McAfee M-3050 Installation guide

Brand: McAfee

Model: M-3050

Category: Servers

Type: Installation guide

This manual is also suitable for

Network Security Platform

Installation Guide

revision 5.0

McAfee®

Network Protection

Industry-leading network security solutions

McAfee® Network Security Platform

version 6.0

any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.

TRADEMARKS

ACTIVE FIREWALL, ACTIVE SECURITY, ACTIVESECURITY (AND IN KATAKANA), ACTIVESHIELD, CLEAN-UP, DESIGN (STYLIZED E), DESIGN (STYLIZED N),

ENTERCEPT, EPOLICY ORCHESTRATOR, FIRST AID, FOUNDSTONE, GROUPSHIELD, GROUPSHIELD (AND IN KATAKANA), INTRUSIVELY, INTRUSION PREVENTION

THROUGH INNOVATION, McAfee, McAfee (AND IN KATAKANA), McAfee AND DESIGN, McAfee.COM, McAfee VIRUSSCAN, NET TOOLS, NET TOOLS (AND IN KATAKANA),

NETSCAN, NETSHIELD, NUTS & BOLTS, OIL CHANGE, PRIMESUPPORT, SPAMKILLER, THREATSCAN, TOTAL VIRUS DEFENSE, VIREX, VIRUS FORUM, VIRUSCAN,

VIRUSSCAN, VIRUSSCAN (AND IN KATAKANA), WEBSCAN, WEBSHIELD, WEBSHIELD (AND IN KATAKANA) are registered trademarks or trademarks of McAfee, Inc. and/or

its affiliates in the US and/or other countries. The color red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks

herein are the sole property of their respective owners.

LICENSE AND PATENT INFORMATION

License Agreement

NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH

THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED,

PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANIES YOUR SOFTWARE PACKAGING

OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEB SITE

FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL

THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO McAfee OR THE PLACE OF PURCHASE FOR A FULL REFUND.

License Attributions

This product includes or may include:

* Software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). * Cryptographic software written by Eric A. Young and software written by

Tim J. Hudson. * Some software programs that are licensed (or sublicensed) to the user under the GNU General Public License (GPL) or other similar Free Software licenses

which, among other rights, permit the user to copy, modify and redistribute certain programs, or portions thereof, and have access to the source code. The GPL requires that for

any software covered under the GPL, which is distributed to someone in an executable binary format, that the source code also be made available to those users. For any such

software covered under the GPL, the source code is made available on this CD. If any Free Software licenses require that McAfee provide rights to use, copy or modify a software

program that are broader than the rights granted in this agreement, then such rights shall take precedence over the rights and restrictions herein. * Software originally written by

Douglas W. Sauder. * Software developed by the Apache Software Foundation (http://www.apache.org/). A copy of the license agreement for this software can be found at

California, Berkeley and its contributors. * Software developed by Ralf S. Engelschall <rse@engelschall.com> for use in the mod_ssl project (http:// www.modssl.org/). * Software

2002. See http://www.boost.org/libs/bind/bind.html

Cleary (shammah@voyager.net

contributed to Berkeley by Chris Torek.

Issued NOVEMBER 2010 / Installation Guide

700-2252-00/ 5.0 - English

Contents

Preface ........................................................................................................... v

Introducing McAfee Network Security Platform............................................................................. v

Conventions used in this book ...................................................................................................... v

Related Documentation.................................................................................................................vi

Contacting Technical Support ......................................................................................................vii

Chapter 1 About Network Security Platform.............................................. 1

Network Security Platform components ........................................................................................ 1

About McAfee Network Security Sensor ................................................................................1

Manager components ............................................................................................................4

McAfee Update Server...........................................................................................................6

Chapter 2 About Network Security Central Manager ................................ 8

Chapter 3 Preparing for the Manager installation...................................... 9

Pre-requisites ................................................................................................................................ 9

General settings .....................................................................................................................9

Other third-party applications ...............................................................................................10

Browser display settings (Windows) ....................................................................................10

Server requirements.............................................................................................................10

Manager installation with Local Service account privileges .................................................12

Client requirements ..............................................................................................................12

Java runtime engine requirements.......................................................................................12

Database requirements........................................................................................................13

Pre-installation recommendations............................................................................................... 13

Planning for installation ........................................................................................................13

Functional requirements.......................................................................................................14

Using anti-virus software with the Manager .........................................................................14

User interface responsiveness.............................................................................................15

Downloading the Manager/Central Manager executable ............................................................ 16

Chapter 4 Installing the Manager/Central Manager................................. 17

Installing the Manager ................................................................................................................. 17

Installing the Central Manager .................................................................................................... 28

Chapter 5 Starting the Manager/Central Manager ................................... 30

Accessing the Manager from a client machine............................................................................ 30

Java installation for client systems.............................................................................................. 31

Logging onto the Manager .......................................................................................................... 31

Logging onto the Central Manager.............................................................................................. 32

Authenticating Access to the Manager using CAC ..................................................................... 33

Shutting down the Manager/Central Manager services .............................................................. 35

Closing all client connections ...............................................................................................36

Shutting down using the Network Security Platform system tray icon .................................36

Shutting down using the Control Panel ................................................................................37

Chapter 6 Adding a Sensor........................................................................ 39

Before You Install Sensors.......................................................................................................... 39

Network topology considerations .........................................................................................39

Safety measures ..................................................................................................................39

Usage restrictions ................................................................................................................40

iii

Unpacking the Sensor..........................................................................................................41

Cable Specifications.................................................................................................................... 41

Network Security Platform fail-closed dongle specification..................................................42

Console port pin-outs ...........................................................................................................42

Auxiliary port pin-outs...........................................................................................................42

Response port pin-outs ........................................................................................................43

Monitoring port pin-outs .......................................................................................................44

Configuring a Sensor................................................................................................................... 45

Configuration overview.........................................................................................................45

Establish a Sensor naming scheme.....................................................................................45

Communication between the Sensor and the Manager .......................................................46

Configuring the Sensor ........................................................................................................46

Adding a Sensor to the Manager .........................................................................................48

Verifying successful configuration........................................................................................49

Changing Sensor values ......................................................................................................50

Adding a secondary Manager IP..........................................................................................51

Removing a secondary Manager IP.....................................................................................51

Device Licenses .......................................................................................................................... 52

Importing a Device License..................................................................................................52

Manually assigning a device license ....................................................................................53

Chapter 7 Configuring the Update Server................................................ 55

Specifying the Update Server authentication .............................................................................. 55

Specifying a proxy server for Internet connectivity...................................................................... 56

Manually importing a software image or signature set................................................................ 57

Downloading software updates ................................................................................................... 57

Downloading signature set updates ............................................................................................ 60

Automating updates .................................................................................................................... 62

Automating signature set downloads from the Update Server.............................................62

Automatically deploy new signature sets to your devices....................................................63

Chapter 8 Uninstalling the Manager/Central Manager ............................ 65

Uninstalling using Add/Remove Programs.................................................................................. 65

Uninstalling via script................................................................................................................... 66

Index............................................................................................................. 68

Preface

This preface provides a brief introduction to the product, discusses the information in this

document, and explains how this document is organized. It also provides information such

as, the supporting documents for this guide and how to contact McAfee Technical Support.

Introducing McAfee Network Security Platform

McAfee

Network Security Platform [formerly McAfee

Intrushield

] delivers the most

comprehensive, accurate, and scalable Network Access Control (NAC), network Intrusion

Prevention System (IPS) and Network Threat Behavior Analysis (NTBA) for mission-critical

enterprise, carrier and service provider networks, while providing unmatched protection

against spyware; known, zero-day, and encrypted attacks.

McAfee

Network Threat Behavior Analysis Appliance provides the capability of monitoring

network traffic by analyzing NetFlow information flowing through the network in real time,

thus complementing the NAC and IPS capabilities in a scenario in which McAfee Network

Security Sensor, NAC Sensor, and NTBA Appliance are installed and managed through a

single Manager.

Conventions used in this book

This document uses the following typographical conventions:

Convention Example

Terms that identify fields, buttons,

tabs, options, selections, and

commands on the User Interface

(UI) are shown in

Arial Narrow bold

font.

The

Service field on the Properties tab specifies the

name of the requested service.

Menu or action group selections

are indicated using a right angle

bracket.

Select My Company > Admin Domain > Summary.

Procedures are presented as a

series of numbered steps.

1. On the Configuration tab, click Backup.

Names of keys on the keyboard

are denoted using UPPER CASE.

Press ENTER.

Text such as syntax, key words,

and values that you must type

exactly are denoted using

Courier New font.

Type: setup and then press ENTER.

McAfee® Network Security Platform 6.0

Preface

Convention Example

Variable information that you must

type based on your specific

situation or environment is shown

in italics.

Type: Sensor-IP-address and then press

ENTER.

Parameters that you must supply

are shown enclosed in angle

brackets.

set Sensor ip <A.B.C.D>

Information that you must read

before beginning a procedure or

that alerts you to negative

consequences of certain actions,

such as loss of data is denoted

using this notation.

Caution:

Information that you must read to

prevent injury, accidents from

contact with electricity, or other

serious consequences is denoted

using this notation.

Warning:

Notes that provide related, but

non-critical, information are

denoted using this notation.

Note:

Related Documentation

The following documents and on-line help are companions to this guide. Refer to Quick

Tour for more information on these guides.

 Quick Tour

 Upgrade Guide

 Getting Started Guide

 IPS Deployment Guide

 Manager Configuration Basics Guide

 I-1200 Sensor Product Guide

 I-1400 Sensor Product Guide

 I-2700 Sensor Product Guide

 I-3000 Sensor Product Guide

 I-4000 Sensor Product Guide

 I-4010 Sensor Product Guide

 M-1250/M-1450 Sensor Product Guide

 M-1250/M-1450 Quick Start Guide

 M-2750 Sensor Product Guide

 M-2750 Quick Start Guide

 M-3050/M-4050 Sensor Product Guide

 M-3050/M-4050 Quick Start Guide

 M-6050 Sensor Product Guide

 M-6050 Quick Start Guide

McAfee® Network Security Platform 6.0

Preface

 M-8000 Sensor Product Guide

 M-8000 Quick Start Guide

 Gigabit Optical Fail-Open Bypass Kit Guide

 Gigabit Copper Fail-Open Bypass Kit Guide

 10 Gigabit Fail-Open Bypass Kit Guide

 M-8000/M-6050/M-4050/M-3050 Slide Rail Assembly Procedure

 M-2750 Slide Rail Assembly Procedure

 M-series DC Power Supply Installation Procedure

 Administrative Domain Configuration Guide

 Manager Server Configuration Guide

 CLI Guide

 Device Configuration Guide

 IPS Configuration Guide

 NAC Configuration Guide

 Integration Guide

 System Status Monitoring Guide

 Reports Guide

 Custom Attack Definitions Guide

 Central Manager Administrator's Guide

 Best Practices Guide

 Troubleshooting Guide

 Special Topics Guide—In-line Sensor Deployment

 Special Topics Guide—Sensor High Availability

 Special Topics Guide—Virtualization

 Special Topics Guide—Denial-of-Service

 NTBA Appliance Administrator's Guide

 NTBA Monitoring Guide

 NTBA Appliance T-200 Quick Start Guide

 NTBA Appliance T-500 Quick Start Guide

Contacting Technical Support

If you have any questions, contact McAfee for assistance:

Online

Contact McAfee Technical Support http://mysupport.mcafee.com.

Registered customers can obtain up-to-date documentation, technical bulletins, and quick

tips on McAfee's 24x7 comprehensive KnowledgeBase. In addition, customers can also

resolve technical issues with the online case submit, software downloads, and signature

updates.

Phone

Technical Support is available 7:00 A.M. to 5:00 P.M. PST Monday-Friday. Extended 24x7

Technical Support is available for customers with Gold or Platinum service contracts.

vii

McAfee® Network Security Platform 6.0

Preface

viii

Global phone contact numbers can be found at McAfee Contact Information

http://www.mcafee.com/us/about/cont

act/index.html page.

Note: McAfee requires that you provide your GRANT ID and the serial number of

your system when opening a ticket with Technical Support. You will be provided with

a user name and password for the online case submission.

C HAPTER 1

About Network Security Platform

McAfee

Network Security Platform [formerly McAfee

IntruShield

] is a combination of

network appliances and software built for the accurate detection and prevention of

intrusions, denial of service (DoS) attacks, distributed denial of service (DDoS) attacks,

and network misuse. Network Security Platform provides comprehensive network intrusion

detection and can block, or prevent, attacks in real time, making it truly an intrusion

prevention system (IPS).

Network Security Platform components

Network Security Platform consists of the following major components:

 McAfee

Network Security Sensor (Sensor) (on page 1)

 McAfee

Network Security Manager (Manager), with its Web-based graphical user

interface

 McAfee Update Server (on page 6

)

About McAfee Network Security Sensor

A McAfee

Network Security Sensor is a content-processing appliance built for accurate

detection and prevention of intrusions, misuse, and distributed denial of service (DDoS)

attacks. McAfee Network Security Sensor (Sensor) are specifically designed to handle

traffic at wire speed, inspect and detect intrusions with a high degree of accuracy, and

flexible enough to adapt to the security needs of any enterprise environment.

When deployed at key network access points, a Sensor provides real-time traffic

monitoring to detect malicious activity and respond to the malicious activity as configured

by the administrator.

Sensors are configured and managed using McAfee Network Security Manager

(Manager). The process of configuring a Sensor and establishing communication with the

Manager is described in later chapters of this guide. The Manager server is described in

detail in the

Getting Started Guide.

Sensor functionality

The primary function of a device is to analyze traffic on selected network segments and to

respond when an attack is detected. The device examines the header and data portion of

every network packet, looking for patterns and behavior in the network traffic that indicate

malicious activity. The device examines packets according to user-configured policies, or

rule sets, which determine what attacks to watch for, and how to respond with

countermeasures if an attack is detected.

McAfee® Network Security Platform 6.0

About Network Security Platform

If an attack is detected, a Sensor responds according to its configured policy. Sensor can

perform many types of attack responses, including generating alerts and packet logs,

resetting TCP connections, “scrubbing” malicious packets, and even blocking attack

packets entirely before they reach the intended target.

Sensor platforms

Network Security Platform offers several types of Sensor platforms providing different

bandwidth and deployment strategies.

I-series Sensors

I-4010 I-4000 I-3000 I-2700 I-1400 I-1200

10/100 Base-T

Monitoring Port

Nil Nil Nil 6 4 2

10/100/1000

Gigabit Ethernet

Monitoring Port

10/100/100

0 only with

Copper

SFP

4 12

10/100/100

0 only with

Copper

SFP

2 Nil Nil

RJ-45 Response

Port

2 2 2 3 1 1

Ports Used for

Failover

6A and 6B 2A and 2B 6A and 6B 4A Response

port

Response

port

Internal Taps Nil Nil Nil Yes Yes Yes

Fail-open Control

Ports

6 2 6 Nil Nil Nil

10/100

Management port

1 1 1 1 1 1

Console Port 1 1 1 1 1 1

Auxiliary Port 1 1 1 1 1 1

Redundant power

supply

Yes Yes Yes Yes Nil Nil

Fail-closed dongles Nil Nil Nil 6 4 2

McAfee® Network Security Platform 6.0

About Network Security Platform

M-series and N-450 Sensors

M-8000 M-6050 M-4050 M-3050 M-2750 M-1450 M-1250 N-450

10/100

Base-T

Monitoring

Port

Nil Nil Nil Nil Nil 8 built-in

10/100/1000

RJ-45 ports

8 built-in

10/100/1000

RJ-45 ports

Nil

Interface

Module

16 One

Gigabit

SFP

ports

12 Ten

Gigabit

XFP

ports

8 SFP

ports

8 XFP

ports

4 XFP

ports

8 SFP

ports

4 XFP

ports

8 SFP

ports

20 SFP

ports

20 SFP

ports

RJ-45

Response

Port

1 1 1 1 1 1 1 0

Ports Used

for failover

3A and

Note

that 4B

remains

unused.

2A 2A 10A

Note

that 10B

unused.

Note that 4B

is unused.

Note that 4B

is unused.

10A and

10B

Internal Taps Nil Nil Nil Nil Nil Yes Yes Nil

Fail-open

Control Ports

14 8 6 6 10 Nil Nil 10

Interconnect

ports

4 Ten

Gigabit

XFPs

2 RJ-45

ports

Nil Nil Nil Nil Nil Nil Nil

10/100/1000

Management

port

1 1 1 1 1 1 1 1

Console Port 2 1 1 1 1 1 1 1

Auxiliary

Port

2 1 1 1 1 1 1 1

Redundant

power

supply

Yes Yes Yes Yes Yes Nil Nil Yes

Fail-closed

dongles

Nil Nil Nil Nil Nil Nil Nil Nil

McAfee® Network Security Platform 6.0

About Network Security Platform

Each device is described in the corresponding Sensor Product Guide.

Manager components

The Manager is a term that represents the hardware and software resources that are used

to configure and manage the Network Security Platform. The Manager consists of the

following components:

 Either of the following hardware/OS server platform (on page 4

)

 Microsoft Windows Server 2003 - SP2, Standard Edition, English or Japanese

 Microsoft Windows Server 2008 - R2, Standard Edition, English or Japanese

 the Manager software (on page 4

)

 a back end database (on page 6

) to persist data (MySQL version 5.1.47)

 a connection to McAfee Update Server (on page 6)

Manager server platform

The Manager server is a dedicated Windows Server 2003 SP2 / Windows 2008 R2 system

hosting the Manager software. You can remotely access the Network Security Platform

user interface from a Windows XP or Windows 7 system using an Internet Explorer 7.0 or

8.0.

Sensors use a built-in 10/100 Management port to communicate with the Manager server.

You can connect a segment from a Sensor Management port directly to the Manager

server; however, this means you can only receive information from one Sensor (typically,

your server has only one 10/100 network port). During the Sensor configuration, you will

establish communication between your Sensor(s) and your Manager server.

Manager software

The Manager software has a Web-based user interface for configuring and managing the

Network Security Platform. Network Security Platform users connect to the Manager

server from a Windows XP system using the Internet Explorer browser program. The

Network Security Platform user interface runs with Internet Explorer versions 7.0 and 8.0.

The Manager functions are configured and managed through a GUI application, the

Network Security Platform user interface, which includes complementary interfaces for

system status, system configuration, report generation, and fault management. All

interfaces are logically parts of the Manager program.

The Manager has five components:



Manager Home. The Manager Home page is the first screen displayed after the user logs

on to the system. The Manager Home page displays Operational Status-that is,

whether all components of the system are functioning properly, the number of

unacknowledged alerts in the system, and the configuration options available to the

current user. Options available within the Manager Home page are determined by the

current user's assigned role(s). The Manager Home page is refreshed every 5

seconds by default.

 Operational Status. The Operational Status page displays the status of Manager,

database, and any deployed Sensors; including all system faults.

McAfee® Network Security Platform 6.0

About Network Security Platform

 Configure. The Configure page provides all system configuration options, and facilitates

the configuration of your devices - Sensors and NTBA Appliances, failover pairs of

Sensors, administrative domains, users, roles, Network Access Control (NAC), attack

policies and responses, user-created signatures, and system reports. Access to

various activities, such as user management, system configuration, or policy

management is based on the current user's role(s) and privileges.



Threat Analyzer. The Threat Analyzer page displays the hosts detected on your network

as well as the detected security events that violate your configured security policies.

The Threat Analyzer provides powerful drill-down capabilities to enable you to see all

of the details on a particular alert, including its type, source and destination

addresses, and packet logs where applicable.

 Reports. You can generate reports for the security events detected by the system and

reports on system configuration. Reports can be generated manually or automatically,

saved for later viewing, and/or e-mailed to specific individuals.

Other key features of Manager include:

 The

Incident Generator: The Incident Generator enables creation of attack incident

conditions, which, when met, provide real-time correlative analysis of attacks. Once

incidents are generated, view them using the Incident Viewer, which is within the Threat

Analyzer.

For more information on Manager components, see

Manager Server Configuration Guide.

 Integration with other McAfee products: You can integrate Network Security Platform

with other McAfee products to provide you with a comprehensive network security

solution.



McAfee ePolicy Orchestrator: McAfee ePolicy Orchestrator (ePO) is a scalable

platform for centralized policy management and enforcement of your system

security products such as, anti-virus, desktop firewall, and anti-spyware

applications. You can integrate McAfee Network Security Platform with ePO 4.0.

The integration enables you to query the ePO server from the Manager for viewing

details of a network host.



McAfee Host Intrusion Prevention: McAfee Host Intrusion Prevention (HIP) is a host-

based intrusion prevention system that prevents external and internal attacks on the

hosts in the network, thus protecting services and applications running on them.

Network Security Platform integrates with McAfee Host Intrusion Prevention version

7.0.



McAfee Network Access Control: Using Network Security Sensors, you can enforce

network access control (NAC) based on system health, user identity, or both. For

system-health-based NAC, the Sensors depend on McAfee Network Access

Control (McAfee NAC) for posture assessment. You need to configure ePO

configuration details at the admin domain level and then install the trust between a

Sensor and the ePO Server on which McAfee NAC is installed. This enables the

Sensor to communicate with McAfee NAC to get host details and also to notify

McAfee NAC about hosts sending unwanted traffic on the network.



McAfee Vulnerability Manager: Vulnerability assessment is an automated process of

pro-actively identifying vulnerabilities of computing systems in a network to

determine security threats in the network. Network Security Platform integrates with

McAfee Vulnerability Manager to enable import of the Vulnerability Manager scan

data into the Manager, to provide automated updating of IPS-event data relevancy.

You can also initiate a Vulnerability Manager on-demand scan of a single or group

of IP addresses directly from the Threat Analyzer console. This provides a simple

way for security administrators to access near real-time updates of host vulnerability

details, and improved focus on critical events.

McAfee® Network Security Platform 6.0

About Network Security Platform

 McAfee Artemis: Network Security Platform integrates with McAfee Artemis

technology, which is an Internet-based service that provides active malware

detection in an Internet cloud. Network Security Sensors use McAfee Artemis to

provide real-time malware detection and protection for users during file downloads

from the Internet. Network Security Platform also provides users the option to

upload Custom Fingerprints that can be used for malware detection.



McAfee Global Threat Intelligence: McAfee Global Threat Intelligence (GTI) is a global

threat correlation engine and intelligence base of global messaging and

communication behavior; including reputation, volume, trends, email, web traffic

and malware. By having McAfee Global Threat Intelligence integration, you can

report, filter, and sort hosts involved in attacks based on their network reputation

and the country of the attack origin.

For more information on all the above mentioned integration options, see

Integration Guide.

 Integration with third-party products: Network Security Platform enables the use of

multiple third-party products for analyzing faults, alerts, and generated packet logs.

 Fault/Alert forwarding and viewing: You have the option to forward all fault

management events and actions, as well as IPS alerts to a third-party application.

This enables you to integrate with third-party products that provide trouble ticketing,

messaging, or any other response tools you may wish to incorporate. Fault and/or

alert forwarding can be sent to the following ways:

- Syslog Server: forward IPS alerts and system faults

- SNMP Server (NMS): forward IPS alerts and system faults

- Java API: forward IPS alerts

- Crystal Reports: view alert data from database via email, pager, or script

 Packet log viewing: view logged packets/flows using third-party software, such as

Ethereal.

Manager database

The Manager server operates with an RDBMS (relational database management system)

for storing persistent configuration information and event data. The compatible database is

MySQL (current version 5.1.47).

The Manager server for Windows (only) includes a MySQL database that can be installed

(embedded) on the target Windows server during Manager software installation.

Your MySQL database can be tuned on-demand or by a set schedule via Manager user

interface configuration. Tuning promotes optimum performance by defragmenting split

tables, re-sorting and updating indexes, computing query optimizer statistics, and checking

and repairing tables.

To graphically administrate and view your MySQL database, you can download the

MySQL administrator from the MySQL Web site http://dev.mysql.com/downloads/gui-tools.

McAfee Update Server

For your Network Security Platform to properly detect and protect against malicious

activity, the Manager and Sensors must be frequently updated with the latest signatures

and software patches available. Thus, the Network Security Platform team constantly

researches and develops performance-enhancing software and attack-detecting

McAfee® Network Security Platform 6.0

About Network Security Platform

signatures that combat the latest in hacking, misuse, and denials of service (DoS). When a

severe-impact attack happens that cannot be detected with the current signatures, a new

signature update is developed and released. Since new vulnerabilities are discovered

regularly, signature updates are released frequently.

New signatures and patches are made available to customers via McAfee

Network

Security Update Server (Update Server). The Update Server is a McAfee owned and

operated file server that houses updated signature and software files for Managers and

Sensors in customer installations. The Update Server securely provides fully automated,

real-time signature updates without requiring any manual intervention.

Note: Communication between the Manager and the Update Server is SSL-

secured.

Configuring software and attack signature updates

You configure interaction with the Update Server using the Manager Configure > Update Server

page. You can pull updates from the Update Server on demand or you can schedule

update downloads. With scheduled downloads, the Manager polls the Update Server (over

the Internet) at the desired frequency. If an update has been posted, that update is

registered as “Available” in the Manager interface for on-demand downloaded. Once

downloaded to the Manager, you can immediately download (via an encrypted connection)

the update to deployed Sensors or deploy the update based on a Sensor update schedule

you define. Acceptance of a download is at the discretion of the administrator.

You have a total of five update options:



Automatic update to Manager, manual update from Manager to Sensors. This option enables

Manager server to receive updates automatically, but allows the administrator to

selectively apply the updates to the Sensors.

 Manual update to Manager, automatic update from Manager to Sensors. This option enables the

administrator to select updates manually, but once the update is selected, it is applied

to the Sensors automatically, without reboot.

 Fully manual update. This option allows the security administrator to determine which

signature update to apply per update, and when to push the update out to the

Sensor(s). You may wish to manually update the system when you make some

configuration change, such as updating a policy or response.



Fully automatic update. This option enables every update to pass directly from the Update

Server to the Manager, and from the Manager to the Sensor(s) without any

intervention by the security administrator. Note that fully automatic updating still

happens according to scheduled intervals.



Real-time update. This option is similar to fully automatic updating. However, rather than

wait for a scheduled interval, the update is pushed directly from Update Server to

Manager to Sensor. No device needs to be rebooted; the Sensor does not stop

monitoring traffic during the update, and the update is active as soon as it is applied to

the Sensor.

C HAPTER 2

About Network Security Central Manager

McAfee

Network Security Platform [formerly McAfee

IntruShield

] provides a centralized,

“manager of managers” capability, named McAfee

Network Security Central Manager.

McAfee Network Security Central Manager (Central Manager) allows users to create a

management hierarchy that centralizes policy creation, management, and distribution

across multiple McAfee

Network Security Managers. For example, a policy can be

created in the Central Manager and synchronized across all McAfee Network Security

Managers (Managers) added to that Central Manager. This avoids manual customization

of policy at every Manager.

The Central Manager provides you with a single sign-on mechanism to manage the

authentication of global users across all Managers. McAfee

Network Security Sensor

configuration and threat analysis tasks are performed at the Manager level.

C HAPTER 3

Preparing for the Manager installation

This section describes the McAfee

Network Security Manager (Manager) hardware and

software requirements and pre-installation tasks you should perform prior to installing the

software.

Unless explicitly stated, the information in this chapter applies to both the McAfee

Network Security Central Manager and Manager though the sections refer to Manager.

Pre-requisites

The following sections list the Manager installation and functionality requirements for your

operating system, database, and browser.

Caution: We strongly recommend that you also check the corresponding Release

Notes. If you are installing the Manager as part of an upgrade to the latest version of

Network Security Platform, refer to

Network Security Platform 6.0 Upgrade Guide.

General settings

 McAfee recommends you use a dedicated server, hardened for security, and placed

on its own subnet. This server should not be used for programs like instant messaging

or other non-secure Internet functions.

 You must have

Administrator/root privileges on your Windows server to properly install

the Manager software, as well as the installation of an embedded MySQL database

for Windows Managers during Manager installation.

 It is essential that you synchronize the time on the Manager server with the current

time. To keep time from drifting, use a timeserver. If the time is changed on the

Manager server, the Manager will lose connectivity with all McAfee

Network Security

Sensors (Sensors) and the McAfee

Network Security Update Server [formerly IPS

Update Server] because SSL is time sensitive.

 If Manager Disaster Recovery (MDR) is configured, ensure that the time difference

between the Primary and Secondary Managers is less than 60 seconds. (If the spread

between the two exceeds more than two minutes, communication with the Sensors

will be lost.

Tip: For more information about setting up a time server on Windows Server 2003

SP2, see the following Microsoft KnowledgeBase article:

http://support.microsoft.com/kb/816042

http://support.microsoft.com/kb/816042//.

Note: Once you have set your server time and installed the Manager, do not change

the time on the Manager server for any reason. Changing the time may result in

errors that could lead to loss of data.

McAfee® Network Security Platform 6.0

Preparing for the Manager installation

Other third-party applications

Install a packet log viewing program to be used in conjunction with the Threat Analyzer

interface. Your packet log viewer, also known as a protocol analyzer, must support library

packet capture (libpcap) format. This viewing program must be installed on each client you

intend to use to remotely log onto the Manager to view packet logs.

Wireshark (formerly known as Ethereal) is recommended for packet log viewing. WireShark is a

network protocol analyzer for Windows servers that enables you to examine the data

captured by your Sensors. For information on downloading and using Ethereal, go to

www.wireshark.com

. http://www.wireshark.org

Browser display settings (Windows)

 The Manager is viewed via a client browser. Only Windows XP SP2 and Windows 7

clients are supported using Internet Explorer 7.0 or 8.0.

 Set your display to 32-bit or higher by selecting

Start > Settings > Control Panel > Display >

Setting

, and configuring the “Colors” field to True Color (32bit).

 McAfee recommends setting your monitor’s “Screen Area” to

1024 x 768 pixels. This can be done by changing the display settings at:

Start > Settings > Control Panel > Display > Settings.

 When working with the Manager using Internet Explorer, your browser should check

for newer versions of stored pages. By default, Internet Explorer is set to automatically

check for newer stored page versions. To check this function, open your IE browser

and go to

Tools > Internet Options > General, click the Settings button under “Temporary

Internet files,” and under “Check for newer versions of stored pages:” select any of the

four choices except for Never. Selecting Never will cache Manager interface pages that

require frequent updating, and not refreshing these pages may lead to system errors.

Server requirements

The following are the system requirements for a Manager server running with a MySQL

database.

Component Minimum Recommended

Any one of the following:

 Windows Server 2003 Standard Edition,

SP2 (32 or 64 bit), English OS

 Windows Server 2008 R2 Standard

Edition, (64 bit), English OS

 Windows Server 2003 R2 (Standard

Edition), Japanese OS (32 or 64 bit)

 Windows Server 2008 R2 (Standard

Edition), Japanese OS (64 bit)

Note: For 64-bit, only X64 architecture is

supported.

Windows Server 2008

R2 Standard Edition,

English or Japanese OS,

(64 bit)

Memory

 2GB or higher for 32-bit

 4GB or higher for 64-bit

4GB

McAfee® Network Security Platform 6.0

Preparing for the Manager installation

Component Minimum Recommended

CPU

Server model processor such as Intel Xeon Same

Disk space

40GB 80GB disk with 8MB

memory cache

Network

100Mbps card 10/100/1000Mbps card

Monitor

32-bit color, 1024 x 768 display setting 1280 x 1024

Hosting the Manager on a VMware platform

The following are the system requirements for hosting Manager server on a VMware

platform.

Component Minimum Recommended

Any one of the following:

 Windows Server 2003 Standard Edition,

SP2 (32 or 64 bit), English OS

 Windows Server 2008 R2 Standard Edition,

(64 bit), English OS

 Windows Server 2003 R2 (Standard

Edition), Japanese OS (32 or 64 bit)

 Windows Server 2008 R2 (Standard

Edition), Japanese OS (64 bit)

Note: For 64-bit, only X64 architecture is

supported.

Same as the minimum

requirement

Memory

2GB 2GB or higher

Virtual CPUs

2 2 or more

Disk Space

40GB 80GB

The following are the system requirements for hosting Manager server on a VMware

platform such as Dell Powered Edge 1950.

Component Minimum

Virtualization software VMWare ESX Server Version 3.5.0 Update 3 Build

123630

Virtual Infrastructure

Client

Version 2.5.0 Build 19826

CPU Intel Xeon ® CPU ES 5335 @ 2.00GHz; Physical

Processors – 2; Logical Processors – 8; Processor

Speed – 2.00GHz.

Memory Physical Memory: 16GB

Internal Disks 364.25 GB

McAfee® Network Security Platform 6.0

Preparing for the Manager installation

Manager installation with Local Service account privileges

The Manager installs the following services as a Local Service:

 McAfee Network Security Manager

 McAfee Network Security Manager Database

 McAfee Network Security Manager User Interface (Apache)

Note: McAfee Network Security Manager Watchdog runs as a

Local System to

facilitate restart of the Manager in case of abrupt shutdown.

The Local Service account has fewer privileges on accessing directories and resources than

the

Local System. By default, the Manager installation directory and database directory are

granted full permission to the

Local Service account during installation or upgrade of

Manager.

Set the permissions to a

Local Service as needed in the following scenarios:

 Backup directory location: If the backup directory was different from the Network

Security Manager installed directory before upgrade to the current release, full

permission on these directories for a

Local Service should be granted.

 Notification script execution: If a user uses a script that accesses directories or

resources located in directories other than in Network Security Manager installed

directories for notifications like alerts, faults etc.,full permission on these directories for

Local Service should be granted.

 Database configuration: If a user has a MySQL database configured for using a

directory for temporary files other than the one provided during installation, then those

directories should be given full permissions for a Local Service.

Client requirements

The following are the system requirements for client systems connecting to the Manager

application.

Component Minimum

OS Any one of the following:

 Windows XP (Standard Edition) SP2

 Windows 7

Memory 1GB. Recommended is 2GB.

Browser Internet Explorer (IE) 7.0 or 8.0 (only 32 bit IE is supported)

Monitor 32-bit color, 1024x768 display

Java runtime engine requirements

When you first log onto the Manager, a version of JRE is automatically installed on the

client machine (if it is not already installed). This version of the JRE software is required for

operation of various components within Manager including the Threat Analyzer and the

Custom Attack Editor.

Page is loading ...

McAfee M-3050 Installation guide

Brand: McAfee

Model: M-3050

Category: Servers

Type: Installation guide

This manual is also suitable for

Network Security Platform

Download PDF

report

McAfee M-3050 Installation guide

This manual is also suitable for

McAfee M-3050 Installation guide

Related papers

Other documents