Content

McAfee Host Based Intrusion Protection System (Host IPS) Essentials

McAfee Product Education

Get in-depth training through a structured approach on how to better prevent attacks with McAfee® Host Intrusion Prevention, the only solution that preserves your desktops and servers with signature and behavioral protection and a system firewall. This two-day, instructor-led course uses a carefully balanced combination of classroom sessions and lab work to teach you how to deploy and configure McAfee Host IPS. You’ll benefit from proven strategies for effective management of your intrusion prevention solution.

Tab Navigation

Course Details

Course Code

TRN-HIP-101-TCL

Duration

2 days

Objectives

  • Install, configure, and deploy McAfee Host Intrusion Prevention
  • Recognize the value of host IPS solutions versus intrusion detection solutions
  • Create Host IPS, firewall, and application blocking policies
  • Create exceptions to allow essential processes to continue uninterrupted
  • Create trusted applications and networks
  • Perform security maintenance operations, administration tasks, and troubleshooting

 

Prerequisites

n/a

Course Agenda

Day 1

Overview

 

Information Security Overview

  • Information threats
  • Hacking techniques
  • Buffer overflow
  • Denial of Service (DoS)
  • Network level security
  • Host level security
  • Intrusion detection
  • Intrusion prevention
  • Host IPS architecture

McAfee HIPS installation and configuration

  • Introduction to McAfee Host IPS
  • Installation of the Host IPS server and client
    • Lab: Server configuration
    • Lab: CMA upgrade
    • Lab: Installing Host IPS server
    • Lab: Deploying the Host IPS client
    • Lab: Desktop firewall migration
  • Using McAfee® ePolicy Orchestrator® (ePO™)
    • Lab: Host IPS policy overview
    • Lab: Adding sites to ePO
    • Lab: Creating and assigning policy
    • Lab: Creating user accounts
    • Lab: Assigning policy ownership
  • General policies 
    • Lab: Configuring basic client UI policy
    • Lab: Advanced options for client UI policy
    • Lab: Creating a trusted network
    • Lab: Creating a trusted application
  • McAfee Host IPS Policies
    • Lab: Enabling host and network IPS
    • Lab: Creating IPS policy
    • Lab: Testing a new policy
    • Lab: Creating an exception
    • Lab: Testing a new exception
    • Lab: Creating network IPS policy
    • Lab: Using adaptive mode IPS\policy
    • Lab: Creating a new policy and assigning it to a site
    • Lab: Creating a protected application policy
  • Firewall policies
    • Lab: Testing the firewall policies
    • Lab: Configuring learn mode
    • Lab: Configure adaptive mode
    • Lab: Creating firewall policies and rules
    • Lab: Configuring the connection-aware rules
    • Lab: Configuring the quarantine mode
    • Lab: Configuring quarantine rules

Day 2

Overview

 

Host IPS tuning, maintenance, and troubleshooting

  • Application-blocking policies
    • Lab: Application-blocking options
    • Lab: Configuring learn mode for application blocking
    • Lab: Configuring application-blocking rules
  • McAfee Host IPS client
  • Maintenance
    • Lab: Configuring notifications
    • Lab: Configuring SMTP server and test notifications
    • Lab: Reporting
    • Lab: Updating the clients
  • Policy tuning
  • Troubleshooting

Deployment considerations

  • Environment
  • Network connectivity
  • Console location
  • Agent considerations
  • Testing environment
  • Rollout methodology
  • False positive tendencies
  • Baselining
  • Fine tuning
  • Creating exceptions
  • Server maintenance

Schedule and Registration

Course registration and schedule