cancel
Showing results for 
Search instead for 
Did you mean: 
jezzaf
Level 7

How to test trusted Networks

I am looking for a solution to test my trusted networks in HIPs. Or it could be my understanding of the way it works and I need an explaination. First of all if I am on a workstation with HIPS and Trusted networks setup should I be able to access \\servername  a share on a non trusted network, ie one not in the list, also if I do a port scan to a workstation  from a non trusted workstation all the package should all the packets be dropped straight away

0 Kudos
6 Replies
McAfee Employee

Re: How to test trusted Networks

Trusted Networks serves two functions:

  1. If a Firewall rule's Remote address is set to "Trusted Networks", then that firewall rule applies to all the IP addresses included in the Trusted Networks policy.
  2. Network IPS exceptions - IP addresses are added to the Trusted Networks policy and the option "Mark as Trusted for Network IPS" is selected.  These addresses can no longer trigger any of the Network IPS signatures.

Message was edited by: Kary Tankink on 10/21/10 4:12:08 PM CDT
0 Kudos
jezzaf
Level 7

Re: How to test trusted Networks

Thanks for the reply still a little confused, I have setup trusted networks to six individual servers created a rule called Trusted in firewall policies and its set for allow; so with allow I assume that means the client will only trust those machines, but it doesn’t appear to work, as I can still see the shares on a machine with HIPs  from a non trusted machine.

I appreciate that there is delay from making a change on the server to seeing the change on the client , have I setup the trusts correctly ?

Also does the stateful firewall from a HIP hosted client allow you access a non trusted machine ?.

0 Kudos
McAfee Employee

Re: How to test trusted Networks

With that "Trusted Network Rule" firewall rule, yes, you are allowing all traffic in/out to any IP addresses that are listed in the Trusted Networks policy.  You might still have other firewall rules that allow traffic (particular NETBIOS) for other systems.  As a test, you could put a DENY ALL firewall rule right below this "Trusted Network Rule" firewall rule so you can see that the only traffic allowed is the Trusted Networks traffic.

As with any test, only configure this on a single system and separate policy, so as to not affect your entire environment.

Also does the stateful firewall from a HIP hosted client allow you access a non trusted machine ?. 

This depends on how you write your firewall rules.  You are in control of what network traffic is allowed in/out of the system.

0 Kudos
allamiro
Level 9

Re: How to test trusted Networks

Question :

if you set your IP on trusted network policy do you have to add a rule also to the firewall policy to allow it ? for example a volunerability scanner ?

0 Kudos
McAfee Employee

Re: How to test trusted Networks

Yes.  Adding IPs to the Trusted Networks policy does nothing just by itself.  For Firewall, you must create a rule that uses the "Trusted Network" as the remote address.  The firewall rule will then block/allow all traffic according to the list of IPs in the "Trusted Network" policy

For vulnerability scanners, you would need to enable the "Trusted for Network IPS".  This will keep the scanner's IP address from triggering any of the Network IPS signatures (including the TCP/UDP Port Scan signatures).

0 Kudos
allamiro
Level 9

Re: How to test trusted Networks

Can you create an exceptions and create a policy from the clients that managed by the ePO server for HIPS firewall rule   using the learn mode and using the McAfee icon on the clients ?

0 Kudos