McAfee PASCDE-AB-IA - Policy Auditor For Servers Скачать руководство пользователя страница 42 | Manualshive

Страница: 42 / 98

background image

When you assign a benchmark to an audit, the benchmark selection process provides a
drop-down list showing all available benchmark labels. This tool allows you to filter benchmarks
based on the label that you want to use for your audit.

Findings

McAfee Policy Auditor provides enhanced results for checks, also known as findings.

Findings results appear in monitors and queries and include additional information about the
state of a system that is helpful to security officers and network administrators when fixing
issues. Findings are included in reports and provide additional information in audit results. For
example, if an audit expects a password with at least 8 characters but finds a password with
only 6 characters, the Findings show the actual and expected results.

Since it is possible to create a check that reports thousands of violations. McAfee Policy Auditor
allows you to set a violation limit that reduces the number of violations that can be displayed to
conserve database resources. Setting the violation limit to 0 causes monitors and queries to
display all violations.

Agentless audits

When you create an audit, McAfee Policy Auditor provides the capability to create audits that
use McAfee Vulnerability Manager (formerly Foundstone

®

) for some or all audits. If McAfee Policy

Auditor is integrated with Foundstone, this is controlled by the Use Foundstone to audit all
systems checkbox on the Properties page of the New Audit Builder. This table shows how
McAfee Policy Auditor uses Foundstone to audit systems.

Definition

Option

Uses Foundstone to conduct agentless audits of all
selected systems.

Select Use Foundstone to audit all systems

Deselect Use Foundstone to audit all systems

•

Uses the McAfee Policy Auditor agent plug-in to
conduct audits of systems with the plug-in.

•

Uses Foundstone to conduct agentless audits of
systems that have been imported correctly into the
System Tree.

Activate benchmarks

You must activate a benchmark in McAfee Benchmark Editor before you can include it in an
audit.

Task

For option definitions, click ? in the interface.

1

Click Menu | Risk & Compliance | Benchmarks.

2

Find the benchmark to use in your audit and check its status. If the status is not active,
select it and click Actions | Activate.

The benchmark is activated and appears in the list of available benchmarks when you create
an audit.

Creating and managing audits
Activate benchmarks

McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6

42

«
...
40
41
42
43
44
...
»

Содержание PASCDE-AB-IA - Policy Auditor For Servers

Страница 1: ...McAfee Policy Auditor 6 0 software Product Guide for ePolicy Orchestrator 4 6...

Страница 2: ...and unregistered trademarks herein are the sole property of their respective owners LICENSE INFORMATION License Agreement NOTICE TO ALL USERS CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPOND...

Страница 3: ...19 Edit permission sets 21 Using the McAfee Policy Auditor agent plug in 22 The agent plug in and how it works 22 Supported platforms 22 How content is managed 24 Install and uninstall the agent plug...

Страница 4: ...Create a Data Collection Scan 35 View McAfee Vulnerability Manager scan status 36 How to handle missing audit results 36 Troubleshoot missing audit results 37 How to handle mismatched McAfee Vulnerabi...

Страница 5: ...mples of filtering waivers by date 54 Filtering waivers by date 55 Filtering waivers by group 55 How waiver requests and grants work 56 Requesting waivers 56 Granting waivers 57 Making waivers expire...

Страница 6: ...Patch Check Result 71 Rollup reports 71 Configure rollup reporting 72 Findings 74 How findings work 74 Types of violations 74 Violation limit 75 Other Findings enhancements 75 Hide or unhide Findings...

Страница 7: ...ment of CVE implementation 88 Statement of CCE implementation 89 Statement of CPE implementation 89 Statement of CVSS implementation 90 Statement of XCCDF implementation 90 Statement of OVAL implement...

Страница 8: ...arty software This document introduces these concepts successively builds your understanding and provides details about the use of each functional component In addition it helps you understand how the...

Страница 9: ...ides the information you need during each phase of product implementation from installing to using and troubleshooting After a product is released information about the product is entered into the McA...

Страница 10: ...onstrate compliance to auditors by producing an audit trail showing compliance compliance history and actions taken to mitigate risks Organizations that are out of compliance might be subject to fines...

Страница 11: ...are Ability to drag and drop groups Ability to drag and drop rules between groups Ability to delete groups Enhanced display of expired results Provides detailed information about expired results to he...

Страница 12: ...at least one benchmark Ideally audits should contain only one benchmark Benchmark Editor Content Distributor Distributes content downloaded from McAfee Labs to systems Findings Manages findings which...

Страница 13: ...tion ePolicy Orchestrator feature To assign policies like file integrity monitor to managed systems Menu Systems System Tree Assigned Policies Assign Policies Menu Systems System Tree Client Tasks Cli...

Страница 14: ...ta into McAfee Policy Auditor To manage Exemption Expiration To process audit results To create tags that can be used to help organize your systems Menu Systems Tag Catalog Tag Catalog To create or ed...

Страница 15: ...memory and processor use Auditing unmanaged systems Unmanaged systems can be audited by registering a McAfee Vulnerability Manager 6 8 or McAfee Vulnerability Manager 7 0 server with McAfee Policy Au...

Страница 16: ...audit lowers the cost of maintaining audit data Enable findings data purging Allow McAfee Policy Auditor to purge audit results data older than a specified date This setting is enabled by default Pur...

Страница 17: ...off Enables database maintenance features including the rebuilding of indexes Database Maintenance allow online rebuild of indexes Specifies the amount of fragmentation that triggers index rebuilding...

Страница 18: ...le aggregation The number of benchmark results purged when purging audit results Number of benchmark results to purge per batch The number of processing threads allotted to audit results The default n...

Страница 19: ...her in the McAfee ePolicy Orchestrator 4 6 Software Product Guide Default permission sets McAfee Policy Auditor includes seven default permission sets that provide permissions for McAfee Policy Audito...

Страница 20: ...or PA Benchmark Editor Edit benchmark tailoring Create delete and apply labels Create delete and import checks Create delete modify and import benchmarks McAfee Benchmark Editor PA Viewer View and exp...

Страница 21: ...hestrator user interface click Menu User Management Permission Sets then select the permission set 2 Click Edit next to the McAfee Policy Auditor permission group The Edit Permission Set page appears...

Страница 22: ...out periods that you set Audit whiteout periods are times when an audit can run on a system or group of systems Audit blackout periods are times when an audit can t run The agent plug in determines th...

Страница 23: ...aris 8 SPARC Solaris 9 SPARC Solaris 10 32 bit agent on 64 bit hardware X X SuSE Linux 9 32 bit agent on 64 bit hardware X X SuSE Linux Enterprise Server 10 32 bit agent on 64 bit hardware X X SuSE Li...

Страница 24: ...ems under McAfee Policy Auditor must have the McAfee Agent and the McAfee Policy Auditor agent plug in For information on installing and working with the McAfee Agent see the ePolicy Orchestrator docu...

Страница 25: ...to the list of client tasks for the selected group and any group that inherits the task 7 To run the client task immediately send a manual wake up call to the systems Uninstall the agent plug in Unins...

Страница 26: ...perties that have changed since the last agent server communication 7 Click OK to send the wake up call 8 Verify that the agent plug in and ePolicy Orchestrator server are communicating go to Reportin...

Страница 27: ...ion How to handle missing audit results How to handle mismatched McAfee Vulnerability Manager certificates How McAfee Policy Auditor integrates with the McAfee Vulnerability Manager extension McAfee P...

Страница 28: ...and automatic importing of systems into the System Tree When McAfee Vulnerability Manager discovers new systems during a McAfee Vulnerability Manager Asset Discovery Scan it designates them as rogue s...

Страница 29: ...sk McAfee Vulnerability Manager uses the MVM Data Import server task to populate the ePolicy Orchestrator server database with system data from the McAfee Vulnerability Manager database The server tas...

Страница 30: ...up you must Install and set up McAfee Vulnerability Manager Create an organization Specify an administrator for the organization Task For option definitions click in the interface 1 From McAfee Vulner...

Страница 31: ...lity Manager Discovery Scan are matched to ePolicy Orchestrator server managed assets You can also set up a data source from the McAfee Vulnerability Manager interface See the McAfee Vulnerability Man...

Страница 32: ...d with the default settings Select Instance name if the Microsoft SQL 2005 name was changed and type the instance name Select Port number if you are required to specify a port number for the IP addres...

Страница 33: ...y Manager documentation for details on Asset Discovery scan settings Task For option definitions click in the interface 1 In the ePolicy Orchestrator user interface click Menu Risk Compliance Audits t...

Страница 34: ...fore you begin this task Task For option definitions click in the interface 1 In the ePolicy Orchestrator user interface click Menu Automation Server Tasks then click New Task 2 Type a Name and option...

Страница 35: ...selected systems to the selected group 7 Repeat steps 2 6 to add other systems to System Tree groups Create a Data Collection Scan Create a McAfee Policy Auditor Data Collection Scan to conduct audit...

Страница 36: ...lts should be no older than nnn time unit where nnn is a number and time unit is days weeks and months For example if the frequency for an audit is defined as one month and a managed system has not be...

Страница 37: ...time to complete How to handle mismatched McAfee Vulnerability Manager certificates Certificates are sets of electronic files created by a trusted Certificate Authority They contain encrypted informa...

Страница 38: ...ick Tasks then select Install Customer Specific Certificate 3 Click Initiate Task McAfee Vulnerability Manager Configuration Manager distributes the customer specific certificate to McAfee Policy Audi...

Страница 39: ...they work McAfee Policy Auditor evaluates systems against independent standards that are developed by government and private industry It can also evaluate systems against standards that you create The...

Страница 40: ...results in reports and queries Results are shown after the audit runs When audits are run McAfee Policy Auditor provides three ways to run an audit The software runs audits under these situations You...

Страница 41: ...tem characteristics McAfee Policy Auditor allows you to exclude one or more managed systems based on system name IP address MAC address or user name Including systems in an audit McAfee Policy Auditor...

Страница 42: ...e Policy Auditor provides the capability to create audits that use McAfee Vulnerability Manager formerly Foundstone for some or all audits If McAfee Policy Auditor is integrated with Foundstone this i...

Страница 43: ...elect the profile from the Selected Profile drop down list then click Next NOTE Some benchmarks don t have profiles 5 Choose a method for adding systems to the audit Select System Tree and Tags and cl...

Страница 44: ...Audit blackout periods are time intervals when an audit can not be run Audits are not scheduled For example consider a benchmark that was last evaluated at 5 14 p m on Sunday May 6th The frequency req...

Страница 45: ...ign severity levels such as Critical or Moderate to patch checks When you create a Service Level Agreement you can specify that Finance systems missing a Critical patch are given 30 days until you are...

Страница 46: ...number of benchmarks for which all systems failed the audit pass expired The results have expired but the last audit results evaluated to pass fail expired The results have expired but the last audit...

Страница 47: ...it results can be exported in two different formats XCCDF and OVAL In each case the information is saved as a ZIP file Common uses for exporting audits is for transfer to another ePolicy Orchestrator...

Страница 48: ...pears Click Save The Save As dialog box appears 4 Give the export ZIP file an appropriate name and click Save Creating and managing audits Export audits McAfee Policy Auditor 6 0 software Product Guid...

Страница 49: ...ult scoring model The default scoring model computes the score independently for each collection of subgroups and rules in each group and again for each rule and group within the audit s benchmark s D...

Страница 50: ...lize audit scores audit score rules passed maximum possible score 100 This table shows how scores for different audits can be compared using a normalized implementation of the flat unweighted score mo...

Страница 51: ...coring model makes it easy to differentiate between systems that pass or fail an audit Changing the scoring model You can change the scoring model that McAfee Policy Auditor uses when reporting audit...

Страница 52: ...fee Policy Auditor provides three types of audit waivers that apply to selected systems Each type of waiver affects scoring results differently Exception waiver Forces the audit results of a selected...

Страница 53: ...ey do not audit the selected systems when the waiver is in effect They do not include selected systems in the audit results For example McAfee Policy Auditor audits a system with a benchmark that cont...

Страница 54: ...Click Menu Risk Compliance Waivers 2 Select a group from the System Tree containing waivers of different status 3 Use the Status drop down list to select a status The software filters waivers based u...

Страница 55: ...to the As of date select October 1 2012 The Waivers tab shows Waiver A has a status of Upcoming Waiver B has a status of Upcoming Filtering waivers by date McAfee Policy Auditor allows you to filter w...

Страница 56: ...reate and grant the waiver in a single step Requested waivers appear in the Issues Catalog Before you begin You must have permissions to request waivers Task For option definitions click in the interf...

Страница 57: ...initions click in the interface 1 Click Menu Automation Issues 2 Select a requested waiver and click Edit The Edit Issue page will appear 3 Click Grant Waiver The waiver is now approved to take effect...

Страница 58: ...ick Menu Risk Compliance Waivers The Waivers tab appears 2 Select a waiver with a status of Upcoming and click View 3 Click Delete Waiver The deleted waiver no longer appears on the Waivers tab Managi...

Страница 59: ...r The event is encrypted and compressed to save disk space and bandwidth To learn more about supported systems see Managed Systems in the Using the McAfee Policy Auditor agent plug in section Platform...

Страница 60: ...Orchestrator software software McAfee Policy Auditor software monitors the MD5 and SHA 1 hashes of a file as well as the file attributes and permissions information These values are stored in a databa...

Страница 61: ...6 This number includes the baseline version File versions are stored on a First In First Out FIFO basis For example if you configure the software to store 3 versions it stores the baseline version plu...

Страница 62: ...ets it as the new baseline version and purges previous versions of the file You can also accept events from the file integrity monitoring query reports drilldown pages Purge file integrity monitoring...

Страница 63: ...a new file integrity monitoring baseline Create a file integrity monitoring policy Create a policy to monitor file integrity file entitlement and version changes Before you begin You must install the...

Страница 64: ...s whether a file has changed or whether the file s entitlements have changed File Entitlement File Integrity File Versioning Monitors whether a file has changed whether the file s entitlements have ch...

Страница 65: ...ent page appears 6 Select Break inheritance and assign the policy and settings below 7 In the Assigned policy drop down list select a file integrity monitoring policy Click Edit Policy to make changes...

Страница 66: ...hide the file attributes Show Hide Attributes Sets the number of lines to show surrounding lines from the empty deleted inserted or modified lines in File 2 Context Size Accept file integrity monitor...

Страница 67: ...onitoring Each report provides information on events and allows you to drill down to see detailed information The query reports also allow you to accept or purge events and to compare file versions if...

Страница 68: ...r rollup reporting configuration before implementing the feature Here are some issues to consider The volume of audit results can be substantial Care should be given to only roll up essential data Thi...

Страница 69: ...ssociated database tables Actions Data rolled up Audit Benchmark Result Score Rollup Purge No purging Purge all Purge rolled up items older than a specified period of time Filter Score Scoring system...

Страница 70: ...arent group Group path Rule name Rule result Waiver type Rollup method Incremental Full Benchmark Text Rollup Purge No purging Purge all Filter none available Rollup method Incremental Full Group Text...

Страница 71: ...Purge No purging Purge all Filter none available Rollup method Incremental Full Audit Check Text Rollup Purge No purging Purge all Filter none available Rollup method Incremental Full Group Tree Roll...

Страница 72: ...status Counts reflect the number of patches in the status PA Rollup Patch Compliance Overview Displays the rollup count of patches grouped by compliance status PA Rollup Patch Status by Benchmark Ser...

Страница 73: ...enchmark Results Rollup Data PA Audit Rule Result Rollup Data PA Audit Patch Check Result 3 Configure and enable the Roll Up Data Local ePO Server server task on the reporting server Rollup reporting...

Страница 74: ...ons Waive or hide selected Findings Ignore Findings results Findings can include three types of information Violations Reporting violations provide additional information in audit results For example...

Страница 75: ...sk space McAfee Policy Auditor provides a violation limit that allows to cap the number of violations shown The violation limit sets the maximum number of violations that are created for a specific ch...

Страница 76: ...show To do this Use this Hide Findings in reports for the check in this audit Actions Hide Findings Show Findings in reports for the check in this audit Actions Unhide Findings Findings Hide or unhid...

Страница 77: ...itor deletes audit results based on the policy audit retention settings This means that audit results are not deleted when a system is removed from the ePolicy Orchestrator system tree Because of this...

Страница 78: ...iolations Displays finding identifier system and finding messages for all findings violations FND Grouped Summary of Finding Status for Systems Displays a grouped summary of a system showing the count...

Страница 79: ...is run PA MS SLA Non Compliant Systems Grouped By Patch and Tag Displays the non compliant systems grouped by patch and tag PA MS SLA Non Compliant Systems Grouped By Tag and Patch Displays the non co...

Страница 80: ...d The MS Patch Status Summary dashboard is a set of monitors providing a high level overview or Microsoft patches with links and drill down access to detailed information PA MS Patch Status Summary da...

Страница 81: ...n PA Compliance Summary dashboard Some reports are grouped by PCI aggregation names These are the PCI aggregation names Requirement 1 Install and maintain a firewall configuration PCI Failed Systems G...

Страница 82: ...assified by type of waiver PCI Req 10 3 10 5 11 5 File Integrity Monitoring Displays a list of waivers currently in effect grouped by first level System Tree group and classified by type of waiver PCI...

Страница 83: ...ool Display help Run an audit Run a benchmark Run a check Save debug information Execute the agent plug in debug tool Run the debug tool from a command prompt on Windows systems or a command line inte...

Страница 84: ...Run a audit on a system and save the results to a file Task 1 Execute the agent plug in debug tool 2 Save the debug information to a file Definition Interface Graphical 1 Click Audits A list of availa...

Страница 85: ...r ID appears 3 Enter bmRun ID where ID is the audit ID The audit results are saved to the results file specified in step 1 Run a check Run a check on a system and save the results to a file Task 1 Exe...

Страница 86: ...P file on the system Task 1 Execute the agent plug in debug tool and perform an action such as run an audit 2 Save the debug information to a file Definition Interface Graphical 1 Click Save Debug inf...

Страница 87: ...tatement of CVE implementation Statement of CCE implementation Statement of CPE implementation Statement of CVSS implementation Statement of XCCDF implementation Statement of OVAL implementation State...

Страница 88: ...lows regulatory authorities and security administrators to construct definitive security guidance and to compare results reliably and repeatedly McAfee Policy Auditor is designed exclusively around SC...

Страница 89: ...gs McAfee Policy Auditor version 6 0 incorporates and supports version 5 0 of the Common Configuration Enumeration CCE standard Previous versions of McAfee Policy Auditor have been certified by Mitre...

Страница 90: ...form standard for the expression of benchmarks and other configuration guidance to encourage good security practices McAfee Policy Auditor uses benchmarks from McAfee or third party sources to constru...

Страница 91: ...The user specifies how long audit data is to be retained so that they or auditors can review any changes in the state of a system over time McAfee Policy Auditor version 6 0 provides fully integrated...

Страница 92: ...encrypt or decrypt sensitive data The ePolicy Orchestrator software repository list SiteList xml file contains the names of all the repositories you are managing The repository list includes the locat...

Страница 93: ...immediately after gaining access McAfee Host Intrusion Prevention System can also take immediate action as preset by the network administrator Timestamp ePolicy Orchestrator software uses either a dat...

Страница 94: ...1 benchmarks activate for use in Policy Auditor 42 defining frequency 43 select benchmarks for an audit 43 used in audits 39 using Foundstone to audit systems 43 using Vulnerability Manager to audit s...

Страница 95: ...ctivate benchmarks 42 agent plug in concept 22 components installed 12 Data Collection Scan 28 import Asset Discovery Scan results 28 using ePolicy Orchestrator features 13 Vulnerability Manager ePO E...

Страница 96: ...ute scoring model 51 scoring audits Policy Auditor continued changing the scoring model 51 default scoring model 49 flat scoring model 50 flat unweighted scoring model 50 server settings Policy Audito...

Страница 97: ...questing 56 start date 54 status 54 waivers Policy Auditor continued suppression waivers 52 suppression waivers effects on audits and scoring 53 wake up calls deploying Policy Auditor agent plug in 24...

Страница 98: ...McAfee Policy Auditor 6 0 software Product Guide for ePolicy Orchestrator 4 6 98 Index...

Отзывы:

Нет отзывов

Похожие инструкции для PASCDE-AB-IA - Policy Auditor For Servers

Бренд: NEC Страницы: 81

ABBEY ROAD THE KING'S MICROPHONES

Бренд: Waves Страницы: 16

Afro-Cuban Percussion

Бренд: M-Audio Страницы: 5

BACKUP AND RECOVERY 10 ADVANCED SERVER VIRTUAL EDITION - COMMAND LINE REFERENCE UPDATE 3

Бренд: ACRONIS Страницы: 54

Smart Wireless Navigator

Бренд: Emerson Страницы: 22

Бренд: Emerson Страницы: 130

G2 PORTABLE HX-MU025DC

Бренд: Samsung Страницы: 1

Бренд: Samsung Страницы: 14

Бренд: Samsung Страницы: 1

Бренд: Samsung Страницы: 2

Бренд: Samsung Страницы: 6

Бренд: Samsung Страницы: 59

SUPERSTACK II HUB 10 24-PORT TP

Бренд: 3Com Страницы: 8

Бренд: 3Com Страницы: 8

Бренд: Ulead Страницы: 168

Earthmate GPS BT-20

Бренд: DeLorme Страницы: 9

Application Server

Бренд: Red Hat Страницы: 296

IRISPowerscan 9.5

Бренд: I.R.I.S. Страницы: 182

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды