1 Reply Latest reply: Sep 23, 2013 7:40 AM by kubaros RSS

    what is the most secure Policy for NSP 7.5 !!

    Tuan Doan

      I got a PoC plan for my customer . This is Enterprise Company, Infrastucture is medium with 1000 user . They got firewall ASA, PaloAlto , using VPN connection for user, Got Mail Exchange system, Got Virtualization Server, Got ERP system.

      when deploying at default IDS inline between firewall PaloAlto & Core Switch,  NSP just saw some attacks like botnet, reconnaissance, P2P application like report which i attacked.

       

      report-trungnguyen.png

       

      Sothat ,  My Customer asked me , what is most secure Policy for their system. Until now, i have configured Default All inclusive with audit Policy for them .

      This is my first time PoC IPS Mcafee,  anyone got experience please help me , give me some advices.

      Thank a lot.

        • 1. Re: what is the most secure Policy for NSP 7.5 !!
          kubaros

          hi there,

           

          if you have a mcafee partner account you can download a poc guide which can help. Also, you can install a virtual ntba app which helps a lot for malware, bot detection. if you can, use an M-Series sensor so you can have more abilities. Additionaly, do not forget to enable http response scanning, advance botnet detection, layer7 data collection etc. Lastly, there is a McAfee Logon Collector for user awareness in threats. also there is integration with gti, epo, vulnerability manager etc. You have a lot to consider before a poc Good luck!