McAfee HIPs – Host Intrusion Prevention System Administration

Download Course Contents

McAfee HIPs – Host Intrusion Prevention System Administration Course Overview

Enroll for our 4-day McAfee HIPs – Host Intrusion Prevention System Administration course from Koenig Solutions. This course provides an in-depth knowledge on the deployment and management of a Host Intrusion Prevention solution, using McAfee ePolicy Orchestrator software.

Through a blend of hands-on labs and interactive lectures, you will learn how this solution uses a series of device protection, tagging, and reaction rules to safeguard sensitive information and improve overall data security.

Target Audience:

  • System and Network Administrators
  • Security Personnel
  • Auditors, and/or Consultants concerned with Network and System Security

Learning Objectives:

After completing this course, you will be able to:

  • Understand the benefits and capabilities of a McAfee Host Intrusion Prevention solution.
  • Plan and implement Host Intrusion Prevention.
  • Use rules, policies, and signatures.
  • Provide zero-day protection for operating system and application vulnerabilities.
  • Reduce the overhead of patch management.
  • Install, configure, and manage the solution, using the McAfee ePolicy Orchestrator management console.

 

This is a Rare Course and it can be take up to 3 weeks to arrange the training.

The 1-on-1 Advantage

Methodology

Flexible Dates

  • • Choose Start Date
  • • Reschedule After Booking
  • • Weekend / Evening Option

4-Hour Sessions

You will learn:

Module 1: Introduction to McAfee Host Intrusion Prevention
  • Protection Levels
  • New Features
  • Host Intrusion Prevention
  • Vulnerabilities, Exploits, Buffer Overflows, Attacks, Threats
  • Concurrent Users (Console Connections)
  • Resizing, Moving, and Removing Monitors
  • Changing the Default Session Timeout
  • Adding Monitors to a Dashboard
  • Editing the Automatic Refresh Interval
  • Dashboard Permissions Guidelines
  • Types of Dashboards
  • Duplicating and Adding Dashboards
  • Assigning Default Dashboards
  • Results of Load
  • Accessing the Dashboards Page
  • Deleting a Dashboard
  • Configuring Dashboard Monitors
  • Forcing McAfee Agent Activity from ClientAgent Files and Directories
  • Checking in the Host IPS Client
  • Adding Software to the Master Repository
  • Upgrading and Migrating Policies
  • HIPS Installation on the ePO Server
  • Installing Host IPS Extensions on the ePO Server
  • Package into the Master Repository
  • Allowing the Disable of Features
  • Installing the Client Remotely using ePO and Directly on the Client Computer
  • Responding to Spoof Detected Alerts
  • Client Services and Client-side Component Relationship
  • Downgrading and Removing the Client
  • Verifying the Client is Runnin
  • Registry Implementation
  • Verifying Host IPS Events are Triggered Correctly
  • Direct Client-Side Management
  • Host IPS installation requirements
  • Investigating Performance Issues
  • Unlocking the Windows Client Interface
  • Post-Installation Client Changes
  • Managing IPS Protection, Rules, Host Firewall Policy Options, and Blocked Hosts List
  • Client Logging and Troubleshooting
  • Enabling Timed Group
  • Working with Multiple Instance Policies
  • General Policies Overview
  • Enabling Advanced Functionality and Client Control
  • Trusted Networks Policy and Trusted Application
  • Creating and Editing Executables
  • Marking Applications as Trusted
  • Configuring the Client User Interface Policy
  • Configuring Display Options
  • IPS Options, Protection, Rules
  • Using Preconfigured Policies
  • Setting Protective Reaction for Signature Severity Levels
  • Configuring IPS Options
  • Intrusion Prevention Overview
  • Creating and Editing Policies
  • Benefits of Host Intrusion Prevention
  • Moving from Basic to Advanced Protection
  • Multiple Instance Policies and the Effective Policy
  • Working with IPS Rules Policies and Signatures
  • IPS Protection with IPS Rules Policies
  • Host and Network IPS Signature Rules
  • Signatures and Severity Levels
  • Host Intrusion Prevention Clients
  • Overview of the IPS Rules
  • Signature and Behavioral Rules
  • Multiple Instance Policies
  • Effective Policy for IPS Signatures
  • VirusScan Access Protection and IPS Rules
  • Application Blocking and Hooking
  • Create, Editing or Viewing Executable Details
  • Blocking and Allowing Application Hooking
  • Process Hooking
  • Prevent an Executable from Running (Black List)
  • Customizing and Managing Rules
  • Adjusting Signature Severity Levels
  • Exception Rules
  • Configuring IPS Rules Exceptions
  • Tuning Methods
  • Creating Trusted Applications
  • Creating Exceptions for Network IPS Rules
  • Applying OS Patches
  • IPS Signature Events
  • Creating Event-based Exceptions
  • Viewing Systems on which Selected Events Occur
  • Viewing Common Vulnerabilities and Exposures (CVE) Information
  • General Methodology for Reviewing Updates, Patch Systems and Applications
  • Viewing Host IPS Events
  • Creating an Exception Based on a Selected Event
  • List of the HIPS Events Supported by ePO
  • Events and Event Logging
  • Adaptive Mode Sequence
  • Using the Property Translator Server Task
  • Retaining Existing Client Rules
  • IPS Client Rules Overview
  • Create Exceptions Using IPS Client Rules
  • Adaptive Mode
  • Refining Policies Based on Use
  • Learning Mode
  • Managing IPS Client Rules
  • Reviewing Detail for IPS Client Rules
  • Placing Clients in Adaptive or Learn Mode
  • Creating a Custom Signature
  • Creating Windows/Unix Files and Directories
  • Creating Signatures-Windows Registry
  • Adding and Editing Sub-rules
  • Using the Signature Creation Wizard
  • Methods for Creating Custom Signatures
  • Using the Linux or Solaris Option to Create Signatures
  • Editing the Severity Level, Client Exception Permission, and Log Status of a Signature
  • Troubleshooting Custom Signatures
  • File Rule Types and Examples
  • Custom Signatures Components
  • Custom Signatures Overview
  • Viewing General Information about Signature
  • Determining Events Forwarding
  • Creating Issues Executing Scheduled Tasks, and Running External Commands.
  • Throttling and Aggregation
  • Automatic Response Process
  • Event Types, Formats, and Life Cycle
  • Creating, Editing, Viewing, and Deleting Automatic Responses for Specific Event Types
  • Creating and Editing Automatic Responses
  • Creating Contacts
  • Setting Filters, Aggregating Events, and Configuring Rule Actions
  • Automatic Responses Permission Set
  • Threat Notification and Tracing
  • Variables Used in Notifications
  • Default Automatic Response Rule
  • Host IPS Firewall Overview
  • Working with Firewall Options Policies
  • Understanding the State Table
  • Firewall DNS Blocking
  • trusted source/Global Threat Intelligence
  • Firewall Protocol Support
  • Allowing Unsupported Protocols and Bridged Traffic
  • How Firewall Rules Work
  • Stateful Filtering and Protocol Tracking
  • Startup Protection and Protection Options
  • Responding To Firewall Alerts
  • Basic Design Philosophies
  • Firewall Design Considerations
  • Using the Firewall Rule Builder
  • Typical Corporate Environment Policy
  • Stateful Filtering in Adaptive or Learn Mode
  • Creating Firewall Rule Groups
  • Firewall Planning
  • Adding Rules from the Catalog
  • Firewall Theory
  • Creating New Firewall Rule
  • Configuring Firewall Policies
  • Using the Host IPS Catalog
  • Managing Firewall Client Rules
  • Adaptive Mode versus Learn Mode
  • Firewall Rules Console
  • Firewall Groups
  • Connection-aware Firewall Groups
  • Matching for Location-Aware Groups
  • Timed Groups in Firewall Policy
  • Location-enabled Firewall Groups
  • Host IPS Firewall Groups
  • Creating Custom Host IPS Queries
  • Running Predefined Host IPS Queries
  • Client-side Policy Reporting
  • McAfee Agent Update Task
  • Dashboards and Queries
  • Generating Host IPS Reports/Queries
  • Clearing Events
  • Server Tasks in ePO
  • Manual Content Updating
  • Creating an ePO Server Pull Task
  • Vulnerability Shielding Updates
  • Testing McAfee Host Intrusion Prevention Client
  • McAfee Internet Sites
  • Run Queries
  • Best Practices with Adaptive Mode
  • Potential Pitfalls in IPS Deployments
  • Using ePolicy Orchestrator
  • Lab or Real World?
  • Notify End Users and Plan Escape Hatches
  • Step 7: Maintenance and Expansion Beyond IPS
  • Step 2: Prepare the Pilot Environment
  • Step 6: Enhanced Protection and Advanced Tuning
  • Pre-Installation Considerations and Deployment Planning
  • Step 4: Initial Tuning
  • Multiple Policy Instances
  • Enlist the Help Desk Team
  • Timing and Expectations
  • Adaptive Mode: Refine Policies Based on Use
  • Follow these Processes
  • Step 5: Optional Adaptive Mode
  • Adaptive Mode Limitations
  • Create Trusted Applications
  • Server Maintenance
  • Confirm Your Rollout Strategy
  • Install Host IPS to Pilot Hosts
  • Step 1: Strategy and Planning
  • Out-of-the-Box” Protection
  • Check Pilot Systems for Proper Operation
  • Managing Protection
  • Understanding Adaptive Mode
  • More Tuning
  • Domain Controllers and Host IPS
  • Create Exceptions
  • Step 3: Installation and Initial Configuration
  • Heightened Protection and Advanced Tuning
  • Fine-Tuning Policies
  • Security Tightening
  • Host IPS Configuration and Initial Tuning
  • Argument – /help
  • Argument- /exportConfig
  • Argument – /export
  • Argument – /execInfo
  • Argument – /defConfig
  • Argument – /log
  • ClientControl Logging
  • Stopping Host IPS Services
  • Major Arguments
  • Argument – /fwPassthru
  • Argument – /engine
  • Argument – /readNaiLic
  • Deploying Host IPS with 3rd Party Product
  • Command Line Syntax
  • Argument – /start and /stop
  • Argument – /startupIPSProtection
  • fwinfo Utility
  • Troubleshooting the Linux Client
  • Verifying Linux Installation Files
  • Removing the Linux Client
  • Stopping and Restarting the Linux Client
  • HIPTS – Troubleshooting Tool
  • Linux Client Installation Requirements
  • Notes about the Linux Client
  • Policy Enforcement with the Linux Client
  • Troubleshooting the Solaris Client
  • Solaris Zone Support
  • Removing the Solaris Client
  • Verifying Solaris Installation Files
  • Solaris Client Installation Requirements
  • Policy Enforcement with the Solaris Client
  • Installing the Solaris Client
  • Stopping and Restarting the Solaris Client
  • Installation Issues
  • Troubleshooting Host IPS
  • Client Issues
  • MERTool
  • KnowledgeBase Articles for Host IPS
  • Host IPS Engines
  • Identify the Versions
  • Applying Service Packs
  • Verifying Policies – FireCore Policy
  • Verifying Policies – Static Configuration
  • McAfee Agent Logs
  • Troubleshooting the Host IPS Firewall
  • Policy Update Issues
  • Escalation Process
  • Activity Log
  • Troubleshooting Firewall Issues
  • Verifying Policies – Dynamic Policy
  • fwinfo.exe
  • Policy, Event, and Client Rule Issues
Live Online Training (Duration : 32 Hours) Fee On Request
We Offer :
  • 1-on-1 Public - Select your own start date. Other students can be merged.
  • 1-on-1 Private - Select your own start date. You will be the only student in the class.

4 Hours
8 Hours
Week Days
Weekend

Start Time : At any time

12 AM
12 PM

1-On-1 Training is Guaranteed to Run (GTR)
Group Training
Date On Request
Course Prerequisites

It is recommended that students have a working knowledge of Microsoft Windows administration, system administration concepts, a basic understanding of computer security concepts, and a general understanding of Internet services.

 

Request More Information

Add Name and Email Address of participant (If different from you)

FAQ's


In both, you choose the schedule. In public, other participants can join, Private other participants want to join.
Yes, course requiring practical include hands-on labs.
You can buy online from the page by clicking on "Buy Now". You can view alternate payment method on payment options page.
Yes, you can pay from the course page and flexi page.
Yes, the site is secure by utilizing Secure Sockets Layer (SSL) Technology. SSL technology enables the encryption of sensitive information during online transactions. We use the highest assurance SSL/TLS certificate, which ensures that no unauthorized person can get to your sensitive payment data over the web.
We use the best standards in Internet security. Any data retained is not shared with third parties.
You can request a refund if you do not wish to enroll in the course.
To receive an acknowledgment of your online payment, you should have a valid email address. At the point when you enter your name, Visa, and other data, you have the option of entering your email address. Would it be a good idea for you to decide to enter your email address, confirmation of your payment will be emailed to you.
After you submit your payment, you will land on the payment confirmation screen.It contains your payment confirmation message. You will likewise get a confirmation email after your transaction is submitted.
We do accept all major credit cards from Visa, Mastercard, American Express, and Discover.
Credit card transactions normally take 48 hours to settle. Approval is given right away; however,it takes 48 hours for the money to be moved.
Yes, we do accept partial payments, you may use one payment method for part of the transaction and another payment method for other parts of the transaction.
Yes, if we have an office in your city.
Yes, we do offer corporate training More details
Yes, we do.
Yes, we also offer weekend classes.
Yes, Koenig follows a BYOL(Bring Your Own Laptop) policy.
It is recommended but not mandatory. Being acquainted with the basic course material will enable you and the trainer to move at a desired pace during classes.You can access courseware for most vendors.
Buy-Now. Pay-Later option is available using credit card in USA and India only.
You will receive the digital certificate post training completion via learning enhancement tool after registration.
Yes you can.
Yes, we do. For details go to flexi
You can pay through debit/credit card or bank wire transfer.
Dubai, Goa, Delhi, Bangalore.
Yes you can request your customer experience manager for the same.
Yes, fee excludes local taxes.
Yes, we do.
The Fee includes:
  • Courseware
Schedule for Group Training is decided by Koenig. Schedule for 1-on-1 is decided by you.
In 1-on-1 you can select your own schedule, other students can be merged but you select the schedule. Choose 1-on-1 if published schedule do not meet your requirement. If you also want a private session, opt for 1-on-1 Public.
Yes.
No, it is not included.

Prices & Payments

Yes of course.
Yes, We are

Travel and Visa

Yes we do after your registration for course.

Food and Beverages

Yes.

Others

Says our CEO-
“It is an interesting story and dates back half a century. My father started a manufacturing business in India in the 1960's for import substitute electromechanical components such as microswitches. German and Japanese goods were held in high esteem so he named his company Essen Deinki (Essen is a well known industrial town in Germany and Deinki is Japanese for electric company). His products were very good quality and the fact that they sounded German and Japanese also helped. He did quite well. In 1970s he branched out into electronic products and again looked for a German name. This time he chose Koenig, and Koenig Electronics was born. In 1990s after graduating from college I was looking for a name for my company and Koenig Solutions sounded just right. Initially we had marketed under the brand of Digital Equipment Corporation but DEC went out of business and we switched to the Koenig name. Koenig is difficult to pronounce and marketeers said it is not a good choice for a B2C brand. But it has proven lucky for us.” – Says Rohit Aggarwal (Founder and CEO - Koenig Solutions)
All our trainers are fluent in English . Majority of our customers are from outside India and our trainers speak in a neutral accent which is easily understandable by students from all nationalities. Our money back guarantee also stands for accent of the trainer.
Medical services in India are at par with the world and are a fraction of costs in Europe and USA. A number of our students have scheduled cosmetic, dental and ocular procedures during their stay in India. We can provide advice about this, on request.
Yes, if you send 4 participants, we can offer an exclusive training for them which can be started from Any Date™ suitable for you.