McAfee FIREWALL 2.1-GETTING STARTED Manual do Utilizador descarregar pdf (Página 4)

Data Sheet McAfee Firewall Management

See the “Who” On Your Network

McAfee rewalls leverage McAfee

Logon Collector (MLC) simplies

discovery, logon, and authentication

processes across all McAfee rewall

management tools as well as McAfee

Data Loss Prevention. This non-

invasive process maps IP addresses

to users for all types of trafc to

enable user-based policies without

requiring the user to authenticate

to the rewall or use a protocol that

supports authentication

•

Quickly discover who is using

which application and check

authenticationstatus

•

Enforce user-based access control

policies without a separate

authentication step

•

Leverage users and groups in your

Microsoft Active Directory

•

Enforce additional active

authentication for users not logged

in to the domain

•

Authenticate using captive

portal, NTLM, Radius, LDAP, and

ActiveDirectory

Searchltersletyouselectivelyviewtherulesfor

aparticularrewall,rewallgroup,ortheentire

organization,andtheneasilymodifythoserules.

Oncedened,youcandistributerulestohundreds

ofrewalls,sharingthemacrosslogicalenterprise

groups,suchasglobal,group,cluster,orlocal

domains,orcongurationdomains,suchasthose

offeredbymanagedserviceproviders.

Optimized policies deliver better rewall

performance and better security

Overtime,rulesetstendtogrow,overlap,and

becomeineffective,makingiteasiertomake

mistakes.Toreducethenumberofrules,ourtools

automatecleanup.Wizardshelpyouscanfor,

identify,andmergesimilarrules(acommonsetof

parameters)anddeleteduplicateorunusedrules

tokeeprulesetsmanageable.

Forexample,multipleadministratorsmightcreate

separateobjectsthathavedifferentnames,but

performthesamefunction.The“mergeobjects”

commandwilllookforthissituationandcleanit

upwithasinglecommonobject.Fewerrulesto

considerequalsbetterperformance.

Adaptive objects allow rule grouping

andreuse

Administratorsimplementpoliciesbydening

intelligentobjectsonce,andthenreusingthem

wheneverandwherevertheymakesense.With

objectgrouping,youcandomuchmorewitha

singleruleandconsolidaterulesets.

ControlCentersupportsmanytypesof

objects,includingrewallsandrewallgroups,

hosts,networks,addressranges,applications,

endpointgroups,andservices,includinggeo-

locationobjects.

ControlCenteralsogivesyouvisibilityintorule

usage.Youcanidentifythemostusedrules,least

usedrules,andrulesthathavenotbeenmatched

byrewalltrafcinthelast30days.Thisreal-

worlddataletsyou:

•

Movemost-usedrulestothetopoftherulelist

sotrafccanbeprocessedquickly

•

Investigateleast-usedrulestoseeiftheyare

workingasintended

•

Deleteordisableunusedrulesthatmustbe

justiedduringaudits

Youcanevencomparepolicycongurationson

allofyourControlCenter-manageddevicesto

ensureconsistencyacrossyournetwork.Robust

congurationmanagementletsyoucentrallytrack,

trace,andvalidateallpolicychanges.

Manage and monitor rewall software

Forefcientandconsistentupdates,Control

Centercanautomaticallydetectwhennew

releasesandrmwareareavailableontheMcAfee

site.Simplydownloadthelesyouneedandstore

themonControlCenter’sManagementServerfor

manualorautomatedinstallation.Whenyouare

readytoinstall,youcanpushnewreleasestoone

systemortohundredssimultaneously.

ControlCenterdisplaystheinstallationhistory

forallmanagedrewallsalongwiththeprogress

ofthecurrentdeployment.Ifneeded,youcan

restoreatrusteddevicecongurationinseconds

withafewclicksofthemouse.

Complete access control with role-based

administration and conguration domains

Somecongurationchangesareroutine,while

othersarefar-reaching.Role-basedaccessallows

youtoexertcentralized,consistent,policy-based

controloverdistributedteams,determining

whichmanagementfunctionscanbeviewedor

changedbasedoneachperson’sresponsibilities.

Role-basedaccesscanalsoensurethatonly

approveduserscreateorvalidaterules,reducing

theriskofunauthorizedchangesorruleconicts

breakingtherewall.CustomerssubjecttoPCI

DSSoftenemployrole-basedaccesstoenforce

changecontrols.

Youcancreateanynumberofrolestoaddress

eachorganization’sneedsandprivileges,associate

ruleswithroles(tolimitmodications),and

establishpriorityprotectionsforrules.Different

rolescouldbedenedto:

•

ChangeonlyDomainNameSystem(DNS)entries

•

Vieweventorauditlogs

•

Createrulesassociatedwithaspecicnetwork

serviceorprotectedserver

Youmightdictatethatcertainrulesmustalways

beatthetopofthepolicylistandmovedonlyby

certainprivilegedusers.Roles,liketherulesyou

build,linktousersandgroupsinLDAPandActive

Directorysothesystemcanauto-createorauto-

deactivateusersastheyconnecttoControlCenter

forthersttime.

Cost-Effectively Manage Multiple

Entities or Organizations

Control Center helps managed

service providers and organizations

with multi-tenant management or

reporting requirements administer

the rewalls of multiple customers or

separate entities.

•

Create “domains” or “zones” that

act as separate Control Center

instances—administrators only see

the rewall and policies for their

particular customer or entity.

•

Separate congurations for several

enterprises and hide information

about an enterprise from

administrators of other enterprises

•

Keep conguration simple and

save time and effort with common

rule objects; cross-enterprise policy

objects can still be shared or reused

by all domains

•

Role-based access control helps

enforce change control policies

1 2 3 4 5 6 7 8

Comentários a estes Manuais

Sem comentários

McAfee FIREWALL 2.1-GETTING STARTED Manual do Utilizador Página 4

Comentários a estes Manuais

Manuais e produtos relacionados com Firewalls de hardware McAfee FIREWALL 2.1-GETTING STARTED