Curso Open Source/McAfee Application Control and McAfee Change Control Administration

  • Cyber Security

Curso Open Source/McAfee Application Control and McAfee Change Control Administration

32h
Visão Geral

Este curso proporciona formação aprofundada sobre as ferramentas de que necessita para instalar, configurar, operar e solucionar eficazmente problemas relacionados com o McAfee Application Control e o McAfee Change Control para salvaguardar a propriedade intelectual e garantir a conformidade.

Objetivo

Após concluir o Curso Open Source/McAfee Application Control and McAfee Change Control Administration, você será capaz de:

  • Compreender as capacidades das soluções de Controlo de Aplicações e Controlo de Alterações da McAfee
  • Instalar e administrar
  • Gerir à distância
  • Proteger os pontos finais
Publico Alvo
  • Este curso destina-se a administradores de sistemas, pessoal de segurança, auditores, e/ou consultores preocupados com a segurança de sistemas.
Pre-Requisitos
  • Recomenda-se que os estudantes tenham um conhecimento prático da administração do Microsoft Windows, conceitos de administração de sistemas, uma compreensão básica dos conceitos de segurança informática, e uma compreensão geral de vírus e tecnologias anti-vírus.
Informações Gerais

Carga Horária: 32h

  • Se noturno este curso é ministrado de Segunda-feira à sexta-feira, das 19h às 23h
  • Se aos sábados este curso é ministrado das 9h às 18h
  • Se in-company por favor fazer contato para mais detalhes.

Formato de entrega:

  • 100% on-line ao vivo, via Microsoft Teams na presença de um instrutor/consultor ativo no mercado.
  • Nota: não é curso gravado.

Lab:

  • Laboratório + Exercícios práticos  
Materiais
Português | Inglês
Conteúdo Programatico

Introduction to the McAfee Application Control/Change Control

  1. What is MACCC?
  2. Solidcore Architecture
  3. Multi-layered Security Solution
  4. Whitelisting
  5. Trust Model
  6. Image Deviation
  7. Differentiators
  8. Visibility and Enforcement for End-to-end Compliance
  9. File Integrity Monitoring
  10. Change Prevention
  11. Install Workflow
  12. Navigation to Solidcore Components
  13. Solidcore Configuration
  14. Updaters or Publishers
  15. Solidcore Configuration
  16. Installers
  17. Solidcore Policies
  18. Windows Path Definitions
  19. Solidcore Server Tasks
  20. Solidcore: Purge Task
  21. Migration Server Task
  22. Calculate Predominant Observations (Deprecated)
  23. Content Change Tracking Report Generation
  24. Solidcore: Run Image Deviation
  25. Image Deviation (Application Control)
  26. Specifying a Golden Image
  27. Solidcore: Scan a Software Repository

Planning a McAfee® ePolicy Orchestrator™ Deployment

  1. ePO Server Prerequisite Software
  2. Supported SQL Server Releases
  3. Default Communication Ports
  4. Default Ports
  5. Determining Ports in Use
  6. Deployment Scenario: Basic Plan
  7. Solution A: One ePO Server
  8. Solution B: Two ePO Servers
  9. Solution C: ePO server with Agent Handlers
  10. Deployment Scenario: Disk Configuration
  11. Solution: Less than 5,000 Nodes
  12. Solution: 5,000 to 25,000 Nodes
  13. Deployment Scenario: Disk Configuration
  14. Solution: 25,000 to 75,000 Nodes
  15. Solution: More than 75,000 Nodes
  16. How Products and Events Affect Calculations
  17. Example: Calculating Averages
  18. Calculating Your Environment

Security Connected and McAfee® ePolicy Orchestrator™ Overview

  1. Security Evolution
  2. Security Connected
  3. Breadth and Depth for Security
  4. ePO Solution Overview
  5. How ePO Works
  6. Essential Features
  7. ePO Web Interface
  8. Menu Page

McAfee® Agent

  1. Agent Components
  2. Agent-Server Secure Communication Keys
  3. Communication after Agent Installation
  4. Typical Agent-to-Server Communication
  5. McAfee Agent-to-Product Communication
  6. Forcing Agent Activity from Server
  7. Wake-up Calls and Wake-up Tasks
  8. Configuring Agent Wake-up
  9. Locating Agent Node Using DNS
  10. Forcing McAfee Agent Activity from Client
  11. Viewing McAfee Agent Log
  12. ePO 4.x/McAfee Agent 4.x Feature Dependencies
  13. Agent Files and Directories
  14. McAfee Agent Log Files
  15. Using Log Files
  16. Installation Folders

Application Control/Change Control Extension Installation

  1. Extensions in ePO
  2. Extensions Menu
  3. Integration of AC/CC Extension
  4. ePO Database Sizing
  5. Installation of Extension
  6. Solidcore Licensing
  7. What is Solidcore?
  8. Install Workflow Review
  9. Installing Licenses
  10. Solidcore Database Tables

Solidcore Client

  1. The agent plug-in and how it works
  2. Types of Platforms Protected
  3. Supported Systems
  4. Check-in Agent Plug-in Package into ePO
  5. Deploying the Solidcore Agent Plugin
  6. Verifying Installation from the Endpoint
  7. Solidcore Client Tasks
  8. Enable Solidcore Agent Task
  9. Disable Solidcore Agent Task
  10. Initial Scan to Create Whitelist
  11. Pull Inventory
  12. Begin Update Mode
  13. End Update Mode
  14. Change Local CLI Access
  15. Collect Debug Info
  16. Run Commands
  17. Get Diagnostics for Programs
  18. Features for the Client
  19. Client Notifications and Events
  20. Client Events and Approvals
  21. Customizing Client Notifications

Application Control Initial Configuration

  1. What are Observations?
  2. Observe Mode
  3. Manage requests
  4. Review requests
  5. Process requests
  6. Allow by a checksum on all endpoints
  7. Allow by publisher on all endpoints
  8. The ban by a checksum on all endpoints
  9. Define custom rules for specific endpoints
  10. Allow by adding to whitelist for specific endpoints
  11. Define bypass rules for all endpoints
  12. Delete requests
  13. Review created rules
  14. Throttle observations
  15. Define the threshold value
  16. Review filter rules
  17. Manage accumulated requests
  18. Exit Observe mode
  19. Inventory Introduction
  20. Fetch Inventory
  21. GTI Integration
  22. Trust level and score
  23. Cloud Trust Score
  24. Inventory Without Access to GTI
  25. Fetch McAfee GTI ratings for isolated networks
  26. Export SHA1s of all binaries
  27. Run the Offline GTI tool
  28. Fetch Inventory – Bad File Found Event
  29. Manage the inventory
  30. Manage Binaries
  31. Application Control Policies
  32. Role of the Policy
  33. Application Control Configuration
  34. Managing Rule Groups
  35. Creating an Application Control Rule Group
  36. Updater Tab
  37. Trusted Users
  38. Using a Rule Group to Block an Application

Application Control Feature Administration

  1. What is Update Mode?
  2. How to Update a Solidified System
  3. Auto-Updaters
  4. Authorized Updaters
  5. Determining Updaters
  6. Understanding Publishers
  7. Understanding Installers
  8. Scan a Software Repository
  9. Revisit – Solidcore Permission Sets
  10. Reboot Free Activation
  11. Inventory Management Enhancements
  12. Inventory Management – Pull Inventory
  13. Inventory By Application
  14. Inventory By Systems
  15. Inventory Application Drill-down
  16. Inventory Binary Drill-down
  17. Modifying Enterprise Trust Level

Event and Alerts

  1. Understanding Events
  2. What Creates an Event
  3. When Are Events Sent Back?
  4. Viewing Events
  5. Advanced Filters
  6. Selecting Columns to Display
  7. Viewing the Details of an Event
  8. Solidcore Events
  9. Example of Solidcore Events
  10. Application Control Events
  11. Planning Automatic Responses
  12. Throttling, Aggregation, and Grouping
  13. Understanding Alerts
  14. Configuring a Solidcore Alert
  15. Viewing an Alert
  16. Support of SNMP Alerts
  17. Customizing End-User Notifications
  18. Syslog Enhancements

Change Control Initial Configuration

  1. Application Control & Change Control
  2. Change Control & Integrity Monitoring
  3. Disable Solidcore
  4. Enable Solidcore on the Endpoint
  5. Verifying Client Task Completion
  6. Integrity Monitoring Policies
  7. Using Integrity Monitor
  8. Creating an Integrity Monitor policy
  9. Integrity Monitoring Policies
  10. Testing your Monitoring
  11. Reducing “Noise”
  12. Example of Reducing “Noise”

Using the Policy Catalog and Managing Policies

  1. Change Control Policies
  2. Variables for Use in Policies
  3. Example of Variables in a Rule Group
  4. Write Protect a File, Trusted Program can Alter
  5. Write Protect a Registry Key, Program can Alter
  6. Write Protect a File, Trusted User can Alter
  7. Verifying only Trusted User can Alter
  8. Read Protection must be Enabled
  9. Read Protect a File, Trusted Program can Access
  10. Emergency Changes
  11. Content Change Tracking
  12. One-Click Exclusion (Advanced Exclusion Filtering)
  13. One-Click Exclusion Configuration

Dashboards and Reporting

  1. ePO Dashboards
  2. Queries As Dashboard Monitors
  3. Dashboard Access
  4. Dashboard Configuration
  5. Solidcore Dashboards
  6. Application Control Dashboard
  7. Change Control Dashboard
  8. Integrity Monitor Dashboard
  9. Inventory Dashboard
  10. Solidcore Queries
  11. Reporting > Solidcore
  12. Application Control > Inventory
  13. Application Control > Image Deviation
  14. Automation > Solidcore Client Task Log
  15. Creating a Customized Dashboard
  16. Making a Dashboard Public
  17. Set the Default Dashboard

Troubleshooting

  1. Solidcore Architecture and Components
  2. Solidcore 6.1.3 Architecture
  3. Troubleshooting References
  4. Location of Solidcore Files on Endpoint
  5. ePolicy Orchestrator Application Server Service Logs
  6. Solidcore Registry Keys on Endpoint
  7. Solidcore Services
  8. Troubleshooting Best Practice
  9. Escalation Best Practices
  10. Troubleshooting GTI Cloud Issues Best Practice
  11. Top Issues – Task Failure
  12. Top Issues – Denied Execution Issues
  13. Top Issues – Denied Execution of a Network Share
  14. Top Issues – Network Share
  15. Top Issues – KB
  16. Useful Tools
  17. Solidcore Event Logs
  18. Solidcore User Notifications
  19. Solidcore Troubleshooting Tools
  20. Escalation Tools
  21. Minimum Escalation Requirements (MER)
  22. Running MER Tool on Client
  23. Dump Tools

Case Studies

  1. A Case from History
  2. Unpatched, Known Vulnerabilities in the Client
  3. Browser-based Exploits
  4. The Remedy
  5. Application Whitelisting
  6. Increasing Compliance Requirements
  7. Remedy
  8. File Monitoring
  9. Complete the Task

CLI Administration

  1. Solidcore CLI
  2. Viewing the CLI Access
  3. Enabling the CLI
  4. Unlocking the CLI Locally
  5. Securing the CLI
  6. Using the CLI
  7. SADMIN Commands
  8. Solidifying from the CLI
  9. Unsolidifying
  10. What is Solidcore’s Status?
  11. Beginning the Update Status
  12. Ending the Update Status
  13. Enabling and Disabling Solidifier
  14. SADMIN Commands
  15. Advanced SADMIN Commands
  16. Solidcore Commands
  17. New CLI Commands
  18. Application Control Rules & Helpful Commands
  19. Read/Write Protect Files
  20. Change Control Commands – Write Protection
  21. How To Write Protect a File
  22. Modifying a Read/Write Protected Files
  23. Change Control Features – Write Protection
  24. Application Control
  25. Authorize Command Arguments
  26. Discovering and Adding Updaters
  27. SADMIN Diag Notations
  28. Discovering and Adding Updaters
  29. Using Attributes to Control File Execution
  30. Using Attributes to Control File Execution
  31. Viewing Solidcore Events
  32. Event Sinks
  33. Logging Events
  34. Event Names and Log Entries
  35. Product Tools

Best Practices

  1. Review of Initial Setup Tasks
  2. Systems Tree Infrastructure
  3. Communication between ePO and Agent
  4. Activation Options: Application Control Only
  5. Inventory Collection Scan
  6. Protection State Selection
  7. Protection State Delivery
  8. Testing Protection mechanisms
  9. Policies and Rule Groups
  10. Policy Tuning
  11. Bypass Rules and Exclusions
  12. Inventory and Whitelist
  13. Updaters
  14. Application Control Memory Protection
  15. Basic Troubleshooting and FAQs
  16. Solving Memory Discrepancies
  17. Helpful Resources
TENHO INTERESSE

Cursos Relacionados

Curso Cybersecurity Foundations

32 horas

Curso CISSP - Certified Information Systems Security

32 horas

Curso Cissp Workshop - Gerenciamento de Indenidade e Acesso Operações

Curso Fundamentos de Sistemas de Informação de Segurança

32 horas

Curso CHFI - Computer Hacking Forensics Investigator

40 horas

Curso Cisco Cybersecurity segurança de redes com detecção de ameaças

32 Horas

Curso ISO / IEC 20000 Introdução

16 horas

Curso ISO IEC 27002 Fundamentos

16 horas