common customer deployments, see Most common deployments. Before you deploy your Data Security system, it is important to analyze your existing resources and define how security should be implemented to optimally benefit your specific organization. Plan your deployment by: 1.Deciding what data to protect
  • 7. 2.Determining where your confidential data resides 3.Determining your information flow 4.Defining the business owners for the data 5.Deciding who will manage incidents 6.Planning access control 7.Analyzing network structure 8.Planning network resources 9.Planning a phased approach
  • 8. What is McAfee Device Control? McAfee Host Data Loss Prevention software is one of the core security functions which protects enterprises from the risk associated with unauthorized transfer of data from within or outside the organization. Data loss is defined as confidential or private information leaving the enterprise as a result of unauthorized communication through channels such as applications, physical devices, or network protocols. Memory sticks are the smallest, easiest, cheapest, and least-traceable method of downloading large amounts of data, which is why they are often considered the “weapon of choice” for unauthorized data transfer. McAfee Device Control allows monitoring and controlling external device behaviour based on the device attributes rather than the content being copied. Using McAfee Device Control, devices attached to enterprise computers, such as smart phones, removable storage devices, Bluetooth devices, MP3 players, or Plug and Play devices, can be monitored, blocked, or configured to be read- only. Components of McAfee Device Control (McAfee DLP Endpoint) software is a content based agent solution that inspects enterprise users’ actions concerning sensitive content in their own work environment, their computers. McAfee DLP Endpoint software version 9.3 runs in McAfee ePolicy Orchestrator (McAfee ePO™) software, the centralized policy manager for security products and systems. Version 9.3 can be installed in ePolicy Orchestrator 4.5, 4.6, or 5.0.
  • 9. Recommended Architecture The recommended installation for a simple McAfee Data Loss Prevention Endpoint implementation is on a single server together with McAfee ePolicy Orchestrator software
  • 10. Installation Steps We need to presume that you have already installed the McAfee ePolicy Orchestrator software on a server which runs with Microsoft SQL Server as this is the Central Management Software which the various parts of the Endpoint Suite connect in to.  Check all pre-requisites are met for the ePolicy Orchestrator server to work with McAfee Device Control  Disable Microsoft Enhanced Security Configuration on the ePolicy Orchestrator server  Verify that Microsoft .NET Framework 3.5 SP1, 4.0, or 4.5 is installed on the ePolicy Orchestrator server.
  • 11.  Verify that the ePolicy Orchestrator server name is listed under Trusted Sites in the Internet Explorer security settings.  Create and Configure Repository Folders on the ePolicy Orchestrator Server Repository folders contain information used by the McAfee DLP Endpoint software for creating policies and for reporting. Two folders and network shares must be created, and their properties and security settings must be configured appropriately. The folders do not need to be on the same computer as the McAfee DLP Endpoint Database server, but it is usually convenient to put them there.• d:dlp_resources • d:dlp_resourcesevidence • d:dlp_resourceswhitelistEvidence folder — Certain protection rules allow for storing evidence, so you must designate, in advance, a place to put it. If, for example, an email is blocked, a copy of the email is placed in the Evidence folder.Whitelist folder — Text fingerprints to be ignored by the endpoint software are placed in a whitelist repository folder. An example is standardized text such as disclaimers or copyright. McAfee DLP Endpoint software saves time by skipping these chunks of text that are known to not include sensitive content.Check Sharing and Security settings according to Page 26 of the Product Guide for McAfee Data Loss Prevention Endpoint 9.3.  Some of the installation scripts require the NETWORK SERVICE account to have write permission for the C:WindowsTemp folder. In secure systems, this folder might be locked down. In that case, you must temporarily change the permissions for this folder. Otherwise, the installation fails. McAfee recommend completing all software installations before resetting the permissions.  Right click the evidence / whitelist folder and select Properties.  Click the Sharing tab, then click Advanced sharing. Select the Share this folder option.  Modify Share name to evidence$ / whitelist$. Click OK  Click the Security tab, then click Advanced.  In the Permissions tab, deselect the Include inheritable permissions from the object’s parent option. A confirmation message explains the effect this change will have on the folder.  Click Remove. The Permissions tab in the Advanced Security Settings window shows all permissions eliminated.  Click Add to select an object type.  In the Enter the object name to select field, type Domain Computers, then click OK  The Permission Entry dialog box is displayed.  In the Allow column, select:  Create Files/Write Data and Create Folders/Append Data for the evidence folder  List Folder/Read Data for the whitelist folder  Verify that the Apply onto option says This folder, subfolders and files, then click OK. The Advanced Security Settings window now includes Domain Computers.  Click Add again to select an object type.  In the Enter the object name to select field, type Administrators, then click OK to display the Permission Entry dialog box. Set the required permissions.  Next Download McAfee Device Control 9.3 from the McAfee website and save to the D Drive of SHS-MGT-001 and unzip  This will contain the license key in a text file an the mgmt zip and an agent zip
  • 12.  Install the McAfee Data Loss Prevention Endpoint extension. The default installation is a 90-day license for McAfee Device Control software. If you purchased a license for full McAfee Data Loss Prevention Endpoint software, you must upgrade the license after you complete the installation.  The McAfee DLP Endpoint software extension and the Help module are installed in ePolicy Orchestrator.  Note: McAfee DLP Endpoint software does not currently support the McAfee ePolicy Orchestrator 4.6 and 5.0 Software Manager Feature  In ePolicy Orchestrator, select Menu | Software | Extensions, then click Install Extension. Browse to the D Drive and locate the zip file called D:McAfee Device ControlMcAfeeDeviceControl93300Licensedunzipped McAfeeDeviceControl93300LicensedT AG_MGMT_9_3_300_16Signed ExtensionDLPE_Package_9_3_300_16_1.zip  Click OK. The extension is installed  The following applications are installed:  McAfee DLP Endpoint policy console (in ePolicy Orchestrator | Data Protection  McAfee DLP Monitor (in ePolicy Orchestrator | Data Protection)  DLP Event Parser  Click OK.  After doing that, you will have to use the license key that there is inside the DLP package in a .txt to activate it.  Next Initialize the McAfee DLP Endpoint policy console  Note: The wizard can be run at any time by selecting Initialization Wizard from the Tools menu in the McAfee DLP Endpoint policy console.  The McAfee DLP Endpoint Management Tools installer and McAfee DLP Endpoint policy console initialization wizard use ActiveX technology. To prevent the installer from being blocked, verify that the following are enabled in Internet Explorer  Tools | Internet Options | Security | Custom level:  Automatic prompting for ActiveX controls  Download signed ActiveX controls
  • 13.  In ePolicy Orchestrator, select Menu | Data Protection | DLP Policy.  The McAfee DLP Endpoint Management Tools installer runs and, after a brief delay, the Welcome window of the DLP Management Tools Setup wizard appears.  Accept the License Agreement  Select Installation folder
  • 14.  After the McAfee DLP Endpoint Management Tools installation has completed, the McAfee DLP Endpoint policy console begins loading. If you have an existing policy, you are prompted to convert it to the new format.  If no previous policy exists, the message DLP global policy is unavailable. Loading default policy appears. Click OK to continue  When the message Agent configuration is unavailable. Loading a default agent appears, click OK  You may get a box with View/Update License  Click Update  Put in the License key as per below
  • 15.  Click Apply and you will get the below message. Click Yes  Click OK to close the message box, and click Close to close the Update License window, then log off ePolicy Orchestrator.  Log on to ePolicy Orchestrator to complete the upgrade.  From the Agent Configuration menu, select Edit Global Agent Configuration.  Go to the File Tracking tab and select Device Control and full content protection.  Go to the Miscellaneous tab. Only the Agent Popup service, Device Blocking, and Reporting Service modules are selected. Select the remaining modules you require to enable them and click OK  On the Toolbar, click Apply. The policy changes are applied to ePolicy Orchestrator.  In ePolicy Orchestrator, issue a wake-up call to deploy the policy change to the workstations.  When the McAfee DLP Endpoint policy console First Time Initialization wizard appears, complete the following steps:  Select the Backward Compatibility Mode
  • 16.  For troubleshooting, when you need to review an easily readable version of the policy, select Generate verbose policy. For most installations, we recommend leaving these checkboxes deselected.  Select your directory access protocol: Microsoft Active Directory or OpenLDAP. When using Microsoft AD in very large organizations where search times could be excessive, select Restrict AD searches to default domain.  Configure the Agent Override Key Password EPOAdm1n!. McAfee DLP Endpoint software requires strong passwords, that is, at least 8 characters with at least one each uppercase, lower case, digit, and special character (symbol).  Browse to the Whitelist storage share, then click Next. The UNC whitelist path is required to apply the policy to ePolicy Orchestrator. Size limits are displayed, but cannot be changed in the Initialization wizard.
  • 17.  Modify the agent popup service options (optional). Agent popup managed features are displayed, but cannot be changed in the Initialization wizard. Manual/automatic popup close and release code lockout policy can be set. Modify the default notification messages (optional). Select each event type in turn, and type the message in the text field. Click Next.
  • 18.  Browse to the evidence storage share and click Next. The evidence storage path is required to apply the policy to ePolicy Orchestrator. Select a user account and password for copying evidence (optional). Set the required Evidence Replication option. Click Next.  Note: The Storage share will be shs-mgt-001evidence$
  • 19.  Click Finish and Apply McAfee Initial Configuration  Check in the McAfee DLP Endpoint package to ePolicy Orchestrator.  Any enterprise computer with data protected by McAfee software must have the McAfee Agent installed, making it a managed computer. To add data loss protection, you must also deploy the McAfee DLP Endpoint plug in for McAfee Agent. The installation can be performed using the ePolicy Orchestrator infrastructure.  In McAfee ePolicy Orchestrator, select Menu | Software | Master Repository.  In the Master Repository, select Actions | Check In Package.  Select package type Product or Update (.ZIP), browse to ..HDLP_Agent_9_2_0_xxx.zip, then click Next.  The Check in Package page appears.  Review the details on the screen, then click Save. I have currently added this to Evaluation rather than current  The package is added to the master repository Defining and Deploying Policies
  • 20.  The final stage of McAfee DLP Endpoint software installation is to define a policy, deploy McAfee DLP Endpoint agents to the managed computers, and verify the installation. (See following steps)  Follow Page 43 of the DLP Endpoint Product Guide to create a default Classification and Protection rule as per below instructions The rule described is an example of a simple rule that can be used to test the system. Create a classification rule:  In the McAfee DLP Endpoint policy console navigation pane under Content Protection, select Classification Rules.  Right-click in the Classification Rules window and select Add New | Content Classification Rule. Rename the rule Email Classification Rule.  Double-click the rule icon to modify the rule.  In step 1 of the rule creation wizard, select either of the options (ANY or ALL) then scroll down the text patterns list and select Email Address. Click Next three times, skipping to step 4.  In step 4 of the rule creation wizard, click Add New to create a new category. Name it Email Category, click OK to accept the new category, then click Finish.  Right-click the rule icon and select Enable. Create a protection rule  In the McAfee DLP Endpoint policy console navigation pane under Content Protection, select Protection Rules.  Right-click in the Protection Rules window and select Add New | Removable Storage Protection Rule.  Double-click the rule icon to modify the rule.  Click through to step 2 of the rule creation wizard and add the Email Category created when creating the classification rule in the Included column.  Click through to step 7 of the rule creation wizard. Select Monitor then click Finish.  Right-click the rule icon and select Enable.  From the Tools menu, select Run Policy Analyzer. You should receive warnings, but no errors.
  • 21.  If you receive errors, they probably come from improper initialization, such as not specifying an evidence folder or override password. You can rerun the initialization from the Tools menu to correct this.  On the toolbar, click Apply. The policy is applied to McAfee ePolicy Orchestrator. Deploy McAfee DLP Endpoint Agent with ePolicy Orchestrator Before policies can be applied, McAfee DLP Endpoint must be deployed to the endpoint computers by ePolicy Orchestrator.  Create a new subgroup – System Tree > System Tree Actions > Create new subgroup  In the System Tree, select the level at which to deploy McAfee DLP Endpoint.  If you select a level under My Organization, the right-hand pane displays the available workstations. You can also deploy McAfee DLP Endpoint to individual workstations. (Need to select which Test Machines to use)  In the Name field, type a suitable name, for example, Install DLP Endpoint. Typing a description is optional.  Click the Assigned Client Tasks tab. Select Actions | New Client Task Assignment.  The Client Task Builder wizard opens.  In ePolicy Orchestrator 4.6 and 5.0, in the Product field, select McAfee Agent. In the Task Type field, select Product Deployment. Click Create New Task  In the Products and Components field, select Data Loss Prevention 9.3.0.xx. The Action field automatically resets to Install.  In ePolicy Orchestrator 4.6 and 5.0, click Save.  Change the Schedule type to Run immediately. Click Next.  Review the task summary. When you are satisfied that it is correct, click Save. The task is scheduled for the next time the McAfee Agent updates the policy. To force the installation to take place immediately, issue an agent wake-up call.  After McAfee DLP Endpoint has been deployed, restart the managed computers. Verify the installation After installing McAfee DLP Endpoint software, you should verify the installation in the McAfee DLP Monitor.  Verify the McAfee DLP Endpoint installation and apply the policy enforcement by using the cmdagent.exe /s command. See the McAfee ePolicy Orchestrator McAfee Agent documentation for more information.
  • 22.  Select Menu | Data Protection | DLP Operational Events. Click an event to view the details.  Verify the McAfee DLP Endpoint client software installation from the McAfee system tray icon on the endpoint computer by selecting About. Scroll through the information for McAfee DLP Endpoint. Deploy Policies with McAfee ePolicy Orchestrator and Device Console McAfee DLP Endpoint policies contain definitions, rules, assignment groups and agent configuration. A policy is first applied (saved) to the ePolicy Orchestrator server, then assigned (deployed) to the endpoints. McAfee DLP Endpoint works with three policies:  DLPE policy  Agent configuration  Computer assignment group DLPE policy is created in the McAfee DLP Endpoint policy console; agent configuration and computer assignment group are created in ePolicy Orchestrator. Each of these policies is assigned the revision number 1 when it is created, and the number is incremented each time the policy is changed. The revision number is important for supporting troubleshooting processes, to ensure that policy changes are actually applied to the endpoint computers. It is also used when requesting an agent bypass or uninstall key. Both the McAfee DLP Endpoint policy console in ePolicy Orchestrator and the DLP Endpoint console on the client computer display the current policy revision numbers. Before applying a policy, verify that:  All settings are configured correctly.  All rules are enabled  User assignment groups (where required) are assigned to each rule.  The agent configuration and the computer assignment groups are assigned to the relevant groups and computers in the ePolicy Orchestrator Policy Catalog. The below steps are what was used to set up the current Policy to Block USB Devices based on2 Active Directory Global Groups which Allow or Deny  Log into EPO  Click on Menu > Data Protection > DLP Policy > Policy Assignment > User Assignment Groups > Add New  Click Add and add the GG-DLP-USBStorage-Allow group. Click on Exclude to exclude this group from the Block Rule  Click Add and add the GG-DLP-USBStorage-Block group. Click on Include to include this group in the Block Rule  Click on Protection Rules and put a tick in Apply on Logged on User
  • 23.  Click on Protection Rules  Go to Device Management > Device Definitions  Click on Add New and give it a name Removable Storage Device Definition Block USB Devices  Double click on this and select Bus Type (USB,PCI) and put a tick here and click the Edit button
  • 24.  When you click the Edit button, select the following
  • 25.  Click OK  Go to Device Management > Device Rules > Click Add New  Call it Removable Storage Device Rule Block Rule  Select to include the previously created Device Definition – name Removable Storage Device Definition Block USB Devices  Click Next  Choose what actions to take. Note: It may be best to Monitor for a few weeks so you can see what devices your users are plugging in.
  • 26.  Assign the rule to the Assignment User group you created
  • 27.  Click Finish  Apply the System PolicyWhen a policy is completed, it must be applied to ePolicy Orchestrator. From there, it is deployed to the managed computers that enforce the policy.  In ePolicy Orchestrator, select Menu | Data Protection | DLP Policy  Verify the policy before applying it: select Tools | Run Policy Analyzer.  From the McAfee DLP Endpoint policy console File menu, select Apply to ePO. The Applying to ePO window appears.  The policy is saved to the ePolicy Orchestrator database, and an administrative event is generated. Assign a policy or agent configuration Policies applied to ePolicy Orchestrator must be assigned and deployed to managed computers in order to be used.  In ePolicy Orchestrator, click System Tree.  Locate the directory containing the computers that will be assigned a policy, and select them.  Select Actions | Agent | Wake Up Agents.  Select Agent Wake-Up Call, and set Randomization to 0 minutes. Click OK.  When the agent wake-up call is completed, you are returned to the System Tree. Reselect the computers that will be assigned a policy, and click Actions | Agent | Set Policy & Inheritance.  On the Assign Policy page, select the Product, Category, and Policy to be applied.  Click Save. What happens now if a blocked User plugs a USB Device in?
  • 28. They will see the below McAfee message pop up in the bottom of the screen How do you view these events in the ePolicy Orchestrator/DLP Console?  Go to Menu > Data Protection > DLP Incident Manager . There are 2 filters set up to show any Device Plug or Unplug Event or you can simply scroll through the log. You should see any devices which have been picked up under the block policy  You can also have a look at the Threat Event Log which also shows these types of events although the DLP Incident Manager has more comprehensive information Information on Smartphones
  • 29. Info on iPhones (It looks like McAfee have confirmed that we cannot allow phones to be Read Only and allow charging at the moment. Symantec have also confirmed the same) This has proved to be a tricky one. When an USB iPhone Connector is connected to USB port of Computer, the iPhone installs a set of drivers (or ITunes Software identifies the iPhone). Until and unless the Drivers can be installed or detection takes place the Phone would not be charged. IPhone also carries the HDD within it. So, when you insert the Connector, it detects the HDD as well. (You can see the iPhone HDD in the My Computer option) It is also worth reading the below article which relates to a recently reported USB Flaw which reinforces the idea that we should not be allowing people to plug mobile phones into end points. http://www.bbc.co.uk/news/technology-29475566 The only information I have found on this is the following for allowing Apple devices to charge and make them read only is below (Needs testing w/c 13/10/14) 1. Create a Removable Storage Device Definition for Apple devices using Vendor ID – 05AC for Apple. 2. Create a Removable Storage Device Rule with Actions of Monitor and Read Only. 3. Apply to Everyone and Local User Assignment Group. You cannot create a Plug and Play Device rule for Apple devices that will make them Read Only – you can only Block, Monitor and Notify User for those rules. In order for you to be able to allow your devices to charge and be RO you will need to create your rules as above because a blocking P&P rule does not allow the device to charge. If the above rule does not work for you please review your other rules – if you have other rules that “Block” and can be associated with Apple Devices then that device will be blocked as Device Control will go with the most secure rule How to create granular device rules. E.g Per Device per User OK So when we first put this in it was very generic. Users were either allowed to plug USB devices in or were not. What we were asked to do next was to block Everyone generally but then allow devices rules which were literally per device per user. The below steps show you how to do this. Create one Device rule which blocks all devices to everyone  First of all you need to monitor what devices are actually being used on your network and what have been picked up by McAfee  So as an example we monitored our infrastructure and as a result we will pick one example which a Canon EOS 450D Camera which came up in the DLP Incident Manager which you can see below  We now need to create a Device Definition for this device and also an AD User Group who will be allowed access to these which will be included in a User Assignment Group  Log into ePolicy Orchestrator and click on Menu > Data Protection > DLP Policy  Scroll down to Device Management and click on Device Definitions > Add New Removable Storage Definition Group and name it as you wish
  • 30.  Click Add New again and choose Removable Storage Device Definition  I have named this Device Definition so it can easily be recognised  Double click on this rule and add as much detail into this Definition as possible to distinguish this camera based on the information in the DLP Incident Manager
  • 31.  Click OK  Now go to your Removable Storage Device Definition Group and add in the Device Definition you just created
  • 32.  Click OK  Next create one Device Rule which blocks all devices to everyone.  Click on Device Rules  Add New Removable Storage Device Rule  Call it something recognisable  Double click on this rule  You want to put a tick in Include for All Removal Storage Devices (Windows)  You want to put a tick in Exclude for your Removable Storage Definition Group (Windows) I’ve just shown you the Excluded tick as I can’t get both in the screenprint
  • 33.  Click Next  Put a tick in Block, Monitor and Notify User
  • 34.  Create a User Assignment Group for the Everyone Group and put a tick in here
  • 35.  Click Finish  Next we have to create a separate device rule for each Device-User pair, include the device definition, set Reaction to Block,  Include “Everyone” and exclude that particular user to whom you want to allow the device.  First of all we need to create a new User Assignment Group which contains the Everyone Group and the Users we want to allow
  • 36.  Next Click on Device Management > Device Rules Add New> Removable Storage Device Rule (supports MAC)  Call it Removable Storage Device Rule Canon EOS 450D Camera  Double click on the rule and include the Canon EOS 540D Devie Definition and click Include on your Device Definition for the Canon EOS 540D Camera
  • 37.  Click Next  Choose Block, Monitor and Notify
  • 38.  Click Next  Choose your User Assignment Group which says User Assignment Group Everyone and Canon EOS 540D
  • 39.  Click Finish  Now you have added the 2 Device Rules which should block Everyone but the users you select from accessing a Canon EOS 540D Camera