manualshive.com logo in svg

McAfee MTP10EMB3RAA - Total Protection 2010, Руководство по эксплуатации продукта, Страница: 119 / 134

Поделиться
Скачать
McAfee MTP10EMB3RAA - Total Protection 2010 Скачать руководство пользователя страница 119

McAfee Total Protection Service Product Guide 

119

Using the SaaS Vulnerability 

Scanning Service

The SaaS vulnerability scanning service measures the security of websites, domains, and IP 
addresses by testing them for thousands of risks and issues in many vulnerability classes and 
categories. It then reports any vulnerabilities detected, prioritizes the risks they present, and 
recommends remediation tasks and patches.

Contents 

Vulnerability scanning features

Certification programs

The SaaS vulnerability scanning widget and portal

Overview of scanning process

Overview of the certification process

Types of devices to scan

Types of scans

Managing scan devices

Performing scans

How detections are reported

Viewing scan results

Vulnerability scanning features

Run vulnerability scans (device audits) to locate and resolve security risks in your network 
devices and to confirm compliance with certification standards.
A security plan that includes regular and comprehensive device audits:
•    Protects your entire network infrastructure non-invasively.
•    Identifies unauthorized server applications and tracks system configuration changes.
•    Looks for thousands of different vulnerabilities residing in Internet services, shopping carts, 

ports, operating systems, servers, key applications, firewalls, addressable switches, load 
balancers, and routers. 

•    Provides detailed reporting and specific recommendations for resolving vulnerabilities 

detected by more than 10,000 individual vulnerability tests plus port scans.

•    Collects and updates vulnerability data around-the-clock from hundreds of sources 

worldwide, ensuring its ability to detect the latest risks.

•    Meets the website security vulnerabilities audit requirements mandated by HIPAA, GRAMM-

LEACH-BILEY, SARBANES-OXLEY, and other federal legislation.

CBS100083_McAfeeProdGde_12-10   119

12/20/10   8:51 AM

Содержание MTP10EMB3RAA - Total Protection 2010

Страница 1: ...McAfee Total Protection Service Product Guide...

Страница 2: ...brand products All other registered and unregistered trademarks herein are the sole property of their respective owners LICENSE INFORMATION License Agreement NOTICE TO ALL USERS CAREFULLY READ THE AP...

Страница 3: ...19 Using the Client Software 20 How to access the client software 20 About the icon 21 About the console 22 Types of client software updates 22 Terminal server support 24 Specifying when computers che...

Страница 4: ...of group administrators 44 Working with group administrators 45 Management of security policies 46 McAfee Default policy 47 Working with policies 51 Generation of security reports 51 Scheduling report...

Страница 5: ...pproving and unapproving programs in a policy 72 Managing detections 73 Viewing scan results on client computers 73 Managing potentially unwanted programs on client computers 74 Viewing quarantined fi...

Страница 6: ...he account 95 Viewing user approved programs and applications 95 Viewing blocked communications 96 Reports for firewall protection 97 Unrecognized Programs report 97 Inbound Events Blocked by Firewall...

Страница 7: ...ns 118 Using the SaaS Vulnerability Scanning Service 119 Vulnerability scanning features 119 Certification programs 120 The SaaS vulnerability scanning widget and portal 121 Accessing the SaaS vulnera...

Страница 8: ...er person such as a purchasing department representative purchases the subscription and then designates you to be the site administrator For a more hands on approach use the SecurityCenter to view and...

Страница 9: ...ach computer where it is installed 2 The client software up dates itself automatically and silently by downloading the latest detection definition DAT files from your account s administrative website...

Страница 10: ...Service checks for product updates at regular intervals throughout the day comparing security components against the latest releases When a computer needs a newer version the client software retrieves...

Страница 11: ...il these reports at regular intervals Schedule reports Select a customized policy as the default assigned to computers in your account Designate a default policy for your account Organize the computer...

Страница 12: ...informed about your account s status Updates to the client software Regular updates are the cornerstone of Total Protection Service The client software periodically checks a site on the Internet for n...

Страница 13: ...od or a combination of methods which enables you to tune the impact updates have on network resources 1 For simple updates each client computer on your account has a direct connection to the Internet...

Страница 14: ...lable for Total Protection Service 3 If new components are available the client computer attempts to retrieve them from its peers It queries whether computers on the LAN have already downloaded the ne...

Страница 15: ...the SecurityCenter It shows summary information for your account at a glance Alerts and action items Indicate whether any action is required to address security issues and links you to instructions f...

Страница 16: ...ation reference information and subscription status Helpful utilities Product documentation and links to product support and demos Create user groups A group consists of one or more computers that sha...

Страница 17: ...Daily Daily Weekly On Demand Scan Enabled Enabled Enabled Enable outbreak response Enabled Enabled No Scan within archives during on access scans 4 hours 4 hours 12 hours Check for updates every Promp...

Страница 18: ...Team group performs the tasks defined in the Sales policy 3 Check for updates to software components and DAT files every 4 hours Check for an outbreak DAT file every hour Scan for viruses and potentia...

Страница 19: ...information is the same method used to retrieve updates i e through a direct connection Rumor technology or a relay server A summary of this information is sent to you in a weekly status email unless...

Страница 20: ...ctly on a client computer by using the tasks described in this section Contents How to access the client software Types of client software updates Performing setup and maintenance tasks Frequently ask...

Страница 21: ...ription or buy more licenses How the icon indicates the status of the client software The appearance of the icon changes to indicate the status of the client software Hold your cursor over the icon to...

Страница 22: ...ernet or blocked Admin Login Log on as an administrator to access administrative features Requires site administrator credentials View Help Display online help NOTE The client features you can access...

Страница 23: ...ates manually For example when a computer appears to be out of date in your administrative reports users might need to update manually as part of the troubleshooting process Manual updates When an out...

Страница 24: ...must be kept up to date DAT files are updated by McAfee Avert Labs whenever new threats are discovered Use this task to select how often client computers check for updates to software components and...

Страница 25: ...tal Protection Service client software Tasks Testing virus protection Changing the language for the software Logging on as a site administrator Configuring notifications Configuring what users see Uni...

Страница 26: ...l console and these additional tasks available Viewing the progress of scheduled scans that are in progress Managing files in the Quarantine Viewer Disabling and enabling on access scanning Logging on...

Страница 27: ...icon only The tray icon is displayed and the tray menu lists only the Update Now option 4 Click Save For a new policy click Next select additional options for the policy then click Save Uninstalling t...

Страница 28: ...ion Basic authentication is not supported Automatic updates do not occur when a CHAP or NTML proxy is set up in Internet Explorer Is it okay to delete the Temp folder in my program s directory structu...

Страница 29: ...folder in the Program Files McAfee Managed VirusScan folder Activate your software You have not activated your copy of Total Protection Service You cannot receive updates against the latest threats u...

Страница 30: ...ve hands on involvement you can take advantage of the management console available on the SecurityCenter Use the SecurityCenter to centrally manage the client computers and information for your accoun...

Страница 31: ...redentials email or weekly status email you received from your service provider NOTE Before typing your login credentials you can access multimedia demos and tutorials for more information about using...

Страница 32: ...e You must have a local email application installed to use this feature Click the print icon located along the upper right margin of the page to open the page in a separate browser window then select...

Страница 33: ...that require your attention appear in red The method for resolving them varies depending on the page Check your action items and alerts Click the button at the end of the text to display instructions...

Страница 34: ...ction coverage resolve action items and update protection Task For option definitions click in the interface 1 Click the Dashboard tab 2 Select the group for which you want to display information Opti...

Страница 35: ...size a widget click its border and drag to a new size To email the information in the widget click the email icon in the upper right corner You can also schedule it to be sent as an email attachment a...

Страница 36: ...Computers where protection is not installed In a widget click links that display more information about reported activity such as the computer names or the number of detections View details about act...

Страница 37: ...time for which to display information View by Display individual computers or groups Group Display only the computers in a group or display all computers Not available if you selected View by Groups S...

Страница 38: ...computers from the listing delete a computer with enabled client software from the listing it automatically reappears the next time its report data is uploaded however you can no longer view its hist...

Страница 39: ...up list select a group then click Save Move the computer to a new group In the Policy list select a new policy then click Save Assign a new policy Select the Click here to install link to open the ins...

Страница 40: ...uters page If you have not created any groups or policies only the Default Group is displayed The Default Group Until you create additional groups all computers are assigned to the Default Group when...

Страница 41: ...date 5 Check the status of the last synchronization tasks Your account can contain both Active Directory groups and groups that you create in the SecurityCenter See also Management of computer groups...

Страница 42: ...e this task to install the client software on computers in Active Directory groups Before you begin You must import Active Directory groups before you can perform this task Note that all Active Direct...

Страница 43: ...will be placed in the same groups they are in on your network If you do not select this option computers will be placed in the Default Group 5 Click Save See also Logging on as a site administrator o...

Страница 44: ...oversee and manage the groups that you the site administrator assign to them When creating group administrators you specify which groups they manage a password they use to access the SecurityCenter a...

Страница 45: ...Up to six group administrators can be listed If you have created more than six group administrator accounts click View all group administrators to display a complete listing Task For option definitio...

Страница 46: ...policies Use this page to create copy modify and delete policies for your account If you have not created any policies only the McAfee Default policy is displayed Do this To Under Actions select Delet...

Страница 47: ...on explains only the settings for the McAfee Default policy See the chapters for particular types of protection for a complete explanation of all related policy options Client Settings Option definiti...

Страница 48: ...e Enabled Detect code starting to run from data in reserved memory and prevent that code from running Enable buffer overflow protection Enabled Detect harmful code embedded in web pages that would cau...

Страница 49: ...To ensure the highest level of security we recommend that administrators create a new policy and configure firewall protection Definition Option Disabled Do not check whether browser protection is ins...

Страница 50: ...Unrated Allow NOTE This feature is not supported on Firefox browsers Enabled Do not allow access to pages with phishing content even if they are located on a website with a green overall safety ratin...

Страница 51: ...vide valuable tools for monitoring detections and fine tuning your protection strategy Only the reports available for the types of protection installed appear on this page Do this To Select an existin...

Страница 52: ...NOTE For blocked events to be reported the Report blocked events option must be enabled in the Firewall Protection policy Blocked events are logged for all computers that are assigned a policy where...

Страница 53: ...eek on the selected day Monthly on Send the information each month on the selected day 4 Type one or more email addresses to receive the report Separate multiple addressees with commas 5 Type a subjec...

Страница 54: ...black box Alphabetic characters are not case sensitive 4 Click Upload Logo If your logo file is not the correct size the SecurityCenter resizes it to fit the allotted area and displays a preview of h...

Страница 55: ...s the listing it automatically reappears the next time its report data is uploaded however you can no longer view its historical detection data Click a computer name to display the Computer Details pa...

Страница 56: ...g up for email notifications Viewing and updating subscription information Buying and renewing subscriptions and licenses Locating or creating keys for your account Merging accounts Configuring your a...

Страница 57: ...criptions and to update subscription information It is important to check the status of your subscriptions to ensure that protection remains active and you have the right number of licenses to protect...

Страница 58: ...y computers are protected Task 1 On the My Account page click the Subscription Notification tab The Subscription Summary section lists details about each subscription including the number of licences...

Страница 59: ...count you want to merge into your main account then click Next 4 On the Step 2 page view details for the account you have selected Verify that the licenses and computers listed for the account are the...

Страница 60: ...nt Downloads a wizard that guides you through the steps for migrating computers in a McAfee ProtectionPilot account to a Total Protection Service account A link to documentation is also provided Getti...

Страница 61: ...y If you do need to merge multiple accounts then use the Manage Accounts section of the Accounts Keys tab Why do my cloned systems all report as the same computer The client software generates a uniqu...

Страница 62: ...ick Delete 4 Install the software on the new computer The new computer appears in your reports after it uploads its status to the SecurityCenter This usually takes about 20 minutes My computer crashed...

Страница 63: ...nent within Total Protection Service but includes policy options that let you configure some of the virus protection and spyware protection features separately Virus and spyware protection includes op...

Страница 64: ...and blocked programs created by the administrator for computers using the policy Checks the list of programs the user has approved If the Prompt program is not on either list spyware protection displa...

Страница 65: ...figured in the SecurityCenter Policy settings determine the types of files programs and other items detected whether users can manage their detections how frequently computers check for updates and wh...

Страница 66: ...r a program attempts to install spyware Scan for all types of virus and spyware threats Send unrecognized detections to McAfee Avert Labs Enable on access scanning when computers check for updates On...

Страница 67: ...configure these spyware scanning features Whether files are scanned for spyware The types of spyware threats to detect Approved programs that should not be detected as threats The default spyware rela...

Страница 68: ...tray then select Open Console 2 From the Action Menu select Scan Computer 3 Select the scan target Scan my entire computer Scan all drives folders and files Scan a specific drive or folder Type the f...

Страница 69: ...f the scan NOTE This option is available only when a scheduled scan is in progress 4 If needed click Pause Scan to temporarily interrupt the scan or Cancel Scan to end the scan Optional 5 Click View d...

Страница 70: ...cheduling a scan Use this SecurityCenter task to schedule an on demand scan Task For option definitions click in the interface 1 On the Policies page click Add Policy or click Edit to modify an existi...

Страница 71: ...ipt scanning is always enabled for on access and on demand scans Enable script scanning Look for threats in email before it is placed into the user s Inbox Email is always scanned when it is accessed...

Страница 72: ...each type of program you want to detect 6 Click Save For a new policy click Next select additional options for the policy then click Save Approving and unapproving programs in a policy Use this Securi...

Страница 73: ...unwanted programs from the Reports page on the SecurityCenter Before you begin Run an on demand scan Task Select View detailed report in the Scan Completed panel A browser window opens and displays t...

Страница 74: ...item was added to the list of user approved programs and will no longer be detected as spyware Cleaned The item was cleaned successfully and can be used safely A backup copy of the original item was p...

Страница 75: ...heck the status of each item Cleaned The item was cleaned successfully and can be used safely A backup copy of the original item was placed in a quarantine folder in a proprietary binary format Clean...

Страница 76: ...ms buffer overflow processes cookies Task For option definitions click in the interface 1 Click the Reports tab then click Detections 2 In the Detections report view detailed information about detecti...

Страница 77: ...s report Lists programs detected on client computers that are not recognized by spyware protection and firewall protection Allows you to approve programs from within the report Detection History repor...

Страница 78: ...ist the computers where detections occurred the names of detections or the groups containing computers where detections occurred View Display all the computers on your account or only those in a singl...

Страница 79: ...iangle icon next to a name Display computers or detections Under a computer name show which programs were detected Under a program name show the computers where it was detected Click a group name to d...

Страница 80: ...are protection mode to Protect to automatically clean potentially unwanted programs NOTE Protect mode is not the default setting For maximum protection create a policy that includes Protect mode Enabl...

Страница 81: ...ng the features of virus and spyware protection File does not exist This error verifies that the computer is protected from threats When you clicked to open an infected file from Windows Explorer the...

Страница 82: ...ministrator configures firewall settings The McAfee default policy is configured to let client computer users decide which communications and applications firewall protection allows The administrator...

Страница 83: ...ound Events Blocked by Firewall The connection type does not affect the way that firewall protection handles detections of Internet applications running on client computers Custom connections Trusted...

Страница 84: ...pecific IP addresses Configure settings for custom connections on the General tab of the Firewall Protection policy page Once configured custom connection settings are saved until you reconfigure them...

Страница 85: ...be used as a learn mode to discover which applications to allow and block Prompt Users are prompted about detections Detections are reported to the SecurityCenter Administrator can select allowed app...

Страница 86: ...addresses You can specify IP addresses that conform to either of these standards IPv4 Internet Protocol Version 4 The most common Internet addressing scheme Supports 32 bit IP addresses consisting of...

Страница 87: ...ports as needed Standard service ports for typical system services are Firewall configuration Protecting computers from suspicious activity with a firewall involves monitoring network activity to iden...

Страница 88: ...or avoiding risk Configuring firewall features enables you the administrator to control which applications and communications are allowed on your network It provides the means for you to ensure the hi...

Страница 89: ...ings Use this task to configure these settings for firewall protection Who configures the firewall Connection type NOTE To ensure the highest level of security we recommend that administrators configu...

Страница 90: ...s users for a response or simply reports it to the SecurityCenter Specific applications to allow or block Before you begin On the Firewall Protection policy page you must select Administrator configur...

Страница 91: ...es for custom connections Tasks Configuring system services and port assignments Configuring IP addresses Configuring system services and port assignments Use this task to configure system service por...

Страница 92: ...select Custom settings then click edit Perform these steps To do this Allow an existing service by opening its ports 1 Select the checkbox for a service listed in the table 2 Click OK Computers using...

Страница 93: ...ng policy updates Enabling and disabling firewall protection Perform these steps To do this Accept communications from any IP address 1 Select Any computer 2 Click OK Accept communications from IP add...

Страница 94: ...nitions click in the interface 1 On the Policies page click Add Policy or click Edit to modify an existing policy 2 Select Firewall Protection then click the General Settings tab 3 Under Firewall Conf...

Страница 95: ...ns users have approved to run on their computers You can also add the applications to one or more policies so they will not be detected as unrecognized programs on computers using the policies Do this...

Страница 96: ...report each attempt to communicate is called an event Before you begin To view this report the Report blocked events option must be enabled on the Firewall Protection policy tab When this option is e...

Страница 97: ...the triangle icon next to a name Display computers or detections Under a computer name show which applications were detected Under an application name show the computers where it was detected Click a...

Страница 98: ...g on client computers If you know some of the applications are safe and do not want them to be detected as threats add them to policies 5 If you want to monitor the inbound communications that firewal...

Страница 99: ...ection to Protect mode to automatically block suspicious activity 8 If your account includes computers that are operated in multiple environments such as in the office and in unsecured public networks...

Страница 100: ...ver it does not report them because event logging is disabled in the Windows firewall by default If both firewalls are enabled you must enable Windows firewall logging to be able to view a list of all...

Страница 101: ...eports provide details Information that browser protection sends to McAfee Installing browser protection during policy updates Web filtering features Enabling and disabling browser protection via poli...

Страница 102: ...ing policy options also allow you to disable browser protection at the policy level or from an individual client computer Web filtering features are described in more detail later in this section How...

Страница 103: ...by a broken Internet connection or a problem with the SiteAdvisor server where ratings information is stored Testing communication problems Use this task from a client computer to determine why browse...

Страница 104: ...eAdvisor menu Client settings that affect the SiteAdvisor menu button When browser protection is disabled the menu button is gray When visiting a site on your network s intranet the menu button is gra...

Страница 105: ...registered outside of your country of residence Country The level of how popular the website is Don t assume however that popularity always goes hand in hand with safety For example some very popular...

Страница 106: ...find annoying such as excessive popups requests to change a user s home page or requests to add a site to the browser s Annoyances favorites list We also list 3rd party cookies sometimes known as tra...

Страница 107: ...nt computer Language and country locale selected for the operating system and browser running on the client computer Host name and part of the URL for each website the client computer requests to acce...

Страница 108: ...eled Browser Protection Web Filtering The additional policy options enable you to configure these features Regulate user access to websites based on their safety rating for example block access to red...

Страница 109: ...enabled at the policy level This feature is available only in versions of the browser protection service that include the web filtering module Task For option definitions click in the interface 1 On t...

Страница 110: ...he site is blocked A policy option allows you to customize the message that is displayed When you configure a warning action for a site users are redirected to a message explaining that there might be...

Страница 111: ...downloading files that contain threats or to warn users about potential threats from downloads A site with an overall safety rating of green can contain individual download files rated yellow or red...

Страница 112: ...n click the General Settings tab 3 Under Access to Phishing Pages select Block phishing pages 4 Click Save For a new policy click Next select additional options for the policy then click Save Block an...

Страница 113: ...o modify an existing policy 2 Select Browser Protection Web Filtering then click the Content Rules tab 3 Select one or more filtering options to customize the content categories listed Optional Functi...

Страница 114: ...ath Site patterns must be at last six characters in length and they do not accept wildcard characters The browser protection service does not check for matches in the middle or end of URLs Site patter...

Страница 115: ...allowed to access Prohibit Add the site to the Exceptions list as a prohibited site which users are not allowed to access Cancel Close the text box without adding the site to the list 5 Repeat step 4...

Страница 116: ...ccess Task 1 Click the Reports tab then click Web Filtering 2 In the Web Filtering report view the number of green sites visited by client computers on the network No detailed information is available...

Страница 117: ...n all computers 2 Check the Web Filtering report regularly to see what sites users are visiting their safety ratings and their content categories 3 Using the Web Filtering report Determine whether use...

Страница 118: ...rated for security For example if a client computer visited 10 different pages on this website over the course of a single browser session www mcafee com only a single visit would be logged to this do...

Страница 119: ...e audits to locate and resolve security risks in your network devices and to confirm compliance with certification standards A security plan that includes regular and comprehensive device audits Prote...

Страница 120: ...d PCI DSS by providing the tools needed to complete the PCI certification process remain in compliance and create quarterly validation reports McAfee SECURE Trustmark certification program Adds the Mc...

Страница 121: ...rd page of the SecurityCenter The widget contains a link Click here to configure to the SaaS vulnerability scanning portal The portal provides tools for adding the IP addresses to scan performing scan...

Страница 122: ...ess This is the high level process for configuring vulnerability scans for your network 1 Log on to the SaaS vulnerability scanning portal 2 Specify what to scan by one of these methods If you know wh...

Страница 123: ...Add devices to scan and configure scanning options For Service Level select Devices McAfee SECURE The Scan Frequency defaults to Daily per the requirements for certification You can schedule additiona...

Страница 124: ...tions do not include application servers the web server itself is configured to act in an application server capacity Domain name servers DNS These resolve Internet addresses by translating domain nam...

Страница 125: ...hich IP addresses within a network a specified range of IP addresses are active Security level Description 5 Urgent Provide intruders with remote root or remote administrator capabilities By exploitin...

Страница 126: ...rity Dashboard page 3 Under Discovery select DNS 4 On the DNS Discovery page select an action Discovering IP addresses in a network The network discovery tool identifies which IP addresses within a ne...

Страница 127: ...credit card issuers by meeting the vulnerability scanning requirements of the Payment Card Industry PCI data security standard Select this option if you are scanning devices involved with processing c...

Страница 128: ...feesecure com help ScanIps sa accessible from the SaaS vulnerability scanning portal Sign up for the RSS feed at http www mcafeesecure com help ScanIps rss 2 Follow the instructions provided in the do...

Страница 129: ...e group you want to reconfigure click the Configure Group icon on the right side of the group table 5 Under Devices In Group Select a device from the Not In Group list then click Add to add the device...

Страница 130: ...next 24 hours for an IP address domain or network Task 1 Open the SaaS vulnerability scanning portal click the link in the SaaS Vulnerability Scanning PCI Certification widget on the Dashboard page of...

Страница 131: ...ts select Devices 4 Select a device using one of these methods On the Devices page click the device name On the Device Groups page click the name of the group containing the device then on the Devices...

Страница 132: ...curity Dashboard page This type of report Shows Audit Report Results for audit scans run on IP addresses To view Under Audits select Reports select the type of report and the devices to include then c...

Страница 133: ...Devices Not Currently Auditing 6 On the Add Devices page select options adding the devices for scanning Viewing results for network discovery scans Use this task to view the discovery status for netwo...

Страница 134: ...ount and their scan status 4 Select an option Select this option To view these results By Network A listing of all networks in your account Select a network to display details about it By Port A listi...

Отзывы:

Нет отзывов