McAfee Data Loss Prevention 9.2.1 Скачать руководство пользователя страница 74 | Manualshive

Страница: 74 / 78

background image

But if McAfee DLP Endpoint 9.1 is installed and digital rights management is not needed,

No compatibility

should be selected. This means that the new features in that release will be available in the network
product suite. Features like

Document Scan Scope

and

Password Protected Files

will appear in the user interface

only if the 9.1 version of the McAfee Agent client is accessible through McAfee DLP Manager.

Add an Agent Override Password

An

Agent Override

password must be defined before doing any McAfee DLP Endpoint task to ensure

encryption and decryption of evidence, and the possibility of reversing any default reactions.
A key must be used to unblock quarantined files, unlock and decrypt encrypted files, request
justification for blocked actions, or work around any other events that have been generated by McAfee
Agent. The administrator provides this password when appropriate.
For example, a unified rule might protect a certain group of financial files on certain network shares
and all endpoints. But because certain endpoint users will need read and write access to those files, it
might include a selected

Request Justification

checkbox in the

Data

‑

in

‑

Use

action rule that is applied to that

rule. As a result, when an authorized user opens the blocked file, he might be presented with a

Request

Justification

pop

‑

up that will allow the administrator to make an exception to the rule by providing the

password. (The specific process and action is determined by the administrator.)

Task

1

Open the

Agent Override Password

page in one of two ways:

• In ePolicy Orchestrator, select

Menu

|

Data Loss Prevention

|

DLP Sys Config

|

Endpoint Configuration

|

Miscellaneous

and click

Agent Override Password

.

2

Enter a password in the

Password

field and confirm it.

McAfee DLP Endpoint 9.2 requires strong passwords — 8 or more upper and lower case characters,
plus a number and a symbol.

3

Click

Submit

.

Set the manual tagging option

If you have administrative privileges, you can apply tag labels to allow trusted users to classify specific
documents . If the

Allow Manual Tagging

checkbox is selected during that process, the tag is visible to your

trusted users, who can use it to classify specific documents by applying the appropriate tag.

Before you begin

McAfee DLP Endpoint and its components must be set up on McAfee DLP Manager.

After they are created, manual tags are pushed to users at endpoints by the McAfee Agent client.

The ability to classify documents with tags encourages users to take independent action to protect files
within their areas of responsibility. For example, users at medical facilities might be trusted to apply
HIPAA tags to patient records that must be kept confidential by law.

If the

Allow Manual Tagging

checkbox is not selected, file tagging can still be done manually — but only by

administrative users, who can tag or remove files individually or in groups.

Task

1

Open the

Tag Labels

page in one of two ways:

• In ePolicy Orchestrator, select

Menu

|

Data Loss Prevention

|

DLP Sys Config

|

System Administration

|

Endpoint Configuration

|

Tag Labels

.

2

Select a tag.

6

Integrating McAfee DLP Endpoint into a unified policy system

Configuring McAfee DLP Endpoint on McAfee DLP Manager

74

McAfee Data Loss Prevention 9.2.1

Installation Guide

«
...
72
73
74
75
76
...
»

Содержание Data Loss Prevention 9.2.1

Страница 1: ...Installation Guide Revision C McAfee Data Loss Prevention 9 2 1 For use with ePolicy Orchestrator 4 5 0 and 4 6 0 Software...

Страница 2: ...laimed as the property of others LICENSE INFORMATION License Agreement NOTICE TO ALL USERS CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED WHICH SETS FORTH TH...

Страница 3: ...n installation to another McAfee DLP product 20 Restoring the drives 21 3 Installing or upgrading software on 1650 and 3650 appliances 23 Download the 1650 or 3650 archive 23 Install a fresh image on...

Страница 4: ...5 Uninstall McAfee DLP Endpoint 66 6 Integrating McAfee DLP Endpoint into a unified policy system 67 Setting up Unified DLP on ePolicy Orchestrator 68 Install the network extension 68 Install the UDLP...

Страница 5: ...his guide and how the guide is organized Audience McAfee documentation is carefully researched and written for the target audience The information in this guide is intended primarily for Administrator...

Страница 6: ...ased information about the product is entered into the McAfee online KnowledgeBase Task 1 Go to the McAfee Technical Support ServicePortal at http mysupport mcafee com 2 Under Self Service access the...

Страница 7: ...your protection strategy After you complete setup of all of the appliances go to the System tab on McAfee DLP Manager to add the products to be managed and the servers needed to complete the system F...

Страница 8: ...server Primary DNS server 2 Devise a protection strategy by evaluating the type of information you need to protect Your objectives will determine which policies you activate 3 Determine who will be t...

Страница 9: ...ernet port 3 Capture port 1 Figure 1 2 Model 3650 appliance port configuration 1 Ethernet port 0 2 Ethernet port 1 Management port 3 Ethernet port 2 Capture port 0 4 Ethernet port 3 Capture port 1 Fig...

Страница 10: ...be completed only on the McAfee DLP Manager appliance 8 Click Submit then Exit Wizard When this step is complete the appliance will have a new IP address and will be integrated into the network Resta...

Страница 11: ...Monitor McAfee DLP Monitor must be physically integrated into the network so it can capture traffic There are two integration modes use of a mirror SPAN port on a LAN switch or placement of a network...

Страница 12: ...rt configuration 3 Using interface show commands on the switch verify that traffic is being received on the switch port to which McAfee DLP Monitor is connected 4 Save the configuration on the switch...

Страница 13: ...res physical disconnection and reconnection of network cables so it disrupts traffic A service window is required With this configuration full traffic capture is done even under heavy load conditions...

Страница 14: ...switch Complete the setup Add the NTP server to sync McAfee DLP Manager to the network Task 1 Open a web browser and enter the assigned IP address in the address bar to restart McAfee DLP Manager 2 Cl...

Страница 15: ...d the 4400 archive To prepare for installation on the 4400 download the software from the Service Portal Before you begin Locate the grant number you received after purchasing the product McAfee DLP M...

Страница 16: ...the operating system of the appliance During the upgrade process the configuration data in the data directory and the kernel boot loader information in the boot directory are copied over to the new i...

Страница 17: ...rs stating which image will boot next 4 Restart the system Install a fresh image on 4400 appliances To install a fresh image install on both primary and secondary disks Before you begin Download the p...

Страница 18: ...ensures that the original image can still be accessed after the upgrade is complete The system automatically boots from the latest image Before you begin Download the product archive and copy it to th...

Страница 19: ...C data install 7 Go to the data install directory cd data install 8 Run the installation script Before you type the command run pwd to establish that you are in the correct product directory You must...

Страница 20: ...yyy_zz tar gz C data hotfix 5 Go to the data hotfix directory cd data hotfix xxxxxx 6 Optional Open the README file to see the hotfix details 7 Run the installation script install_hotfix 8 Restart the...

Страница 21: ...message appears stating which image will boot next 4 Restart the system Restoring the drives To restore the drives on the 4400 appliance insert the DVD that was shipped with it The process that runs...

Страница 22: ...2 Installing or upgrading the software on 4400 appliances Restoring the drives 22 McAfee Data Loss Prevention 9 2 1 Installation Guide...

Страница 23: ...appliances Apply a hotfix Download the 1650 or 3650 archive To prepare for installation on the Model 1650 or 3650 download the software from the Service Portal Before you begin Locate the grant number...

Страница 24: ...og on to the McAfee DLP device as root 2 Copy the archive to the appliance If you downloaded the archive to a Windows based computer use WinSCP If you are copying the archive from a Linux server use t...

Страница 25: ...3650 appliances To upgrade a product on 1650 or 3650 appliances you must install 9 2 0 before upgrading to 9 2 1 Before you begin Download the product archive and copy it to the appliance Stop all sca...

Страница 26: ...d data install 11 Run the application installation script install_stingray U P platform type The script completes then instructs you to reboot 12 Restart the system reboot 13 Install Hotfix 793756_460...

Страница 27: ...tar xvzf hotfix_xxxxxx_yyyy_zz tar gz C data hotfix 5 Go to the data hotfix directory cd data hotfix xxxxxx 6 Optional Open the README file to see the hotfix details 7 Run the installation script inst...

Страница 28: ...3 Installing or upgrading software on 1650 and 3650 appliances Apply a hotfix 28 McAfee Data Loss Prevention 9 2 1 Installation Guide...

Страница 29: ...lt the McAfee Total Protection for Data Loss Prevention 9 2 0 Product Guide for more information Contents Configure McAfee DLP appliances using Setup Wizard Configure McAfee DLP appliances after insta...

Страница 30: ...onfiguration page assign the hostname domain and IP addresses of the gateway and DNS servers then click Next Figure 4 1 Network configuration You must enter a fully qualified domain name into the Host...

Страница 31: ...er and click Next Figure 4 2 Time configuration You might want to set the NTP server manually in some cases Configuring McAfee DLP appliances and adding servers Configure McAfee DLP appliances using S...

Страница 32: ...f you have to change this configuration later you can activate or deactivate policies from the Policies page For example you might want to use international policies that are available on that page 4...

Страница 33: ...for the primary administrator and set a password then click Next Figure 4 4 Administrator setup Configuring McAfee DLP appliances and adding servers Configure McAfee DLP appliances using Setup Wizard...

Страница 34: ...on the System page Figure 4 5 Review Figure 4 6 Email server setting 8 If you are setting up McAfee DLP Prevent type in the IP address of a smart host then click Next 4 Configuring McAfee DLP applianc...

Страница 35: ...g McAfee DLP Manager to open an SSH tunnel between the devices Before you begin If you are going to install the network product suite on ePolicy Orchestrator you must add the netdlp zip extension befo...

Страница 36: ...nly as a collection point for the data Other machines are capturing and indexing data and the processor indicates the CPU utilization It should not go over 70 80 If registration seems to be taking a l...

Страница 37: ...mail headers of messages entering the MTA 3 Must be capable of taking actions based on specified match expressions for email headers The specific header strings received from McAfee DLP Prevent are th...

Страница 38: ...proxy server because it is already part of the network If you are setting up McAfee DLP Prevent to process email type the Smart Host IP address to which the processed email will be routed Host names a...

Страница 39: ...type For example if you add Active Directory servers you cannot add OpenLDAP servers Task 1 Open the Directory Services page in one of two ways In ePolicy Orchestrator select Menu Data Loss Preventio...

Страница 40: ...aded certificate Unlike the LDAP server domain name you can use any valid account that has permission to read from the LDAP server an administrative account is not necessary If you have already entere...

Страница 41: ...reconnex net Enter the name into the Authorization Server field 12 Select a Scope to set the directory depth to be accessed on the server 13 Click Apply Add McAfee Logon Collector to McAfee DLP Manage...

Страница 42: ...tor 17 Open a Remote Desktop session on the McAfee Logon Collector server and restart it When the server comes up the SSL connection between the servers is complete Add syslog servers to McAfee DLP sy...

Страница 43: ...Previous 24 hours to keep the system from producing unmanageable numbers of results On the Incidents page set Filter by to a longer time period If the system was recently installed it will need some l...

Страница 44: ...4 Configuring McAfee DLP appliances and adding servers Testing the system 44 McAfee Data Loss Prevention 9 2 1 Installation Guide...

Страница 45: ...erver Install McAfee ePolicy Orchestrator Installing McAfee DLP WCF service Repository folders User and permission sets Install the McAfee Data Loss Prevention Endpoint extension Initialize the McAfee...

Страница 46: ...Microsoft operating system software is supported Table 5 2 Operating systems supported Computer type Software Servers Windows Server 2003 Standard SE SP1 or later 32 or 64 bit Windows Server 2003 Ente...

Страница 47: ...of Microsoft SQL Server you are using The McAfee DLP Endpoint software version 9 2 200 x package includes the following McAfee Data Loss Prevention Endpoint McAfee Agent plug in McAfee DLP Endpoint e...

Страница 48: ...ms this folder might be locked down In that case you must temporarily change the permissions for this folder Otherwise the installation fails We recommend completing all software installations before...

Страница 49: ...Communication Foundation WCF service on the same server as the McAfee ePO SQL database local installation or on a separate server remote installation Where McAfee ePolicy Orchestrator is installed tog...

Страница 50: ...r in Microsoft SQL Server on page 50 To use either Windows or SQL authentication with the McAfee DLP WCF service or the ePolicy Orchestrator database an authorized user must be defined in the Microsof...

Страница 51: ...tor rights on the servers involved This is a required task The default authorized user does not work with the McAfee DLP WCF service Task 1 Start SQL Server Management Studio Express and connect to th...

Страница 52: ...gon name Set the default database to ePO4_SERVER Enforcing a password policy is optional 6 On the User Mapping page of the Login Properties window in the Users mapped to this login section select ePO4...

Страница 53: ...tor Before you begin Before installing the McAfee DLP WCF service create a user in Microsoft SQL Server You must do this even if you are going to use Windows authentication When installing or upgradin...

Страница 54: ...Sensitive Data in RSS Feed 3 In step 5 of the installation wizard Microsoft SQL Database do the following Review the defaults for Database Server and Database Name Type other values if necessary Sele...

Страница 55: ...not include sensitive content Creating and configuring repository folders McAfee Data Loss Prevention Endpoint software requires certain repository folders on the server These folders must be created...

Страница 56: ...fy that the Apply onto option says This folder subfolders and files then click OK The Advanced Security Settings dialog box now includes Domain Computers 10 Click OK twice to close the dialog box Conf...

Страница 57: ...McAfee DLP Manager and McAfee DLP Monitor These roles can include creating and saving policies viewing but not changing policies generating override uninstall and quarantine release keys viewing the M...

Страница 58: ...in the permission set form and you can attach them to the set If you create permission sets first the permission set names appear in the user form and you can attach the user to them 4 Click Save 5 In...

Страница 59: ...ention Endpoint software you must upgrade the license after you complete the installation Task For option definitions click in the interface 1 In ePolicy Orchestrator select Menu Software Extensions t...

Страница 60: ...o step 4 3 If no previous policy exists the message DLP global policy is unavailable Loading default policy appears Click OK to continue 4 When the message Agent configuration is unavailable Loading a...

Страница 61: ...8 characters with at least one each uppercase lower case digit and special character symbol If you are upgrading this is not implemented until you change a password If you don t want endpoint key gen...

Страница 62: ...y console menu bar select Help Update License The View and Update License window displays the current default activation key and expiration date 2 Click Update 3 Type or paste the activation key Activ...

Страница 63: ...Endpoint The final stage of McAfee DLP Endpoint software installation is to define a policy deploy McAfee DLP Endpoint agents to the managed computers and verify the installation Tasks Define a defaul...

Страница 64: ...lick through to step 2 of the rule creation wizard and add the Email Category created when creating the classification rule in the Included column e Click through to step 7 of the rule creation wizard...

Страница 65: ...CE_USER user_name SERVICE_PASSWORD password The service user should be defined as the Citrix Administrator in Citrix Access Management Console Presentation Server Server Name Administrators and must b...

Страница 66: ...t Uninstall Key window This information is not required when creating a master release code 3 Type the uninstall challenge code Step 2 This is the code the user obtains by clicking the McAfee Agent ic...

Страница 67: ...products to unify the system under the network product suite The McAfee Agent DLP client routes policy updates to the clients and collects events from them If evidence collecting is enabled in the pol...

Страница 68: ...to Menu Software Extensions 3 Click Install Extension 4 Browse to the netdlp zip file and click OK 5 Click OK Install the UDLP host extension You must install UDLP extension version 9 2 107 on ePolic...

Страница 69: ...ers and groups to enable manual tagging of files on agent machines For example type in Everyone to give Manual Tagging Authorization to all users This sets up the agent to support manual tagging throu...

Страница 70: ...Configuration Registered Servers Actions Edit Next Database instance ePO database instance Menu Configuration Registered Servers Actions Edit Next SQL Server instance instance name ePO GUI IP address...

Страница 71: ...he Registered Server Builder page appears 4 In the Description field type in the name of the McAfee DLP Manager 5 In the Database Password field type in the epouser database password from the McAfee D...

Страница 72: ...r loses connection to the database you cannot use https servername port core config to reconnect to the database Refer to KB66320 in the McAfee Knowledgebase for more information Configuring McAfee DL...

Страница 73: ...nterval 4 Click Submit Maintaining compatibility with installed McAfee clients Because McAfee DLP Manager supports multiple versions of McAfee DLP Endpoint client the system must be configured to hand...

Страница 74: ...Password page in one of two ways In ePolicy Orchestrator select Menu Data Loss Prevention DLP Sys Config Endpoint Configuration Miscellaneous and click Agent Override Password 2 Enter a password in t...

Страница 75: ...ndpoint McAfee recommends that you start by setting up protection rules and viewing the events reported on the ePolicy Orchestrator Data in Use dashboard Consult the Product Guide for McAfee Total Pro...

Страница 76: ...6 Integrating McAfee DLP Endpoint into a unified policy system Installation and configuration complete 76 McAfee Data Loss Prevention 9 2 1 Installation Guide...

Страница 77: ...ng on Windows Server 2008 56 H hardware requirements 46 L license Device Control and DLP 62 M McAfee ServicePortal accessing 6 Microsoft SQL adding a user 50 Microsoft SQL installing 53 P permission s...

Страница 78: ...TP000030C00...

Отзывы:

Нет отзывов

Похожие инструкции для Data Loss Prevention 9.2.1

Quality Monitoring

Бренд: Nortel Страницы: 22

Veriteq viewLinc 4.0

Бренд: Vaisala Страницы: 168

NETWORK BASIC - USER REFERENCE GUIDE 3.2

Бренд: Red Hat Страницы: 76

Бренд: Ulead Страницы: 100

Toast 6 Titanium

Бренд: Roxio Страницы: 132

Бренд: 2Wire Страницы: 35

Бренд: Unibrain Страницы: 77

Бренд: LEI Extras Страницы: 8

00128-051462-9310 - AUTOCAD 2008 COMM UPG FRM 2005 DVD

Бренд: Autodesk Страницы: 2268

Бренд: TANDBERG Страницы: 17

Бренд: Vector Страницы: 148

Бренд: Omega Engineering Страницы: 63

CAMEDIA Master 4.3/Pro

Бренд: Olympus Страницы: 22

Бренд: Cabletron Systems Страницы: 495

EzSign TV Editor

Бренд: LG Страницы: 12

Бренд: LG Страницы: 26

Бренд: LG Страницы: 83

Zenith Free-To-Guest

Бренд: LG Страницы: 28

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды