background image

TP000030C00

Summary of Contents for Data Loss Prevention 9.2.1

Page 1: ...Installation Guide Revision C McAfee Data Loss Prevention 9 2 1 For use with ePolicy Orchestrator 4 5 0 and 4 6 0 Software...

Page 2: ...laimed as the property of others LICENSE INFORMATION License Agreement NOTICE TO ALL USERS CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED WHICH SETS FORTH TH...

Page 3: ...n installation to another McAfee DLP product 20 Restoring the drives 21 3 Installing or upgrading software on 1650 and 3650 appliances 23 Download the 1650 or 3650 archive 23 Install a fresh image on...

Page 4: ...5 Uninstall McAfee DLP Endpoint 66 6 Integrating McAfee DLP Endpoint into a unified policy system 67 Setting up Unified DLP on ePolicy Orchestrator 68 Install the network extension 68 Install the UDLP...

Page 5: ...his guide and how the guide is organized Audience McAfee documentation is carefully researched and written for the target audience The information in this guide is intended primarily for Administrator...

Page 6: ...ased information about the product is entered into the McAfee online KnowledgeBase Task 1 Go to the McAfee Technical Support ServicePortal at http mysupport mcafee com 2 Under Self Service access the...

Page 7: ...your protection strategy After you complete setup of all of the appliances go to the System tab on McAfee DLP Manager to add the products to be managed and the servers needed to complete the system F...

Page 8: ...server Primary DNS server 2 Devise a protection strategy by evaluating the type of information you need to protect Your objectives will determine which policies you activate 3 Determine who will be t...

Page 9: ...ernet port 3 Capture port 1 Figure 1 2 Model 3650 appliance port configuration 1 Ethernet port 0 2 Ethernet port 1 Management port 3 Ethernet port 2 Capture port 0 4 Ethernet port 3 Capture port 1 Fig...

Page 10: ...be completed only on the McAfee DLP Manager appliance 8 Click Submit then Exit Wizard When this step is complete the appliance will have a new IP address and will be integrated into the network Resta...

Page 11: ...Monitor McAfee DLP Monitor must be physically integrated into the network so it can capture traffic There are two integration modes use of a mirror SPAN port on a LAN switch or placement of a network...

Page 12: ...rt configuration 3 Using interface show commands on the switch verify that traffic is being received on the switch port to which McAfee DLP Monitor is connected 4 Save the configuration on the switch...

Page 13: ...res physical disconnection and reconnection of network cables so it disrupts traffic A service window is required With this configuration full traffic capture is done even under heavy load conditions...

Page 14: ...switch Complete the setup Add the NTP server to sync McAfee DLP Manager to the network Task 1 Open a web browser and enter the assigned IP address in the address bar to restart McAfee DLP Manager 2 Cl...

Page 15: ...d the 4400 archive To prepare for installation on the 4400 download the software from the Service Portal Before you begin Locate the grant number you received after purchasing the product McAfee DLP M...

Page 16: ...the operating system of the appliance During the upgrade process the configuration data in the data directory and the kernel boot loader information in the boot directory are copied over to the new i...

Page 17: ...rs stating which image will boot next 4 Restart the system Install a fresh image on 4400 appliances To install a fresh image install on both primary and secondary disks Before you begin Download the p...

Page 18: ...ensures that the original image can still be accessed after the upgrade is complete The system automatically boots from the latest image Before you begin Download the product archive and copy it to th...

Page 19: ...C data install 7 Go to the data install directory cd data install 8 Run the installation script Before you type the command run pwd to establish that you are in the correct product directory You must...

Page 20: ...yyy_zz tar gz C data hotfix 5 Go to the data hotfix directory cd data hotfix xxxxxx 6 Optional Open the README file to see the hotfix details 7 Run the installation script install_hotfix 8 Restart the...

Page 21: ...message appears stating which image will boot next 4 Restart the system Restoring the drives To restore the drives on the 4400 appliance insert the DVD that was shipped with it The process that runs...

Page 22: ...2 Installing or upgrading the software on 4400 appliances Restoring the drives 22 McAfee Data Loss Prevention 9 2 1 Installation Guide...

Page 23: ...appliances Apply a hotfix Download the 1650 or 3650 archive To prepare for installation on the Model 1650 or 3650 download the software from the Service Portal Before you begin Locate the grant number...

Page 24: ...og on to the McAfee DLP device as root 2 Copy the archive to the appliance If you downloaded the archive to a Windows based computer use WinSCP If you are copying the archive from a Linux server use t...

Page 25: ...3650 appliances To upgrade a product on 1650 or 3650 appliances you must install 9 2 0 before upgrading to 9 2 1 Before you begin Download the product archive and copy it to the appliance Stop all sca...

Page 26: ...d data install 11 Run the application installation script install_stingray U P platform type The script completes then instructs you to reboot 12 Restart the system reboot 13 Install Hotfix 793756_460...

Page 27: ...tar xvzf hotfix_xxxxxx_yyyy_zz tar gz C data hotfix 5 Go to the data hotfix directory cd data hotfix xxxxxx 6 Optional Open the README file to see the hotfix details 7 Run the installation script inst...

Page 28: ...3 Installing or upgrading software on 1650 and 3650 appliances Apply a hotfix 28 McAfee Data Loss Prevention 9 2 1 Installation Guide...

Page 29: ...lt the McAfee Total Protection for Data Loss Prevention 9 2 0 Product Guide for more information Contents Configure McAfee DLP appliances using Setup Wizard Configure McAfee DLP appliances after insta...

Page 30: ...onfiguration page assign the hostname domain and IP addresses of the gateway and DNS servers then click Next Figure 4 1 Network configuration You must enter a fully qualified domain name into the Host...

Page 31: ...er and click Next Figure 4 2 Time configuration You might want to set the NTP server manually in some cases Configuring McAfee DLP appliances and adding servers Configure McAfee DLP appliances using S...

Page 32: ...f you have to change this configuration later you can activate or deactivate policies from the Policies page For example you might want to use international policies that are available on that page 4...

Page 33: ...for the primary administrator and set a password then click Next Figure 4 4 Administrator setup Configuring McAfee DLP appliances and adding servers Configure McAfee DLP appliances using Setup Wizard...

Page 34: ...on the System page Figure 4 5 Review Figure 4 6 Email server setting 8 If you are setting up McAfee DLP Prevent type in the IP address of a smart host then click Next 4 Configuring McAfee DLP applianc...

Page 35: ...g McAfee DLP Manager to open an SSH tunnel between the devices Before you begin If you are going to install the network product suite on ePolicy Orchestrator you must add the netdlp zip extension befo...

Page 36: ...nly as a collection point for the data Other machines are capturing and indexing data and the processor indicates the CPU utilization It should not go over 70 80 If registration seems to be taking a l...

Page 37: ...mail headers of messages entering the MTA 3 Must be capable of taking actions based on specified match expressions for email headers The specific header strings received from McAfee DLP Prevent are th...

Page 38: ...proxy server because it is already part of the network If you are setting up McAfee DLP Prevent to process email type the Smart Host IP address to which the processed email will be routed Host names a...

Page 39: ...type For example if you add Active Directory servers you cannot add OpenLDAP servers Task 1 Open the Directory Services page in one of two ways In ePolicy Orchestrator select Menu Data Loss Preventio...

Page 40: ...aded certificate Unlike the LDAP server domain name you can use any valid account that has permission to read from the LDAP server an administrative account is not necessary If you have already entere...

Page 41: ...reconnex net Enter the name into the Authorization Server field 12 Select a Scope to set the directory depth to be accessed on the server 13 Click Apply Add McAfee Logon Collector to McAfee DLP Manage...

Page 42: ...tor 17 Open a Remote Desktop session on the McAfee Logon Collector server and restart it When the server comes up the SSL connection between the servers is complete Add syslog servers to McAfee DLP sy...

Page 43: ...Previous 24 hours to keep the system from producing unmanageable numbers of results On the Incidents page set Filter by to a longer time period If the system was recently installed it will need some l...

Page 44: ...4 Configuring McAfee DLP appliances and adding servers Testing the system 44 McAfee Data Loss Prevention 9 2 1 Installation Guide...

Page 45: ...erver Install McAfee ePolicy Orchestrator Installing McAfee DLP WCF service Repository folders User and permission sets Install the McAfee Data Loss Prevention Endpoint extension Initialize the McAfee...

Page 46: ...Microsoft operating system software is supported Table 5 2 Operating systems supported Computer type Software Servers Windows Server 2003 Standard SE SP1 or later 32 or 64 bit Windows Server 2003 Ente...

Page 47: ...of Microsoft SQL Server you are using The McAfee DLP Endpoint software version 9 2 200 x package includes the following McAfee Data Loss Prevention Endpoint McAfee Agent plug in McAfee DLP Endpoint e...

Page 48: ...ms this folder might be locked down In that case you must temporarily change the permissions for this folder Otherwise the installation fails We recommend completing all software installations before...

Page 49: ...Communication Foundation WCF service on the same server as the McAfee ePO SQL database local installation or on a separate server remote installation Where McAfee ePolicy Orchestrator is installed tog...

Page 50: ...r in Microsoft SQL Server on page 50 To use either Windows or SQL authentication with the McAfee DLP WCF service or the ePolicy Orchestrator database an authorized user must be defined in the Microsof...

Page 51: ...tor rights on the servers involved This is a required task The default authorized user does not work with the McAfee DLP WCF service Task 1 Start SQL Server Management Studio Express and connect to th...

Page 52: ...gon name Set the default database to ePO4_SERVER Enforcing a password policy is optional 6 On the User Mapping page of the Login Properties window in the Users mapped to this login section select ePO4...

Page 53: ...tor Before you begin Before installing the McAfee DLP WCF service create a user in Microsoft SQL Server You must do this even if you are going to use Windows authentication When installing or upgradin...

Page 54: ...Sensitive Data in RSS Feed 3 In step 5 of the installation wizard Microsoft SQL Database do the following Review the defaults for Database Server and Database Name Type other values if necessary Sele...

Page 55: ...not include sensitive content Creating and configuring repository folders McAfee Data Loss Prevention Endpoint software requires certain repository folders on the server These folders must be created...

Page 56: ...fy that the Apply onto option says This folder subfolders and files then click OK The Advanced Security Settings dialog box now includes Domain Computers 10 Click OK twice to close the dialog box Conf...

Page 57: ...McAfee DLP Manager and McAfee DLP Monitor These roles can include creating and saving policies viewing but not changing policies generating override uninstall and quarantine release keys viewing the M...

Page 58: ...in the permission set form and you can attach them to the set If you create permission sets first the permission set names appear in the user form and you can attach the user to them 4 Click Save 5 In...

Page 59: ...ention Endpoint software you must upgrade the license after you complete the installation Task For option definitions click in the interface 1 In ePolicy Orchestrator select Menu Software Extensions t...

Page 60: ...o step 4 3 If no previous policy exists the message DLP global policy is unavailable Loading default policy appears Click OK to continue 4 When the message Agent configuration is unavailable Loading a...

Page 61: ...8 characters with at least one each uppercase lower case digit and special character symbol If you are upgrading this is not implemented until you change a password If you don t want endpoint key gen...

Page 62: ...y console menu bar select Help Update License The View and Update License window displays the current default activation key and expiration date 2 Click Update 3 Type or paste the activation key Activ...

Page 63: ...Endpoint The final stage of McAfee DLP Endpoint software installation is to define a policy deploy McAfee DLP Endpoint agents to the managed computers and verify the installation Tasks Define a defaul...

Page 64: ...lick through to step 2 of the rule creation wizard and add the Email Category created when creating the classification rule in the Included column e Click through to step 7 of the rule creation wizard...

Page 65: ...CE_USER user_name SERVICE_PASSWORD password The service user should be defined as the Citrix Administrator in Citrix Access Management Console Presentation Server Server Name Administrators and must b...

Page 66: ...t Uninstall Key window This information is not required when creating a master release code 3 Type the uninstall challenge code Step 2 This is the code the user obtains by clicking the McAfee Agent ic...

Page 67: ...products to unify the system under the network product suite The McAfee Agent DLP client routes policy updates to the clients and collects events from them If evidence collecting is enabled in the pol...

Page 68: ...to Menu Software Extensions 3 Click Install Extension 4 Browse to the netdlp zip file and click OK 5 Click OK Install the UDLP host extension You must install UDLP extension version 9 2 107 on ePolic...

Page 69: ...ers and groups to enable manual tagging of files on agent machines For example type in Everyone to give Manual Tagging Authorization to all users This sets up the agent to support manual tagging throu...

Page 70: ...Configuration Registered Servers Actions Edit Next Database instance ePO database instance Menu Configuration Registered Servers Actions Edit Next SQL Server instance instance name ePO GUI IP address...

Page 71: ...he Registered Server Builder page appears 4 In the Description field type in the name of the McAfee DLP Manager 5 In the Database Password field type in the epouser database password from the McAfee D...

Page 72: ...r loses connection to the database you cannot use https servername port core config to reconnect to the database Refer to KB66320 in the McAfee Knowledgebase for more information Configuring McAfee DL...

Page 73: ...nterval 4 Click Submit Maintaining compatibility with installed McAfee clients Because McAfee DLP Manager supports multiple versions of McAfee DLP Endpoint client the system must be configured to hand...

Page 74: ...Password page in one of two ways In ePolicy Orchestrator select Menu Data Loss Prevention DLP Sys Config Endpoint Configuration Miscellaneous and click Agent Override Password 2 Enter a password in t...

Page 75: ...ndpoint McAfee recommends that you start by setting up protection rules and viewing the events reported on the ePolicy Orchestrator Data in Use dashboard Consult the Product Guide for McAfee Total Pro...

Page 76: ...6 Integrating McAfee DLP Endpoint into a unified policy system Installation and configuration complete 76 McAfee Data Loss Prevention 9 2 1 Installation Guide...

Page 77: ...ng on Windows Server 2008 56 H hardware requirements 46 L license Device Control and DLP 62 M McAfee ServicePortal accessing 6 Microsoft SQL adding a user 50 Microsoft SQL installing 53 P permission s...

Page 78: ...TP000030C00...

Reviews: