Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1473 Views 1 Reply Latest reply: Mar 7, 2013 12:37 PM by Kary Tankink RSS
waynediesel Newcomer 39 posts since
May 4, 2012
Currently Being Moderated

Mar 7, 2013 12:21 PM

HIPS General Trusted Networks Best Practices

All -

 

I am looking for some best practices and guidance on how to setup the HIPS General Trusted Networks policy in ePO.

 

My first thoughts are to exclude the McAfee MVM scanners we have on our networks, but is it recommended to add more subnets? My concern is that if I add a subnet, I may miss an internal threat against a machine. Valid concern, or no?

 

Could I at least added known network devices, loopbacks, uplinks, IDFs, etc. to that listing?

 

Thanks in advance!

  • Kary Tankink McAfee Employee 654 posts since
    Mar 3, 2010
    Currently Being Moderated
    1. Mar 7, 2013 12:37 PM (in response to waynediesel)
    Re: HIPS General Trusted Networks Best Practices

    The Trusted Networks policy serves a few purposes.  Add IPs as needed.

     

    1. If you are using the Firewall, you can create a firewall rule and have it apply to the Trusted object.  This would ALLOW/BLOCK traffic to all the IP addresses listed in the Trusted Networks policy.  Also, you don't have to use the Trusted object, as you can either list multiple IP addresses/ranges/subnets/etc. or use a HIPS Catalog network, in the Firewall rule itself.

     

    2. If you want a blanket Network IPS exception for an IP address (like a Port Scanner, RSD sensor, MVM scanner, etc.), then add the IP address to the policy and enable Trust for IPS.

     

    3. If HIPS TrustedSource is blocking an IP address, then you can add that IP to the Trusted Networks policy as a TrustedSource exclusion.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points