Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
This discussion is archived
1047 Views 6 Replies Latest reply: Jan 2, 2013 9:48 AM by rackroyd RSS
brucebishtoncds Newcomer 31 posts since
Jun 12, 2012
Currently Being Moderated

Dec 27, 2012 11:38 AM

SFTP Repository

Hi All

Is it possible to use SFTP as a repository? All there seems to be available are HTTP + FTP + UNC... All these seem quite unsecure...

 

How is access from the Internet achieved?

 

Not a great deal of info on this in the manual... Im going to read some posts to see if I can work out how to do it....

 

Happy New Year

 

Bruce

  • robrow Newcomer 8 posts since
    Dec 21, 2012
    Currently Being Moderated
    1. Dec 27, 2012 12:27 PM (in response to brucebishtoncds)
    Re: SFTP Repository

    I wouls suggest reviewing the epo_460_product_guide_en-us.pdf (PD22975), pg. 91, Using local distributed repositories that are not managed. This provides a method of creating a repository which is not one of the managed types -  FTP, HTTP Server, or UNC share. Hope this helps!

     

    Message was edited by: robrow on 12/27/12 12:27:13 PM CST
  • rackroyd McAfee Mentor 953 posts since
    Feb 3, 2010
    Currently Being Moderated
    2. Jan 2, 2013 8:50 AM (in response to robrow)
    Re: SFTP Repository

    Secure ftp is not supported.

     

    Content is secured and validated using other means by the products themselves during update.

    The details of how that is achieved is not a subject for public discussion, as i'm sure you can understand

     

    The one not mentioned is the SuperAgent repository which use the Agent communication channel over SSL (port 443 by default).

    That would be the most secure as the channel is secured as well as the validation by the product which will still take place.

     

    If you are still concerned about the security of site content please reach out to McAfee Labs.

     

    Rob.

  • rackroyd McAfee Mentor 953 posts since
    Feb 3, 2010
    Currently Being Moderated
    4. Jan 2, 2013 9:25 AM (in response to brucebishtoncds)
    Re: SFTP Repository

    Hi,

     

    In that scenario personally I think  placing an Agent Handler in the DMZ would be more suitable so you can actually manage these machines as well as update although it's hard to be certain because we would need to know more detail on your exact requirements to be sure.

     

    For example if you only want them to get content updates, you might want to just leave them defaulted to get that from the McAfee sites directly, as it'll be much simpler.

     

    For Agent handlers, please review support white paper: PD22508 - ePolicy Orchestrator 4.5 Agent Handler White Paper.

    This can be accessed via the McAfee knowledge base.

     

    An SA repository is not really best suited for external use.

     

    Rgds,

     

    Rob

  • rackroyd McAfee Mentor 953 posts since
    Feb 3, 2010
    Currently Being Moderated
    6. Jan 2, 2013 9:48 AM (in response to brucebishtoncds)
    Re: SFTP Repository

    Hi,

     

    Providing internally it can reach the Agent handler in the DMZ, yes.

    It's perhaps more likely that internally a machine would reach out the ePO server first rather than a machine in the DMZ, but still that's all user-defined by Agent policy as you need.

     

    At this point it might be worth calling into McAfee support to have a 1:1 discussion with our tech guys on how to configure ePO to your best advantage. I suspect it'll be more benefical

     

    Kind Regards,

     

    Rob.

More Like This

  • Retrieving data ...

Bookmarked By (1)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points