cancel
Showing results for 
Search instead for 
Did you mean: 
ppoi
Level 7

How to use a different policies for users outside the corporate network?

Jump to solution

Hey guys, I'm new with McAfee products and I want some help with this topic, please.

My customer has a HIPS 8.0 implemented in its environment, which is composed by almost 5,000 desktops and laptops.

Nowadays they are using the Basic Protection for their whole environment, however the customer asked us to use different policies for devices that are outside the corporate network.

Basically, when a laptop is inside the corporate network, the Basic Protection from HIPS is applied to it. However, if the desktop is outside the company, the Enhanced Protection is applied instead.

I've seen that this is possible based on the datasheet offered by McAfee (attached), and its known as Customized Security Control: http://www.mcafee.com/us/products/host-ips-for-desktop.aspx

I've seached in the product documentation and in the KC for hours, however I didn't find anything, please, anyone can help me out?

Thank you very much,

Paulo Poi

1 Solution

Accepted Solutions
McAfee Employee

Re: How to use a different policies for users outside the corporate network?

Jump to solution

I would suggest contacting the ePO server community for tagging-related questions (I haven't used them that much myself), but I believe you would have to remove the INTERNAL tag and apply the EXTERNAL tag.

4 Replies
McAfee Employee

Re: How to use a different policies for users outside the corporate network?

Jump to solution

This is not possible in the HIPS product itself (for IPS), as the IPS functionality has no "location awareness".  It might be possible with ePO tagging and (external) Agent Handlers though (i.e., if the agent reports with an internal IP address, tag it with "Basic Protection"; if not, tag it with "Enhanced Protection").

The HIPS Firewall does have Location Aware Groups, which can apply Firewall rules based on network "locations" that you identify (allow all traffic when you're on the internal network; limited allow traffic when not). 

See page 55 of: PD22894 - Host Intrusion Prevention 8.0 for ePO 4.5 Product Guide.

ppoi
Level 7

Re: How to use a different policies for users outside the corporate network?

Jump to solution

Thank you very much! That is amazing man!

This helps me a lot! I am now creating the Tags and Policy Assignment Rules based on the Tags as you mentioned. However I have another doubt.

I created a Tag using the TAG Catalog, and I realize that it applies the Tags in the systems that it matches.

Today, if a system is inside the network, it will receive the TAG "Internal" and then a Basic Policy will be implemented.

However, what does happen if the same system will be outside the network? It wil lose its Internal Tag?

I need to do this for the system identify when the laptop is outside the company.

PS.: I'll keep searching and I will analyze what you said about Agent Handlers to see if it helps me too.

0 Kudos
McAfee Employee

Re: How to use a different policies for users outside the corporate network?

Jump to solution

I would suggest contacting the ePO server community for tagging-related questions (I haven't used them that much myself), but I believe you would have to remove the INTERNAL tag and apply the EXTERNAL tag.

ppoi
Level 7

Re: How to use a different policies for users outside the corporate network?

Jump to solution

Thank you very much! I will try doing what you suggested me, however it helps me a lot (I think that this will work just fine).

0 Kudos