McAfee PASCDE-AB-IA - Policy Auditor For Servers Product Manual Download Page 1

Page: 1 / 98

McAfee Policy Auditor 6.0 software

Product Guide for ePolicy Orchestrator 4.6

Summary of Contents for PASCDE-AB-IA - Policy Auditor For Servers

Page 1: ...McAfee Policy Auditor 6 0 software Product Guide for ePolicy Orchestrator 4 6...

Page 2: ...and unregistered trademarks herein are the sole property of their respective owners LICENSE INFORMATION License Agreement NOTICE TO ALL USERS CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPOND...

Page 3: ...19 Edit permission sets 21 Using the McAfee Policy Auditor agent plug in 22 The agent plug in and how it works 22 Supported platforms 22 How content is managed 24 Install and uninstall the agent plug...

Page 4: ...Create a Data Collection Scan 35 View McAfee Vulnerability Manager scan status 36 How to handle missing audit results 36 Troubleshoot missing audit results 37 How to handle mismatched McAfee Vulnerabi...

Page 5: ...mples of filtering waivers by date 54 Filtering waivers by date 55 Filtering waivers by group 55 How waiver requests and grants work 56 Requesting waivers 56 Granting waivers 57 Making waivers expire...

Page 6: ...Patch Check Result 71 Rollup reports 71 Configure rollup reporting 72 Findings 74 How findings work 74 Types of violations 74 Violation limit 75 Other Findings enhancements 75 Hide or unhide Findings...

Page 7: ...ment of CVE implementation 88 Statement of CCE implementation 89 Statement of CPE implementation 89 Statement of CVSS implementation 90 Statement of XCCDF implementation 90 Statement of OVAL implement...

Page 8: ...arty software This document introduces these concepts successively builds your understanding and provides details about the use of each functional component In addition it helps you understand how the...

Page 9: ...ides the information you need during each phase of product implementation from installing to using and troubleshooting After a product is released information about the product is entered into the McA...

Page 10: ...onstrate compliance to auditors by producing an audit trail showing compliance compliance history and actions taken to mitigate risks Organizations that are out of compliance might be subject to fines...

Page 11: ...are Ability to drag and drop groups Ability to drag and drop rules between groups Ability to delete groups Enhanced display of expired results Provides detailed information about expired results to he...

Page 12: ...at least one benchmark Ideally audits should contain only one benchmark Benchmark Editor Content Distributor Distributes content downloaded from McAfee Labs to systems Findings Manages findings which...

Page 13: ...tion ePolicy Orchestrator feature To assign policies like file integrity monitor to managed systems Menu Systems System Tree Assigned Policies Assign Policies Menu Systems System Tree Client Tasks Cli...

Page 14: ...ta into McAfee Policy Auditor To manage Exemption Expiration To process audit results To create tags that can be used to help organize your systems Menu Systems Tag Catalog Tag Catalog To create or ed...

Page 15: ...memory and processor use Auditing unmanaged systems Unmanaged systems can be audited by registering a McAfee Vulnerability Manager 6 8 or McAfee Vulnerability Manager 7 0 server with McAfee Policy Au...

Page 16: ...audit lowers the cost of maintaining audit data Enable findings data purging Allow McAfee Policy Auditor to purge audit results data older than a specified date This setting is enabled by default Pur...

Page 17: ...off Enables database maintenance features including the rebuilding of indexes Database Maintenance allow online rebuild of indexes Specifies the amount of fragmentation that triggers index rebuilding...

Page 18: ...le aggregation The number of benchmark results purged when purging audit results Number of benchmark results to purge per batch The number of processing threads allotted to audit results The default n...

Page 19: ...her in the McAfee ePolicy Orchestrator 4 6 Software Product Guide Default permission sets McAfee Policy Auditor includes seven default permission sets that provide permissions for McAfee Policy Audito...

Page 20: ...or PA Benchmark Editor Edit benchmark tailoring Create delete and apply labels Create delete and import checks Create delete modify and import benchmarks McAfee Benchmark Editor PA Viewer View and exp...

Page 21: ...hestrator user interface click Menu User Management Permission Sets then select the permission set 2 Click Edit next to the McAfee Policy Auditor permission group The Edit Permission Set page appears...

Page 22: ...out periods that you set Audit whiteout periods are times when an audit can run on a system or group of systems Audit blackout periods are times when an audit can t run The agent plug in determines th...

Page 23: ...aris 8 SPARC Solaris 9 SPARC Solaris 10 32 bit agent on 64 bit hardware X X SuSE Linux 9 32 bit agent on 64 bit hardware X X SuSE Linux Enterprise Server 10 32 bit agent on 64 bit hardware X X SuSE Li...

Page 24: ...ems under McAfee Policy Auditor must have the McAfee Agent and the McAfee Policy Auditor agent plug in For information on installing and working with the McAfee Agent see the ePolicy Orchestrator docu...

Page 25: ...to the list of client tasks for the selected group and any group that inherits the task 7 To run the client task immediately send a manual wake up call to the systems Uninstall the agent plug in Unins...

Page 26: ...perties that have changed since the last agent server communication 7 Click OK to send the wake up call 8 Verify that the agent plug in and ePolicy Orchestrator server are communicating go to Reportin...

Page 27: ...ion How to handle missing audit results How to handle mismatched McAfee Vulnerability Manager certificates How McAfee Policy Auditor integrates with the McAfee Vulnerability Manager extension McAfee P...

Page 28: ...and automatic importing of systems into the System Tree When McAfee Vulnerability Manager discovers new systems during a McAfee Vulnerability Manager Asset Discovery Scan it designates them as rogue s...

Page 29: ...sk McAfee Vulnerability Manager uses the MVM Data Import server task to populate the ePolicy Orchestrator server database with system data from the McAfee Vulnerability Manager database The server tas...

Page 30: ...up you must Install and set up McAfee Vulnerability Manager Create an organization Specify an administrator for the organization Task For option definitions click in the interface 1 From McAfee Vulner...

Page 31: ...lity Manager Discovery Scan are matched to ePolicy Orchestrator server managed assets You can also set up a data source from the McAfee Vulnerability Manager interface See the McAfee Vulnerability Man...

Page 32: ...d with the default settings Select Instance name if the Microsoft SQL 2005 name was changed and type the instance name Select Port number if you are required to specify a port number for the IP addres...

Page 33: ...y Manager documentation for details on Asset Discovery scan settings Task For option definitions click in the interface 1 In the ePolicy Orchestrator user interface click Menu Risk Compliance Audits t...

Page 34: ...fore you begin this task Task For option definitions click in the interface 1 In the ePolicy Orchestrator user interface click Menu Automation Server Tasks then click New Task 2 Type a Name and option...

Page 35: ...selected systems to the selected group 7 Repeat steps 2 6 to add other systems to System Tree groups Create a Data Collection Scan Create a McAfee Policy Auditor Data Collection Scan to conduct audit...

Page 36: ...lts should be no older than nnn time unit where nnn is a number and time unit is days weeks and months For example if the frequency for an audit is defined as one month and a managed system has not be...

Page 37: ...time to complete How to handle mismatched McAfee Vulnerability Manager certificates Certificates are sets of electronic files created by a trusted Certificate Authority They contain encrypted informa...

Page 38: ...ick Tasks then select Install Customer Specific Certificate 3 Click Initiate Task McAfee Vulnerability Manager Configuration Manager distributes the customer specific certificate to McAfee Policy Audi...

Page 39: ...they work McAfee Policy Auditor evaluates systems against independent standards that are developed by government and private industry It can also evaluate systems against standards that you create The...

Page 40: ...results in reports and queries Results are shown after the audit runs When audits are run McAfee Policy Auditor provides three ways to run an audit The software runs audits under these situations You...

Page 41: ...tem characteristics McAfee Policy Auditor allows you to exclude one or more managed systems based on system name IP address MAC address or user name Including systems in an audit McAfee Policy Auditor...

Page 42: ...e Policy Auditor provides the capability to create audits that use McAfee Vulnerability Manager formerly Foundstone for some or all audits If McAfee Policy Auditor is integrated with Foundstone this i...

Page 43: ...elect the profile from the Selected Profile drop down list then click Next NOTE Some benchmarks don t have profiles 5 Choose a method for adding systems to the audit Select System Tree and Tags and cl...

Page 44: ...Audit blackout periods are time intervals when an audit can not be run Audits are not scheduled For example consider a benchmark that was last evaluated at 5 14 p m on Sunday May 6th The frequency req...

Page 45: ...ign severity levels such as Critical or Moderate to patch checks When you create a Service Level Agreement you can specify that Finance systems missing a Critical patch are given 30 days until you are...

Page 46: ...number of benchmarks for which all systems failed the audit pass expired The results have expired but the last audit results evaluated to pass fail expired The results have expired but the last audit...

Page 47: ...it results can be exported in two different formats XCCDF and OVAL In each case the information is saved as a ZIP file Common uses for exporting audits is for transfer to another ePolicy Orchestrator...

Page 48: ...pears Click Save The Save As dialog box appears 4 Give the export ZIP file an appropriate name and click Save Creating and managing audits Export audits McAfee Policy Auditor 6 0 software Product Guid...

Page 49: ...ult scoring model The default scoring model computes the score independently for each collection of subgroups and rules in each group and again for each rule and group within the audit s benchmark s D...

Page 50: ...lize audit scores audit score rules passed maximum possible score 100 This table shows how scores for different audits can be compared using a normalized implementation of the flat unweighted score mo...

Page 51: ...coring model makes it easy to differentiate between systems that pass or fail an audit Changing the scoring model You can change the scoring model that McAfee Policy Auditor uses when reporting audit...

Page 52: ...fee Policy Auditor provides three types of audit waivers that apply to selected systems Each type of waiver affects scoring results differently Exception waiver Forces the audit results of a selected...

Page 53: ...ey do not audit the selected systems when the waiver is in effect They do not include selected systems in the audit results For example McAfee Policy Auditor audits a system with a benchmark that cont...

Page 54: ...Click Menu Risk Compliance Waivers 2 Select a group from the System Tree containing waivers of different status 3 Use the Status drop down list to select a status The software filters waivers based u...

Page 55: ...to the As of date select October 1 2012 The Waivers tab shows Waiver A has a status of Upcoming Waiver B has a status of Upcoming Filtering waivers by date McAfee Policy Auditor allows you to filter w...

Page 56: ...reate and grant the waiver in a single step Requested waivers appear in the Issues Catalog Before you begin You must have permissions to request waivers Task For option definitions click in the interf...

Page 57: ...initions click in the interface 1 Click Menu Automation Issues 2 Select a requested waiver and click Edit The Edit Issue page will appear 3 Click Grant Waiver The waiver is now approved to take effect...

Page 58: ...ick Menu Risk Compliance Waivers The Waivers tab appears 2 Select a waiver with a status of Upcoming and click View 3 Click Delete Waiver The deleted waiver no longer appears on the Waivers tab Managi...

Page 59: ...r The event is encrypted and compressed to save disk space and bandwidth To learn more about supported systems see Managed Systems in the Using the McAfee Policy Auditor agent plug in section Platform...

Page 60: ...Orchestrator software software McAfee Policy Auditor software monitors the MD5 and SHA 1 hashes of a file as well as the file attributes and permissions information These values are stored in a databa...

Page 61: ...6 This number includes the baseline version File versions are stored on a First In First Out FIFO basis For example if you configure the software to store 3 versions it stores the baseline version plu...

Page 62: ...ets it as the new baseline version and purges previous versions of the file You can also accept events from the file integrity monitoring query reports drilldown pages Purge file integrity monitoring...

Page 63: ...a new file integrity monitoring baseline Create a file integrity monitoring policy Create a policy to monitor file integrity file entitlement and version changes Before you begin You must install the...

Page 64: ...s whether a file has changed or whether the file s entitlements have changed File Entitlement File Integrity File Versioning Monitors whether a file has changed whether the file s entitlements have ch...

Page 65: ...ent page appears 6 Select Break inheritance and assign the policy and settings below 7 In the Assigned policy drop down list select a file integrity monitoring policy Click Edit Policy to make changes...

Page 66: ...hide the file attributes Show Hide Attributes Sets the number of lines to show surrounding lines from the empty deleted inserted or modified lines in File 2 Context Size Accept file integrity monitor...

Page 67: ...onitoring Each report provides information on events and allows you to drill down to see detailed information The query reports also allow you to accept or purge events and to compare file versions if...

Page 68: ...r rollup reporting configuration before implementing the feature Here are some issues to consider The volume of audit results can be substantial Care should be given to only roll up essential data Thi...

Page 69: ...ssociated database tables Actions Data rolled up Audit Benchmark Result Score Rollup Purge No purging Purge all Purge rolled up items older than a specified period of time Filter Score Scoring system...

Page 70: ...arent group Group path Rule name Rule result Waiver type Rollup method Incremental Full Benchmark Text Rollup Purge No purging Purge all Filter none available Rollup method Incremental Full Group Text...

Page 71: ...Purge No purging Purge all Filter none available Rollup method Incremental Full Audit Check Text Rollup Purge No purging Purge all Filter none available Rollup method Incremental Full Group Tree Roll...

Page 72: ...status Counts reflect the number of patches in the status PA Rollup Patch Compliance Overview Displays the rollup count of patches grouped by compliance status PA Rollup Patch Status by Benchmark Ser...

Page 73: ...enchmark Results Rollup Data PA Audit Rule Result Rollup Data PA Audit Patch Check Result 3 Configure and enable the Roll Up Data Local ePO Server server task on the reporting server Rollup reporting...

Page 74: ...ons Waive or hide selected Findings Ignore Findings results Findings can include three types of information Violations Reporting violations provide additional information in audit results For example...

Page 75: ...sk space McAfee Policy Auditor provides a violation limit that allows to cap the number of violations shown The violation limit sets the maximum number of violations that are created for a specific ch...

Page 76: ...show To do this Use this Hide Findings in reports for the check in this audit Actions Hide Findings Show Findings in reports for the check in this audit Actions Unhide Findings Findings Hide or unhid...

Page 77: ...itor deletes audit results based on the policy audit retention settings This means that audit results are not deleted when a system is removed from the ePolicy Orchestrator system tree Because of this...

Page 78: ...iolations Displays finding identifier system and finding messages for all findings violations FND Grouped Summary of Finding Status for Systems Displays a grouped summary of a system showing the count...

Page 79: ...is run PA MS SLA Non Compliant Systems Grouped By Patch and Tag Displays the non compliant systems grouped by patch and tag PA MS SLA Non Compliant Systems Grouped By Tag and Patch Displays the non co...

Page 80: ...d The MS Patch Status Summary dashboard is a set of monitors providing a high level overview or Microsoft patches with links and drill down access to detailed information PA MS Patch Status Summary da...

Page 81: ...n PA Compliance Summary dashboard Some reports are grouped by PCI aggregation names These are the PCI aggregation names Requirement 1 Install and maintain a firewall configuration PCI Failed Systems G...

Page 82: ...assified by type of waiver PCI Req 10 3 10 5 11 5 File Integrity Monitoring Displays a list of waivers currently in effect grouped by first level System Tree group and classified by type of waiver PCI...

Page 83: ...ool Display help Run an audit Run a benchmark Run a check Save debug information Execute the agent plug in debug tool Run the debug tool from a command prompt on Windows systems or a command line inte...

Page 84: ...Run a audit on a system and save the results to a file Task 1 Execute the agent plug in debug tool 2 Save the debug information to a file Definition Interface Graphical 1 Click Audits A list of availa...

Page 85: ...r ID appears 3 Enter bmRun ID where ID is the audit ID The audit results are saved to the results file specified in step 1 Run a check Run a check on a system and save the results to a file Task 1 Exe...

Page 86: ...P file on the system Task 1 Execute the agent plug in debug tool and perform an action such as run an audit 2 Save the debug information to a file Definition Interface Graphical 1 Click Save Debug inf...

Page 87: ...tatement of CVE implementation Statement of CCE implementation Statement of CPE implementation Statement of CVSS implementation Statement of XCCDF implementation Statement of OVAL implementation State...

Page 88: ...lows regulatory authorities and security administrators to construct definitive security guidance and to compare results reliably and repeatedly McAfee Policy Auditor is designed exclusively around SC...

Page 89: ...gs McAfee Policy Auditor version 6 0 incorporates and supports version 5 0 of the Common Configuration Enumeration CCE standard Previous versions of McAfee Policy Auditor have been certified by Mitre...

Page 90: ...form standard for the expression of benchmarks and other configuration guidance to encourage good security practices McAfee Policy Auditor uses benchmarks from McAfee or third party sources to constru...

Page 91: ...The user specifies how long audit data is to be retained so that they or auditors can review any changes in the state of a system over time McAfee Policy Auditor version 6 0 provides fully integrated...

Page 92: ...encrypt or decrypt sensitive data The ePolicy Orchestrator software repository list SiteList xml file contains the names of all the repositories you are managing The repository list includes the locat...

Page 93: ...immediately after gaining access McAfee Host Intrusion Prevention System can also take immediate action as preset by the network administrator Timestamp ePolicy Orchestrator software uses either a dat...

Page 94: ...1 benchmarks activate for use in Policy Auditor 42 defining frequency 43 select benchmarks for an audit 43 used in audits 39 using Foundstone to audit systems 43 using Vulnerability Manager to audit s...

Page 95: ...ctivate benchmarks 42 agent plug in concept 22 components installed 12 Data Collection Scan 28 import Asset Discovery Scan results 28 using ePolicy Orchestrator features 13 Vulnerability Manager ePO E...

Page 96: ...ute scoring model 51 scoring audits Policy Auditor continued changing the scoring model 51 default scoring model 49 flat scoring model 50 flat unweighted scoring model 50 server settings Policy Audito...

Page 97: ...questing 56 start date 54 status 54 waivers Policy Auditor continued suppression waivers 52 suppression waivers effects on audits and scoring 53 wake up calls deploying Policy Auditor agent plug in 24...

Page 98: ...McAfee Policy Auditor 6 0 software Product Guide for ePolicy Orchestrator 4 6 98 Index...

Search results

Summary of Contents for PASCDE-AB-IA - Policy Auditor For Servers

Reviews:

Related manuals for PASCDE-AB-IA - Policy Auditor For Servers

Brands by name

Popular brands

McAfee PASCDE-AB-IA - Policy Auditor For Servers, Product Manual

Search results

Summary of Contents for PASCDE-AB-IA - Policy Auditor For Servers

Reviews:

Related manuals for PASCDE-AB-IA - Policy Auditor For Servers

Brands by name

Popular brands