emailIcon info@koenig-solutions.com
koenig-logo
Login
koenig-logo
All Courses

McAfee HIPs – Host Intrusion Prevention System Administration Course Overview

McAfee HIPs – Host Intrusion Prevention System Administration Course Overview

The McAfee Host Intrusion Prevention System (HIPS) Administration course equips learners with the expertise to secure systems using McAfee's advanced intrusion prevention capabilities. Participants will gain hands-on experience configuring HIPS policies, managing dashboards, and troubleshooting firewall rules. The course covers essential topics like McAfee Framework Host Service, policy updates, and client-server communication using McAfee Management Service Host. Learners will understand how to create custom signatures, manage exceptions, and apply best practices for system maintenance. By mastering McAfee Intrusion Prevention System (IPS), participants will be able to protect their networks from vulnerabilities and unauthorized access, making this course ideal for IT security professionals looking to enhance their cybersecurity framework.

Important Topics covered in McAfee HIPs – Host Intrusion Prevention System Administration Training

  • Host Intrusion Prevention Configuration – Expertise in setting up and configuring McAfee Host IPS for securing endpoints and managing intrusion prevention policies.
  • ePolicy Orchestrator (ePO) Management – Proficiency in navigating and using the McAfee ePO console for policy management, dashboards, and monitoring.
  • McAfee Agent Communication – Understanding secure agent-server communication, wake-up calls, and McAfee Agent-to-product interaction.
  • Intrusion Prevention Policies – Skill in creating and managing signature and behavioral IPS rules to prevent unauthorized access and mitigate threats.
  • Firewall Policies and Rules – Configuration of firewall policies, adaptive mode, and rules to allow or block network traffic for enhanced protection.
  • Event Logging and Reporting – Ability to log, analyze, and respond to IPS events using built-in dashboards, reports, and event filters in McAfee ePO.
  • Custom Signatures Creation – Competency in creating custom signatures for Windows, Linux, and Solaris systems to detect specific threats and vulnerabilities.
  • Exception Handling and Tuning – Experience in configuring IPS exceptions, adjusting signature severity levels, and fine-tuning policies for optimal performance.
  • System Maintenance and Updates – Knowledge of performing updates, vulnerability shielding, and server maintenance tasks to ensure continuous protection.
  • Troubleshooting Host IPS – Ability to troubleshoot IPS-related issues such as policy conflicts, client performance problems, and installation errors across platforms.

These topics demonstrate your expertise in managing and securing enterprise environments using McAfee’s Host Intrusion Prevention System.

 

googleRating

5.0

Trustpilot

Intermediate

Purchase This Course

Fee On Request

  • Live Training (Duration : 32 Hours)
  • Per Participant
  • Guaranteed-to-Run (GTR)
  • Classroom Training fee on request
  • Select Date
    date-img
  • CST(united states) date-img

Select Time


♱ Excluding VAT/GST

You can request classroom training in any city on any date by Requesting More Information

happinessGuaranteed_icon

Happiness Guaranteed

  • Live Training (Duration : 32 Hours)
  • Per Participant
  • Classroom Training fee on request

♱ Excluding VAT/GST

You can request classroom training in any city on any date by Requesting More Information

happinessGuaranteed_icon

Happiness Guaranteed

Request More Information

Email:  WhatsApp:

Koenig's Unique Offerings

images-1-1

1-on-1 Training

Schedule personalized sessions based upon your availability.

Learn More
images-1-1

Customized Training

Learning without limits. Create custom courses that fit your exact needs, from blended topics to brand-new content.

Learn More
happinessGuaranteed_icon

Happiness Guaranteed

Experience exceptional training with the confidence of our Happiness Guarantee, ensuring your satisfaction or a full refund.

Learn More
images-1-1

Destination Training

Immerse yourself in a focused learning environment, free from distractions, where you can sharpen your skills in popular global destinations.

Learn More
images-1-1

Fly-Me-A-Trainer (FMAT)

Flexible on-site learning for larger groups. Fly an expert to your location anywhere in the world.

Learn More

Who Should Attend McAfee HIPs – Host Intrusion Prevention System Administration Training

The McAfee HIPS – Host Intrusion Prevention System Administration course is designed for IT security professionals seeking to enhance their expertise in deploying, managing, and troubleshooting McAfee's Host Intrusion Prevention System for enterprise protection.

  • Security Administrators and Analysts
  • Network Security Engineers
  • System Administrators
  • IT Security Consultants
  • Cybersecurity Specialists
  • Endpoint Security Engineers
  • ePolicy Orchestrator (ePO) Administrators
  • Incident Response Teams
  • Security Operations Center (SOC) Analysts
  • Compliance and Audit Professionals

What you will Learn in this McAfee HIPs – Host Intrusion Prevention System Administration?

The McAfee HIPS – Host Intrusion Prevention System Administration course equips learners with the skills to configure, manage, and troubleshoot McAfee Host IPS, focusing on threat prevention, firewall policies, and event monitoring for enhanced endpoint security.

Learning Objectives and Outcomes:

  • Understand vulnerabilities, exploits, and protection levels in McAfee HIPS.
  • Navigate and manage dashboards and monitors in the McAfee ePolicy Orchestrator (ePO).
  • Install, configure, and upgrade Host IPS components on client and server systems.
  • Configure intrusion prevention policies, rules, and application protection settings.
  • Manage security exceptions and create trusted applications for controlled access.
  • Analyze IPS events and logs to identify and mitigate security threats.
  • Create and deploy custom signatures for tailored threat detection.
  • Configure firewall policies and implement adaptive mode for enhanced threat response.
  • Set up automatic responses and threat notifications for real-time alerts.
  • Perform system maintenance, policy updates, and best practices for IPS deployment.

Course Outline

Module 1: Introduction to McAfee Host Intrusion Prevention

  • Vulnerabilities, Exploits, Buffer Overflows, Attacks, Threats
  • Protection Levels
  • Host Intrusion Prevention
  • Components and Features
  • Supported Operating Systems
  • New Features

Module 2: Security Connected and ePolicy Orchestrator Overview

  • Introducing McAfee Security Connected
  • The manifestation of Security Connected
  • Security Connected Framework
  • Integration with Third-Party Products
  • Security Connected Solution Platform
  • Solution Overview
  • New for this Release
  • Basic Solution Components
  • Web Interface
  • Menu Pages
  • Customizing the User Interface
  • Architecture and Communication
  • User Interface
  • Functional Process Logic
  • Data Storage

Module 3: Managing Dashboards and Monitors

  • Dashboards Overview
  • Accessing the Dashboards Page
  • Types of Dashboards
  • Duplicating and Adding Dashboards
  • Assigning Dashboard Permissions
  • Dashboard Permissions Guidelines
  • Deleting a Dashboard
  • Adding Monitors to a Dashboard
  • Dashboards Server Settings
  • Editing the Automatic Refresh Interval
  • Assigning Default Dashboards
  • Configuring Dashboard Monitors
  • Resizing, Moving, and Removing Monitors
  • Concurrent Users (Console Connections)
  • Results of Load
  • Designing Dashboards
  • Changing the Default Session Timeout

Module 4: McAfee Agent

  • Agent Components
  • Agent-Server Secure Communication Keys
  • Communication after Agent Installation
  • Typical Agent-to-Server Communication
  • McAfee Agent-to-Product Communication
  • Forcing Agent Activity from Server
  • Wake-up Calls and Wake-up Tasks
  • Locating Agent Node Using DNS
  • Using System Tray Icon
  • Forcing McAfee Agent Activity from ClientAgent Files and Directories
  • Using Log Files
  • Installation Folders

Module 5: HIPS Server Planning and Installation

  • HIPS Installation on the ePO Server
  • Requirements
  • Extensions
  • Adding Software to the Master Repository
  • Software Manager
  • Installing Host IPS Extensions on the ePO Server
  • Checking in the Host IPS Client
  • Package into the Master Repository
  • Upgrading and Migrating Policies

Module 6: Windows Host IPS Client

  • Host IPS installation requirements
  • Installing the Client Remotely using ePO and Directly on the Client Computer
  • Post-Installation Client Changes
  • Registry Implementation
  • Client Services and Client-side Component Relationship
  • Downgrading and Removing the Client
  • Direct Client-Side Management
  • Verifying the Client is Running
  • Allowing the Disable of Features
  • Enabling Timed Group
  • Unlocking the Windows Client Interface
  • Responding to Spoof Detected Alerts
  • Managing IPS Protection, Rules, Host Firewall Policy Options, and Blocked Hosts List
  • Verifying Host IPS Events are Triggered Correctly
  • Client Logging and Troubleshooting
  • Investigating Performance Issues

Module 7: Host IPS General Policies

  • General Policies Overview
  • Configuring the Client User Interface Policy
  • Configuring Display Options
  • Enabling Advanced Functionality and Client Control
  • Trusted Networks Policy and Trusted Application
  • Creating and Editing Executables
  • Working with Multiple Instance Policies
  • Marking Applications as Trusted

Module 8: Intrusion Prevention Policies

  • Intrusion Prevention Overview
  • Benefits of Host Intrusion Prevention
  • IPS Options, Protection, Rules
  • Configuring IPS Options
  • Using Preconfigured Policies
  • Creating and Editing Policies
  • Setting Protective Reaction for Signature Severity Levels
  • Moving from Basic to Advanced Protection

Module 9: IPS Rules Policies

  • Overview of the IPS Rules
  • Host Intrusion Prevention Clients
  • IPS Protection with IPS Rules Policies
  • Host and Network IPS Signature Rules
  • Signature and Behavioral Rules
  • Signatures and Severity Levels
  • Working with IPS Rules Policies and Signatures
  • Multiple Instance Policies
  • Effective Policy for IPS Signatures
  • Multiple Instance Policies and the Effective Policy
  • VirusScan Access Protection and IPS Rules

Module 10: IPS Rules Policies – Application Protection

  • Application Blocking and Hooking
  • Prevent an Executable from Running (Black List)
  • Create, Editing or Viewing Executable Details
  • Blocking and Allowing Application Hooking
  • Customizing and Managing Rules
  • Process Hooking

Module 11: Configuring IPS Exceptions

  • Exception Rules
  • Configuring IPS Rules Exceptions
  • Creating Exceptions for Network IPS Rules
  • Applying OS Patches
  • Creating Trusted Applications
  • Adjusting Signature Severity Levels
  • Tuning Methods

Module 12: Working with IPS Events

  • Events and Event Logging
  • List of the HIPS Events Supported by ePO
  • Reacting to Events
  • Viewing Host IPS Events
  • Filtering Events
  • Creating an Exception Based on a Selected Event
  • Analyzing Events
  • Viewing Systems on which Selected Events Occur
  • Viewing Common Vulnerabilities and Exposures (CVE) Information
  • Creating Event-based Exceptions
  • IPS Signature Events
  • General Methodology for Reviewing Updates, Patch Systems and Applications

Module 13: Creating IPS Client Rules

  • IPS Client Rules Overview
  • Refining Policies Based on Use
  • Learning Mode
  • Adaptive Mode
  • Placing Clients in Adaptive or Learn Mode
  • Adaptive Mode Sequence
  • Managing IPS Client Rules
  • Create Exceptions Using IPS Client Rules
  • Reviewing Detail for IPS Client Rules
  • Retaining Existing Client Rules
  • Using the Property Translator Server Task

Module 14: Custom Signatures

  • Custom Signatures Overview
  • Methods for Creating Custom Signatures
  • Creating a Custom Signature
  • Using the Signature Creation Wizard
  • Creating Windows/Unix Files and Directories
  • Creating Signatures-Windows Registry
  • Using the Linux or Solaris Option to Create Signatures
  • Adding and Editing Sub-rules
  • Viewing General Information about Signature
  • Editing the Severity Level, Client Exception Permission, and Log Status of a Signature
  • Custom Signatures Components
  • File Rule Types and Examples
  • Troubleshooting Custom Signatures

Module 15: Automatic Responses and Threat Notification

  • Threat Notification and Tracing
  • Event Types, Formats, and Life Cycle
  • Automatic Response Process
  • Creating, Editing, Viewing, and Deleting Automatic Responses for Specific Event Types
  • Setting Filters, Aggregating Events, and Configuring Rule Actions
  • Creating Issues Executing Scheduled Tasks, and Running External Commands.
  • Variables Used in Notifications
  • Creating and Editing Automatic Responses
  • Filtering Events
  • Throttling and Aggregation
  • Default Automatic Response Rules
  • Planning Automatic Responses
  • Determining Events Forwarding
  • Automatic Responses Permission Set
  • Managing Issues
  • Creating Contacts

Module 16: Firewall Policies

  • Host IPS Firewall Overview
  • Firewall Protocol Support
  • Allowing Unsupported Protocols and Bridged Traffic
  • Understanding the State Table
  • Stateful Filtering and Protocol Tracking
  • How Firewall Rules Work
  • Firewall DNS Blocking
  • Working with Firewall Options Policies
  • Startup Protection and Protection Options
  • trusted source/Global Threat Intelligence

Module 17: Firewall Rules Policies

  • Configuring Firewall Policies
  • Firewall Rules Console
  • Default Policies
  • Typical Corporate Environment Policy
  • Firewall Groups
  • Creating New Firewall Rule
  • Using the Firewall Rule Builder
  • Using the Host IPS Catalog
  • Adding Rules from the Catalog
  • Creating Firewall Rule Groups
  • Adaptive Mode versus Learn Mode
  • Managing Firewall Client Rules
  • Refining Policies Based on Use
  • Responding To Firewall Alerts
  • Stateful Filtering in Adaptive or Learn Mode
  • Retaining Existing Client Rules
  • Firewall Theory
  • Basic Design Philosophies
  • Firewall Design Considerations
  • Firewall Planning

Module 18: Firewall Rule Groups

  • Host IPS Firewall Groups
  • Location-enabled Firewall Groups
  • Connection-aware Firewall Groups
  • Matching for Location-Aware Groups
  • Timed Groups in Firewall Policy

Module 19: Host Intrusion Prevention Maintenance

  • Server Tasks in ePO
  • Clearing Events
  • Generating Host IPS Reports/Queries
  • Reports
  • Dashboards and Queries
  • Running Predefined Host IPS Queries
  • Creating Custom Host IPS Queries
  • Client-side Policy Reporting
  • Default Dashboards
  • Vulnerability Shielding Updates
  • McAfee Agent Update Task
  • Manual Content Updating
  • McAfee Internet Sites
  • Creating an ePO Server Pull Task
  • Testing McAfee Host Intrusion Prevention Client
  • Adaptive Mode versus Learn Mode
  • Managing Firewall Client Rules
  • Refining Policies Based on Use
  • Responding To Firewall Alerts
  • Stateful Filtering in Adaptive or Learn Mode
  • Retaining Existing Client Rules
  • Firewall Theory
  • Basic Design Philosophies
  • Firewall Design Considerations
  • Firewall Planning

Module 20 – Host IPS Implementation and Best Practices

  • Pre-Installation Considerations and Deployment Planning
  • Best Practices
  • Step 1: Strategy and Planning
  • Lab or Real World?
  • Confirm Your Rollout Strategy
  • Timing and Expectations
  • Preparing the Environment
  • Step 2: Prepare the Pilot Environment
  • Using ePolicy Orchestrator
  • Step 3: Installation and Initial Configuration
  • Managing Protection
  • “Out-of-the-Box” Protection
  • Multiple Policy Instances
  • Notify End Users and Plan Escape Hatches
  • Enlist the Help Desk Team
  • Install Host IPS to Pilot Hosts
  • Check Pilot Systems for Proper Operation
  • Step 4: Initial Tuning
  • Host IPS Configuration and Initial Tuning
  • Tuning Methods
  • Fine-Tuning Policies
  • Security Tightening
  • Follow these Processes
  • More Tuning
  • Create Exceptions
  • Create Trusted Applications
  • Run Queries
  • Step 5: Optional Adaptive Mode
  • Adaptive Mode: Refine Policies Based on Use
  • Understanding Adaptive Mode
  • Adaptive Mode Limitations
  • Best Practices with Adaptive Mode
  • Potential Pitfalls in IPS Deployments
  • Step 6: Enhanced Protection and Advanced Tuning
  • Heightened Protection and Advanced Tuning
  • Step 7: Maintenance and Expansion Beyond IPS
  • Server Maintenance
  • Domain Controllers and Host IPS

Module 21 – ClientControl Utility

  • Deploying Host IPS with 3rd Party Product
  • ClientControl Logging
  • Command Line Syntax
  • Major Arguments
  • Argument – /help
  • Argument – /start and /stop
  • Stopping Host IPS Services
  • Argument – /log
  • Argument – /engine
  • Argument – /export
  • Argument – /readNaiLic
  • Argument- /exportConfig
  • Argument – /defConfig
  • Argument – /startupIPSProtection
  • Argument – /execInfo
  • Argument – /fwPassthru
  • fwinfo Utility

Module 22 – Linux Client

  • Linux Client Installation Requirements
  • Policy Enforcement with the Linux Client
  • Notes about the Linux Client
  • Removing the Linux Client
  • Troubleshooting the Linux Client
  • HIPTS – Troubleshooting Tool
  • Verifying Linux Installation Files
  • Stopping and Restarting the Linux Client

Module 23 – Solaris Client

  • Solaris Client Installation Requirements
  • Policy Enforcement with the Solaris Client
  • Solaris Zone Support
  • Installing the Solaris Client
  • Removing the Solaris Client
  • Troubleshooting the Solaris Client
  • HIPTS – Troubleshooting Tool
  • Verifying Solaris Installation Files
  • Stopping and Restarting the Solaris Client

Module 24 – Troubleshooting Host IPS Forums and Security Advisories

  • KnowledgeBase Articles for Host IPS
  • MERTool
  • Client Issues
  • Identify the Versions
  • Host IPS Engines
  • Installation Issues
  • McAfee Agent Logs
  • Policy, Event, and Client Rule Issues
  • Policy Update Issues
  • Verifying Policies – Static Configuration
  • Verifying Policies – Dynamic Policy
  • fwinfo.exe
  • Verifying Policies – FireCore Policy
  • Troubleshooting Host IPS
  • Troubleshooting the Host IPS Firewall
  • Troubleshooting Firewall Issues
  • Activity Log
  • Applying Service Packs
  • Escalation Process

What makes Koenig Solutions a Compelling Choice for McAfee HIPs – Host Intrusion Prevention System Administration Training?

Suggested Courses

What other information would you like to see on this page?
USD