If you can't read please download the document
Upload
vladislav-radetskiy
View
2.153
Download
1
Embed Size (px)
Citation preview
.
McAfee Confidential1
, Web Mail
http://radetskiy.wordpress.com/mailto:[email protected]
radetskiy.wordpress.com
2011 .
.
McAfee:
Data Protection
Email Security
Endpoint Security
Mobile Security
One Time Password
Security-as-a-Service
Security Management
http://radetskiy.wordpress.com/mailto:[email protected]://bakotech.ua/http://www.mcafee.com/ru/products/data-protection/index.aspxhttp://www.mcafee.com/ru/products/email-and-web-security/email-security.aspxhttp://www.mcafee.com/ru/products/endpoint-protection/index.aspxhttp://www.mcafee.com/ru/products/mobile-security/index.aspxhttp://www.mcafee.com/ru/products/one-time-password.aspxhttp://www.mcafee.com/ru/products/security-as-a-service/index.aspxhttp://www.mcafee.com/ru/products/security-management/index.aspx
EPS
Web Email (MEG + MWG)
McAfee = ~ 70 ,
DLP
Encryption
Web & Email Gateway
Endpoint Protection
DB Protection
Vulnerability Manager
IPS & NGFW
SaaS
SIEM
TIE + ATD
ePO Cloud StandaloneePO On-premise Security Center
McAfee 6
McAfee ePO
MS BitLockerApple FileVault
McAfee Drive Encryption+ File and Media
EMM Portal
iOS & Android
, McAfee Agent
ePO :
McAfee ePO
McAfee Agent
Encryption
Endpoint
443 TCP
80 TCP
8081 TCP
ePO :
McAfee ePOMcAfee Agent
VSE
Endpoint
LEGO. . .
ePO :
McAfee ePOMcAfee Agent
VSE
DLP
Encryption
HIPS
Endpoint
LEGO. . .
ePO :
MS AD
()
IP /
ePO : ()
( )
.
ePO :
My Default !
:
-
-
-
ePO :
:
();
Help-Desk` ( );
( );
/ ()
ePolicy Orchestrator 5.1.0 Best Practices Guide . 18 - 23
ePO :
https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/25000/PD25519/en_US/epo_510_bpg_Rev_B.pdf
ePO :
McAfee ePO
Super Agent Lazy Caching
SMB / FTP / WEB
McAfee
EPS
Endpoint ProtectionEndpoint Protection
Advanced Suite
Complete Endpoint Protection Business
(only 2k< users)
Complete Endpoint Protection Enterprise
Suite
VSE for Windows
VSE for Linux
VSE for command line
EPS for Mac
HIPS for Windows (Desktop)
Site Advisor (web-filtering)
Firewall
Device Control
Application Control
EMM (MDM)
Encryption (DE + MNE + FRM)
Security for Exch. & Lotus
EPS
Endpoint ProtectionEndpoint Protection
Advanced Suite
Complete Endpoint Protection Business
(only 2k< users)
Complete Endpoint Protection Enterprise
Suite
VSE for Windows
VSE for Linux
VSE for command line
EPS for Mac
HIPS for Windows (Desktop)
Site Advisor (web-filtering)
Firewall
Device Control
Application Control
EMM (MDM)
Encryption (DE + MNE + FRM)
Security for Exch. & Lotus
. !
VirusScan Enterprise (VSE)
.
.
:
DAT
GTI (!) GTI Proxy
Access Protection Rules (!) by Default VSE
http://www.mcafee.com/apps/downloads/security-updates/security-updates.aspxhttps://kc.mcafee.com/corporate/index?page=content&id=KB53733https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/22000/PD22818/en_US/Access_Protection_Rules.pdf
VirusScan Enterprise (VSE)
Windows. XP 2012. .VSE (Win)
VSE (Lin)
VSE (Mac)
VSE for Storage
VSE for Android
VSE (cmd)
MOVE
deb rpm . .
MacOS X Server Mac OS 10.7 . .
NAS NetApp . .
Android 2.1 4.. ().
AIX, FreeBSD, HP-UIX, Sun, Linux, Windows. Standalone.
Windows . . Hyper-V/VMware/Xen ..
MOVE ( vShield)
McAfee ePO
VMware vShield EndpointVMware ESX
Vmware vMotion NSX
VM VM MOVE Security
Appliance
OS OS
VMtools VMtools
MOVEMOVE
MOVE
VMCI
MOVE (Multi-Platform)
MOVE Security
Appliance
VM VM VM
MOVE MOVE MOVE
OS OS OS
hypervisor2
network
McAfee ePO
, RAM , ePO
MOVE
hypervisor1
MOVE Multi-platform 3.6 Agentless 3.6
Anti-Virus Features
(On-Access Scanning)
(On-Demand Scanning)
ePO
SVA NSX
/
GTI
450 1 1 ESX
VMware vShield
(SVA Manager)
McAfee Agentless Firewall
MOVE McAfee MOVE AV for Virtual
ServersMcAfee Server Security Suite
EssentialsMcAfee Server Security Suite
Advanced
ePolicy Orchestrator
MOVE AV for Servers
Advanced MOVE AV feature: ePO Easy Deployment
Advanced MOVE AV feature: McAfee Agentless Firewall for VMware environments
Data Center Connector for VMware vSphere
Data Center Connectors for AWS, Azure, and OpenStack
VSE and VSEL license for the scan server only
VirusScan Enterprise (VSE)
VirusScan Enterprise for Linux (VSEL)
Host IPS for Servers & Linux Firewall
Application Control for Servers
Change Control for Servers
Licensing Meter Per OS Instance Per OS Instance
+
HIPS
0-day
buffer overflow
HIPS (Adobe Flash, Oracle Java, Windows etc)
, /
Windows Filtering Platform
XP 8.x, 10; 2003 - 2012
:
- - - - IP GTI- - :
- - -
Web
HIPS
Web Server Shield
Decryption & Decoding
TCP/IP StackHTTP
ProtectionWeb Server
Engine
System Call & API
System Call Interception Engine
Operating System
Audit Logs
HIPS
Database Shield
Database Network Libraries
Incoming queries fromdatabase clients SQL
Interception Engine
Database Engine
System Call & API
System Call Interception Engine
Operating System
Audit Logs
/
Application Control
( , )
, Microsoft Windows NT, 2000 Windows
zeroday
standalone ,
McAfee Application Control , .
, .
Device Control
: , , r/o USB .
fingerprints .
USB-, 3G Wi-Fi , mp3 , Bluetooth , COM LPT
McAfee Device Control PnP , : USB-, MP3-, .
()
upgrade DLP Endpoint*
* , DLP
, .
Device Control
/
USB, PCI
SN, VID + PID, Device ID etc
, .
Device Control
()
*
(Online/Offline)
** DLP Endpoint :
https://radetskiy.wordpress.com/2013/06/10/dlp-endpoint-9-3/
DLP
Device Control > DLP Endpoint
. , , r/o USB .
.
: 1) ; 2) ,
().
Content Security Suite
(MWG + MEG + NDLP Prevent + DC = DLP )
Device Control + (Email, Web, Print..).
: 1) ; 2) , ; 3)
Discover OST/PST .
.
, .. *
* Windows Mac OS
.
Device Control
DLP Endpoint
https://radetskiy.wordpress.com/2014/08/15/device_control_vs_dlp_endpoint/
McAfee ePO
MS BitLocker
Apple FileVault
McAfee Drive Encryption+ File and Media
Drive Encryption
FDE HDD, Opal, SED SSD
Windows (XP 8.1)
: AES-NI, SSO, TPM, AMT, UEFI, GPT, Secure/Hybrid Boot
pre-boot ,
(KB79787) - (KB79788)
6
AES256-CBC
DRBG HMAC SHA256
RSA 2048 bit
https://kc.mcafee.com/corporate/index?page=content&id=KB79787https://kc.mcafee.com/corporate/index?page=content&id=KB79788
/
Drive Encryption
Self-recovery -
Admin recovery (challenge-response) - email, phone
EETech boot USB/CD -
DeepCommand on intel AMT systems - Internet (IPsec)
Endpoint Assistant (Android & iOS devices) - / 7.1
Self Service Portal (DPSSP) - Internet / 7.2
: 6
https://www.youtube.com/watch?v=k1LhoagIlC8
Management of Native Encryption
Apple FileVault MS BitLocker
(report only & control)
MNE MBAM
Self Service Portal (DPSSP)
DEGO Mac
Windows To Go, Microsoft Surface Tablets
File and Removable Media Protection
/ / (AES 256)
USB , CD/DVD,
(User based / System based)
CD/DVD USB
File and Removable Media Protection
// Read Only
(USB)
(USB) (Windows & Mac)
.
Web- .
Site Advisor
URL GTI
/ URL
URL McAfee Web Gateway
URL-,
:
IE, Firefox Chrome
Deep Command
Intel vPro Active Management Technology (AMT);
Intel vPro ;
Intel AMT ePO;
/ ;
IPsec VPN ;
KVM IP- (IP-KVM)
Intel AMT
CPU Intel Core i5 vPro Core i7 vPro
, . .
Deep Defender
MBR BIOS
ePO
rootkits
McAfee Intel
(VSE, HIPS etc)
CPU:Intel Core i3, i5, i7
. Intel VT. . , .. . rootkit / bootkit / 0-day etc
EMM ( )
(MDM)
BYOD
iOS, Android, WinPhone
Enterprise Mobility Management (EMM)
, (AES 256)
Secure Container for Android
.
VirusScan Mobile for Android
, :
EMM ( )
BYOD
. API
()
Wi-Fi, 3G, VPN
(Compliance)
jailbrake\root
non-compliance
iOS Android, Secure Container
AD
Wi-Fi/VPN
VirusScan Mobile Android
Secure Container Android ( )
(PIN, pass)
EMM ( )
Secure Container for Android
EMM ( )
,
[AES 256]
: Word, Excel, PDF
,
VirusScan Mobile
EMM ( )
Android,
,
EPS
Default Policy !
- VSE DAT,
- HIPS Content,
GTI - KB53733 , , GTI Proxy - KB71000
, Access Protection
EPS :
- VSE , 1/24 GTI
- HIPS & AppControl off-line
- VSE & HIPS & DevControl
http://www.mcafee.com/apps/downloads/security-updates/security-updates.aspxhttp://www.mcafee.com/us/content-release-notes/host-intrusion-prevention/index.aspxhttps://kc.mcafee.com/corporate/index?page=content&id=KB53733https://kc.mcafee.com/corporate/index?page=content&id=KB71000&pmv=printhttps://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/22000/PD22818/en_US/Access_Protection_Rules.pdf
Web Email
McAfee Web Gateway SiteAdvisor
Web Email Gateway Network DLP
HTTP(S)
MEG _ McAfee Email Gateway HW / VM
(McAfee, Commtouch);
, , URL;
- ;
SPF, Sender ID, DKIM, reverse DNS lookup etc;
;
S/MIME, PGP, TLS ;
+ SPAM ;
.
MEG _ McAfee Email Gateway HW / VM
(server to server) TLS by default
S/MIME & PGP
Secure Portal Pull-based MEG
URL
Secure Attachment Push-based
MEG
RecipientEmail Gateway
EmailProtection with Policy Engine
Message Recipient
Browser
RecipientEmail Gateway
EmailProtection with Policy Engine
Message Recipient
RecipientEmail Gateway
EmailProtection with Policy Engine
Message Recipient
Web
MEG _ McAfee Web Gateway HW / VM
URL;
;
;
;
SSO;
NTLM, Kerberos, Basic;
;
.
Web
MEG _ McAfee Web Gateway HW / VM
Filter Known GoodKnown Bad Sandbox / Reverse-engineeringReal-time Emulation
Depth Of Inspection
McAfee Web Protection McAfee ATD
Advanced Threat Defense
Gateway Anti-Malware
URL/Category
AVGTI
Web +
MEG _ McAfee Web Gateway HW / VM
Customize block page
with your logo, colors,
instructions
,
:
, ,
..
www.mcafee.com/expertcenter -
https://kc.mcafee.com -
https://radetskiy.wordpress.com -
https://www.youtube.com/user/McAfeeTechnical - YouTube
ftp://ftp.bakotech.com/Evaluation/Docs/ - FTP
ftp login: mcafee
ftp pass: mcafee
http://www.mcafee.com/expertcenterhttps://kc.mcafee.com/https://radetskiy.wordpress.com/https://www.youtube.com/user/McAfeeTechnicalftp://ftp.bakotech.com/Evaluation/Docs/
.
McAfee Confidential54
Intel Security
5
Web
DLP
Intel
on-premises | private cloud | public cloud | hybrid
1968: .
1987 Intel 2010:
McAfee Intel.
http://radetskiy.wordpress.com/mailto:[email protected]