McAfee Policy Enforcer 2.0

Course Details

Course Code

TRN-MPE-101-TCL

Duration

4 days

Objectives

• Install and configure McAfee Policy Enforcer 2.0
• Architecture of MPE 2.0
• How to install Cisco® NAC version 2
• How to configure and demonstrate MPE and NAC integration
• Troubleshoot the basics of MPE 2.0
• Plan the deployment of MPE 2.0
• Understand the system architecture of MPE 2.0
• Understand and deploy the sensor
• Understand topology discovery and mappings
• Define compliance polices
• Understand and configure network access
• How to configure policy enforcement
• Understand and deploy the scanner
• Understand VPN technologies
• Understand the remediation portal.
• Install and customize the remediation portalHow to view historical data

Prerequisites

n/a

Course Agenda

Day 1

Overview

 

McAfee® Policy Enforcer overview

• Feature and highlights
• MPE components
• Phases of MPE enforcement
• MPE server
• MPE sensor
• Remediation portal
• Enforcement

Security risk management with McAfee® ePolicy Orchestrator®

• The four stages of risk management
• Feature management and product management
• Components, architecture, and communication

Installation of ePO review

• Deployment options
• Server and database sizing
• Upgrade paths to ePO 3.6
• The installation process
• The ePO console and interface
• Lab: Installing ePO 3.6.1
• Lab: Accessing the ePO console

Planning the MPE deployment

• Hardware and software requirements
• Rights required for installation
• Installation methods and options
• Rogue system detection
• Compliance audit of managed computers
• Local compliance enforcement of managed computers
• Compliance audit of unmanaged systems
• Remote compliance enforcement of unmanaged system on the LAN
• Compliance audit of VPN-connected computers
• VPN compliance enforcement of managed computers
• Planning decisions: Where to deploy sensors and scanners
• DHCP detection
• What to do with exiting rogue system sensors
• Recommendations for sensor host computers
• Placement of discovery and enforcement sensors
• Working with management networks and ACLs
• Scanner mode and placement
• Lab: Installing MPE 2.0 and the remediation portal
• Lab: MPE graphical user interface

MPE switch technology

• Coordinating with network skill set
• Hubs on the network
• Switched network
• VLANs
• SNMP managed switches and routers

Introduction to the Cisco IOS

• Overview
• Commands
• Lab: Cisco switch setup

Day 2

Overview

 

Understanding the System Architecture

• MPE components
• Server architecture
• Server database
• Server messaging
• Sensor components
• Sensor objects
• Sensor startup
• Virtual sensors
• Sensor operation
• Host detection
• Topology mapping and discovery
• Using SNMP when CDP is not present
• Collected data
• Sensor installation command line options
• Lab: Sensor deployment and configuration
• Lab: Topology discovery

Creating the directory and defining compliance policies

• Directory organization methods
• Creating the directory structure
• What is the compliance policy?
• Checks
• Rules
• Rule sets
• Setting compliance policies for LAN and VPN
• How the compliance policy is evaluated
• Evaluation of checks with subcategories
• Evaluation of checks without subcategories
• Evaluation of multiple rules with checks from the same check category
• Exception systems
• Trusted systems
• Enforcement modes
• Network access modes
• Lab: Policy enforcement
• Lab: Creating a virus detection rule
• Lab: Creating an Microsoft® Internet Explorer patch rule
• Lab: Creating application rules
• Lab: Creating your own rule
• Lab: Creating a rule that does not quarantine a machine
• Lab: Configuring trusted machines

Day 3

Overview

 

Discovery and mapping of network topology data

• Discovery
• How topology discovery starts
• Understanding how topology discovery continues
• When does the network topology discovery run
• Configuring the discovery and enforcement policies
•  When is topology mapping used
• Lab: Configuring topology discovery

Changing network access

• Access modes
• Manually setting network access mode on systems
• Manually setting network access mode on switch ports
• Automatically dropping unmanaged systems from the network
• Automatically quarantining unmanaged systems
• Sending notifications of quarantined and dropped systems
• Lab: Manually changing switch port access mode
• Lab: Manually changing network access mode
• Lab: Automatically setting network access mode
• Lab: Configuring notifications

Understanding the scanner

• Scanner components
• JCS scans
• JCE API
• Third-party software
• When new compliance rules are used
• When a scanner will receive the updated policy
• How LAN discovery and enforcement works
• How VPN discovery and enforcement works
• Lab: Scanner configuration
• Lab: Enabling a remote scan
• Lab: Starting a remote scan
• Lab: Disabling continuous compliance scanning
• Lab: Uninstalling scanners
• Lab Uninstalling scanners

Day 4

Overview

 

Understanding VPN technologies

• VPN compliance policy
• VPN technology and vendors
• Lab: Creating a virus detection rule
• Lab: Creating an Internet Explorer patch rule
• Lab: Creating application rules
• Lab: Creating your own rule
• Lab: Creating a rule that does not quarantine a machine

Understanding the remediation portal

• Remediation portal plans
• The remediation methods
• How to automatically redirect traffic
• Setting up DNS redirection
• Lab: Installing and customizing the remediation portal

Reports

• Accessing the ePO database
• Authentication restrictions
• Database options
• Directory filtering
• Event filtering
• Reports types and the report interface
• Infection and coverage reports
• Report drilldown
• Customizing reports and saving settings
• Query types and examining queries
• Running a query
• Lab: Running ePO reports and queries
• Lab: Viewing MPE reports

Schedule and Registration

Course registration and schedule