Curso McAfee HIPs

  • Hackers | Kali | Pentest | Cyber

Curso McAfee HIPs

32h
Visão Geral

Este curso fornece um conhecimento profundo sobre a implementação e gestão de uma solução de Prevenção de Intrusão Host, utilizando o software McAfee ePolicy Orchestrator.

Através de uma mistura de laboratórios práticos e palestras interactivas, aprenderá como esta solução utiliza uma série de regras de protecção, marcação e reacção de dispositivos para salvaguardar informação sensível e melhorar a segurança geral dos dados.

Objetivo

Carga Horária: 32h

  • Se noturno este curso é ministrado de Segunda-feira à sexta-feira, das 19h às 23h
  • Se aos sábados este curso é ministrado das 9h às 18h
  • Se in-company por favor fazer contato para mais detalhes.

Formato de entrega:

  • 100% on-line ao vivo, via Microsoft Teams na presença de um instrutor/consultor ativo no mercado.
  • Nota: não é curso gravado.

Lab:

  • Laboratório + Exercícios práticos  
Publico Alvo
  • Administradores de sistema e de rede
  • Pessoal de Segurança
  • Auditores, e/ou Consultores preocupados com a Segurança de Redes e Sistemas
Pre-Requisitos
  • Recomenda-se que os estudantes tenham um conhecimento prático da administração do Microsoft Windows, conceitos de administração de sistemas, uma compreensão básica dos conceitos de segurança informática, e uma compreensão geral dos serviços da Internet.
Informações Gerais

Após concluir o curso McAfee HIPs, você será capaz de:

  • Compreender os benefícios e capacidades de uma solução McAfee Host Intrusion Prevention.
  • Planear e implementar a Prevenção de Intrusão de Hospedeiros.
  • Utilizar regras, políticas, e assinaturas.
  • Fornecer proteção de dia zero para vulnerabilidades do sistema operativo e da aplicação.
  • Reduzir a sobrecarga da gestão de patches.
  • Instalar, configurar, e gerir a solução, utilizando a consola de gestão do McAfee ePolicy Orchestrator.



Materiais
Português | Inglês
Conteúdo Programatico

Introduction to McAfee Host Intrusion Prevention

  1. Protection Levels
  2. New Features
  3. Host Intrusion Prevention
  4. Vulnerabilities, Exploits, Buffer Overflows, Attacks, Threats

Security Connected and ePolicy Orchestrator Overview

  1. The manifestation of Security Connected

Managing Dashboards and Monitors

  1. Concurrent Users (Console Connections)
  2. Resizing, Moving, and Removing Monitors
  3. Changing the Default Session Timeout
  4. Adding Monitors to a Dashboard
  5. Editing the Automatic Refresh Interval
  6. Dashboard Permissions Guidelines
  7. Types of Dashboards
  8. Duplicating and Adding Dashboards
  9. Assigning Default Dashboards
  10. Results of Load
  11. Accessing the Dashboards Page
  12. Deleting a Dashboard
  13. Configuring Dashboard Monitors

McAfee Agent

  1. Forcing McAfee Agent Activity from ClientAgent Files and Directories
  2. HIPS Server Planning and Installation
    1. Checking in the Host IPS Client
    2. Adding Software to the Master Repository
    3. Upgrading and Migrating Policies
    4. HIPS Installation on the ePO Server
    5. Installing Host IPS Extensions on the ePO Server
    6. Package into the Master Repository

    Windows Host IPS Client

    1. Allowing the Disable of Features
    2. Installing the Client Remotely using ePO and Directly on the Client Computer
    3. Responding to Spoof Detected Alerts
    4. Client Services and Client-side Component Relationship
    5. Downgrading and Removing the Client
    6. Verifying the Client is Runnin
    7. Registry Implementation
    8. Verifying Host IPS Events are Triggered Correctly
    9. Direct Client-Side Management
    10. Host IPS installation requirements
    11. Investigating Performance Issues
    12. Unlocking the Windows Client Interface
    13. Post-Installation Client Changes
    14. Managing IPS Protection, Rules, Host Firewall Policy Options, and Blocked Hosts List
    15. Client Logging and Troubleshooting
    16. Enabling Timed Group

    Host IPS General Policies

    1. Working with Multiple Instance Policies
    2. General Policies Overview
    3. Enabling Advanced Functionality and Client Control
    4. Trusted Networks Policy and Trusted Application
    5. Creating and Editing Executables
    6. Marking Applications as Trusted
    7. Configuring the Client User Interface Policy
    8. Configuring Display Options

    Intrusion Prevention Policies

    1. IPS Options, Protection, Rules
    2. Using Preconfigured Policies
    3. Setting Protective Reaction for Signature Severity Levels
    4. Configuring IPS Options
    5. Intrusion Prevention Overview
    6. Creating and Editing Policies
    7. Benefits of Host Intrusion Prevention
    8. Moving from Basic to Advanced Protection

    IPS Rules Policies

    1. Multiple Instance Policies and the Effective Policy
    2. Working with IPS Rules Policies and Signatures
    3. IPS Protection with IPS Rules Policies
    4. Host and Network IPS Signature Rules
    5. Signatures and Severity Levels
    6. Host Intrusion Prevention Clients
    7. Overview of the IPS Rules
    8. Signature and Behavioral Rules
    9. Multiple Instance Policies
    10. Effective Policy for IPS Signatures
    11. VirusScan Access Protection and IPS Rules

    IPS Rules Policies – Application Protection

    1. Application Blocking and Hooking
    2. Create, Editing or Viewing Executable Details
    3. Blocking and Allowing Application Hooking
    4. Process Hooking
    5. Prevent an Executable from Running (Black List)
    6. Customizing and Managing Rules

    Configuring IPS Exceptions

    1. Adjusting Signature Severity Levels
    2. Exception Rules
    3. Configuring IPS Rules Exceptions
    4. Tuning Methods
    5. Creating Trusted Applications
    6. Creating Exceptions for Network IPS Rules
    7. Applying OS Patches

    Working with IPS Events

    1. IPS Signature Events
    2. Creating Event-based Exceptions
    3. Viewing Systems on which Selected Events Occur
    4. Viewing Common Vulnerabilities and Exposures (CVE) Information
    5. General Methodology for Reviewing Updates, Patch Systems and Applications
    6. Viewing Host IPS Events
    7. Creating an Exception Based on a Selected Event
    8. List of the HIPS Events Supported by ePO
    9. Events and Event Logging

    Creating IPS Client Rules

    1. Adaptive Mode Sequence
    2. Using the Property Translator Server Task
    3. Retaining Existing Client Rules
    4. IPS Client Rules Overview
    5. Create Exceptions Using IPS Client Rules
    6. Adaptive Mode
    7. Refining Policies Based on Use
    8. Learning Mode
    9. Managing IPS Client Rules
    10. Reviewing Detail for IPS Client Rules
    11. Placing Clients in Adaptive or Learn Mode

    Custom Signatures

    1. Creating a Custom Signature
    2. Creating Windows/Unix Files and Directories
    3. Creating Signatures-Windows Registry
    4. Adding and Editing Sub-rules
    5. Using the Signature Creation Wizard
    6. Methods for Creating Custom Signatures
    7. Using the Linux or Solaris Option to Create Signatures
    8. Editing the Severity Level, Client Exception Permission, and Log Status of a Signature
    9. Troubleshooting Custom Signatures
    10. File Rule Types and Examples
    11. Custom Signatures Components
    12. Custom Signatures Overview
    13. Viewing General Information about Signature

    Automatic Responses and Threat Notification

    1. Determining Events Forwarding
    2. Creating Issues Executing Scheduled Tasks, and Running External Commands.
    3. Throttling and Aggregation
    4. Automatic Response Process
    5. Event Types, Formats, and Life Cycle
    6. Creating, Editing, Viewing, and Deleting Automatic Responses for Specific Event Types
    7. Creating and Editing Automatic Responses
    8. Creating Contacts
    9. Setting Filters, Aggregating Events, and Configuring Rule Actions
    10. Automatic Responses Permission Set
    11. Threat Notification and Tracing
    12. Variables Used in Notifications
    13. Default Automatic Response Rule

    Firewall Policies

    1. Host IPS Firewall Overview
    2. Working with Firewall Options Policies
    3. Understanding the State Table
    4. Firewall DNS Blocking
    5. trusted source/Global Threat Intelligence
    6. Firewall Protocol Support
    7. Allowing Unsupported Protocols and Bridged Traffic
    8. How Firewall Rules Work
    9. Stateful Filtering and Protocol Tracking
    10. Startup Protection and Protection Options

    Firewall Rules Policies

    1. Responding To Firewall Alerts
    2. Basic Design Philosophies
    3. Firewall Design Considerations
    4. Using the Firewall Rule Builder
    5. Typical Corporate Environment Policy
    6. Stateful Filtering in Adaptive or Learn Mode
    7. Creating Firewall Rule Groups
    8. Firewall Planning
    9. Adding Rules from the Catalog
    10. Firewall Theory
    11. Creating New Firewall Rule
    12. Configuring Firewall Policies
    13. Using the Host IPS Catalog
    14. Managing Firewall Client Rules
    15. Adaptive Mode versus Learn Mode
    16. Firewall Rules Console
    17. Firewall Groups

    Firewall Rule Groups

    1. Connection-aware Firewall Groups
    2. Matching for Location-Aware Groups
    3. Timed Groups in Firewall Policy
    4. Location-enabled Firewall Groups
    5. Host IPS Firewall Groups

    Host Intrusion Prevention Maintenance

    1. Creating Custom Host IPS Queries
    2. Running Predefined Host IPS Queries
    3. Client-side Policy Reporting
    4. McAfee Agent Update Task
    5. Dashboards and Queries
    6. Generating Host IPS Reports/Queries
    7. Clearing Events
    8. Server Tasks in ePO
    9. Manual Content Updating
    10. Creating an ePO Server Pull Task
    11. Vulnerability Shielding Updates
    12. Testing McAfee Host Intrusion Prevention Client
    13. McAfee Internet Sites

    Host IPS Implementation and Best Practices

    1. Run Queries
    2. Best Practices with Adaptive Mode
    3. Potential Pitfalls in IPS Deployments
    4. Using ePolicy Orchestrator
    5. Lab or Real World?
    6. Notify End Users and Plan Escape Hatches
    7. Step 7: Maintenance and Expansion Beyond IPS
    8. Step 2: Prepare the Pilot Environment
    9. Step 6: Enhanced Protection and Advanced Tuning
    10. Pre-Installation Considerations and Deployment Planning
    11. Step 4: Initial Tuning
    12. Multiple Policy Instances
    13. Enlist the Help Desk Team
    14. Timing and Expectations
    15. Adaptive Mode: Refine Policies Based on Use
    16. Follow these Processes
    17. Step 5: Optional Adaptive Mode
    18. Adaptive Mode Limitations
    19. Create Trusted Applications
    20. Server Maintenance
    21. Confirm Your Rollout Strategy
    22. Install Host IPS to Pilot Hosts
    23. Step 1: Strategy and Planning
    24. Out-of-the-Box” Protection
    25. Check Pilot Systems for Proper Operation
    26. Managing Protection
    27. Understanding Adaptive Mode
    28. More Tuning
    29. Domain Controllers and Host IPS
    30. Create Exceptions
    31. Step 3: Installation and Initial Configuration
    32. Heightened Protection and Advanced Tuning
    33. Fine-Tuning Policies
    34. Security Tightening
    35. Host IPS Configuration and Initial Tuning

    ClientControl Utility

    1. Argument – /help
    2. Argument- /exportConfig
    3. Argument – /export
    4. Argument – /execInfo
    5. Argument – /defConfig
    6. Argument – /log
    7. ClientControl Logging
    8. Stopping Host IPS Services
    9. Major Arguments
    10. Argument – /fwPassthru
    11. Argument – /engine
    12. Argument – /readNaiLic
    13. Deploying Host IPS with 3rd Party Product
    14. Command Line Syntax
    15. Argument – /start and /stop
    16. Argument – /startupIPSProtection
    17. fwinfo Utility

    Linux Client

    1. Troubleshooting the Linux Client
    2. Verifying Linux Installation Files
    3. Removing the Linux Client
    4. Stopping and Restarting the Linux Client
    5. HIPTS – Troubleshooting Tool
    6. Linux Client Installation Requirements
    7. Notes about the Linux Client
    8. Policy Enforcement with the Linux Client

     Solaris Client

    1. Troubleshooting the Solaris Client
    2. Solaris Zone Support
    3. Removing the Solaris Client
    4. Verifying Solaris Installation Files
    5. Solaris Client Installation Requirements
    6. Policy Enforcement with the Solaris Client
    7. Installing the Solaris Client
    8. Stopping and Restarting the Solaris Client

     Troubleshooting Host IPS Forums and Security Advisories

    1. Installation Issues
    2. Troubleshooting Host IPS
    3. Client Issues
    4. MERTool
    5. KnowledgeBase Articles for Host IPS
    6. Host IPS Engines
    7. Identify the Versions
    8. Applying Service Packs
    9. Verifying Policies – FireCore Policy
    10. Verifying Policies – Static Configuration
    11. McAfee Agent Logs
    12. Troubleshooting the Host IPS Firewall
    13. Policy Update Issues
    14. Escalation Process
    15. Activity Log
    16. Troubleshooting Firewall Issues
    17. Verifying Policies – Dynamic Policy
    18. fwinfo.exe
    19. Policy, Event, and Client Rule Issues
    TENHO INTERESSE

    Ficha do Curso

    • Investimento
      R$ consulte-nos
    • Formato de Entrega
      Presencial & Online Ao Vivo
    • Nível
      Foundation

    Calendário

    ÍNICIO
    TÉRMINO
    PERÍODO

    Receba todas informações

    Cursos Relacionados

    Curso Cybersecurity Foundations

    32 horas

    Ver Curso

    Curso CISSP - Certified Information Systems Security

    40 horas

    Ver Curso

    Curso Cissp Workshop - Gerenciamento de Indenidade e Acesso Operações

    Ver Curso

    Curso Fundamentos de Sistemas de Informação de Segurança

    32 horas

    Ver Curso

    Curso CHFI - Computer Hacking Forensics Investigator

    40 horas

    Ver Curso

    Curso Cisco Cybersecurity segurança de redes com detecção de ameaças

    32 Horas

    Ver Curso

    Curso ISO / IEC 20000 Introdução

    16 horas

    Ver Curso

    Curso ISO IEC 27002 Fundamentos

    16 horas

    Ver Curso