McAfee Application Control / Change Control Administration

McAfee Application Control / Change Control Administration Training
McAfee Application Control / Change Control Administration
  • McAfee Application Control / Change Control Administration

    4 dager
    Network Security
    1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
    Loading...

    Reviews

    Course Details

    Oversikt

    The McAfee University Application Control / Change Control Administration course enables attendees to receive in-depth training on the full benefits and deployment of McAfee Application Control / Change Control products. Enabling administrators to fully understand the capabilities of their security solution not only reduces the risks of mis-configuration but also ensures an organization gets the maximum protection from their installation.

    Mål

    • Understand the capabilities of McAfee’s Application Control / Change Control solution
    • Install and administer
    • Manage remote
    • Protect end points.

    Innhold

    Module 1: Introduction to the McAfee Application  Control/Change Control

    • What is MACCC?
    • Supported Operating Systems
    • Solidcore Architecture
    • Multi-layered Security Solution
    • Whitelisting
    • Trust Model
    • Image Deviation
    • Differentiators
    • Visibility and Enforcement for End- to-end Compliance
    • File Integrity Monitoring
    • Change Prevention
    • Install Workflow
    • Navigation to Solidcore Components
    • Solidcore Configuration
    • Updaters or Publishers
    • Solidcore Configuration
    • Installers
    • Solidcore Policies
    • Windows Path Definitions
    • Solidcore Server Tasks
    • Solidcore: Purge Task
    • Migration Server Task
    • Calculate Predominant Observations (Deprecated)
    • Content Change Tracking Report Generation
    • Solidcore: Run Image Deviation
    • Image Deviation (Application Control)
    • Specifying a Golden Image
    • Solidcore: Scan a Software Repository

    Module 2: Planning a McAfee® ePolicy Orchestrator™ Deployment

    • Platform Requirements
    • ePO Server Hardware Requirements
    • ePO Server Operating Systems
    • ePO Server Prerequisite Software
    • Supported Web Browsers
    • Supported SQL Server Releases
    • Default Communication Ports
    • Default Ports
    • Determining Ports in Use
    • Virtual Infrastructure Requirements
    • Deployment Guidelines
    • Deployment Scenario: Basic Plan
    • Solution A: One ePO Server
    • Solution B: Two ePO Servers
    • Solution C: ePO server with Agent Handlers
    • Deployment Scenario: Disk Configuration
    • Solution: Less than 5,000 Nodes
    • Solution: 5,000 to 25,000 Nodes
    • Deployment Scenario: Disk Configuration
    • Solution: 25,000 to 75,000 Nodes
    • Solution: More than 75,000 Nodes
    • Database Sizing
    • How Products and Events Affect Calculations
    • Example: Calculating Averages
    • Calculating Your Environment
    • Managing Scalability
    • Environmental Factors

    Module 3: Security Connected and McAfee® ePolicy Orchestrator™ Overview

    • Security Evolution
    • Security Connected
    • Breadth and Depth for Security
    • ePO Solution Overview
    • New for this Release
    • Basic Solution Components
    • How ePO Works
    • Essential Features
    • Integration with Third-Party Products
    • ePO Web Interface
    • Menu Page
    • Customizing the User Interface
    • Architecture and Communication
    • Functional Process Logic
    • Data Storage

    Module 4: McAfee® Agent

    • McAfee Agent Overview
    • New for This Release
    • Agent Components
    • Agent-Server Secure Communication Keys
    • Communication after Agent Installation
    • Typical Agent-to-Server Communication
    • McAfee Agent-to-Product Communication
    • Forcing Agent Activity from Server
    • Wake-up Calls and Wake-up Tasks
    • Configuring Agent Wake-up
    • Locating Agent Node Using DNS
    • Using System Tray Icon
    • Forcing McAfee Agent Activity from Client
    • Viewing McAfee Agent Log
    • ePO 4.x/McAfee Agent 4.x Feature Dependencies
    • Agent Files and Directories
    • xml
    • McAfee Agent Log Files
    • Using Log Files
    • Installation Folders

    Module 5: Application Control/Change Control Extension  Installation

    • Extensions in ePO
    • Extensions Menu
    • Integration of AC/CC Extension
    • Installation Requirements
    • System Requirements
    • ePO Database Sizing
    • Installation of Extension
    • Solidcore Licensing
    • What is Solidcore?
    • Install Workflow Review
    • Installing Licenses
    • Solidcore Database Tables

    Module 6: Solidcore Client

    • Solidcore Architecture
    • The agent plug-in and how it works
    • Types of Platforms Protected
    • Supported Systems
    • Check in Agent Plug-in Package into ePO
    • Deploying the Solidcore Agent Plug- in
    • Verifying Installation from the Endpoint
    • Solidcore Client Tasks
    • Enable Solidcore Agent Task
    • Disable Solidcore Agent Task
    • Initial Scan to Create Whitelist
    • Pull Inventory
    • Begin Update Mode
    • End Update Mode
    • Change Local CLI Access
    • Collect Debug Info
    • Run Commands
    • Get Diagnostics for Programs
    • Features for the Client
    • Client Notifications and Events
    • Client Events and Approvals
    • Customizing Client Notifications

    Module 7: Application Control Initial Configuration

    • What are Observations?
    • Observe Mode
    • Manage requests
    • Review requests
    • Process requests
    • Allow by checksum on all endpoints
    • Allow by publisher on all endpoints
    • Ban by checksum on all endpoints
    • Define custom rules for specific endpoints
    • Allow by adding to whitelist for specific endpoints
    • Define bypass rules for all endpoints
    • Delete requests
    • Review created rules
    • Throttle observations
    • Define the threshold value
    • Review filter rules
    • Manage accumulated requests
    • Exit Observe mode
    • Inventory Introduction
    • Fetch Inventory
    • GTI Integration
    • Trust level and score
    • Cloud Trust Score
    • Inventory Without Access to GTI
    • Fetch McAfee GTI ratings for isolated networks
    • Export SHA1s of all binaries
    • Run the Offline GTI tool
    • Fetch Inventory – Bad File Found Event
    • Manage the inventory
    • Manage Binaries
    • Application Control Policies
    • Role of the Policy
    • Application Control Configuration
    • Managing Rule Groups
    • Creating an Application Control Rule Group
    • Updater Tab
    • Trusted Users
    • Exceptions
    • Using a Rule Group to Block an Application

    Module 8: Application Control Feature Administration

    • What is Update Mode?
    • How to Update a Solidified System
    • Auto-Updaters
    • Authorized Updaters
    • Determining Updaters
    • Understanding Publishers
    • Understanding Installers
    • Scan a Software Repository
    • Revisit – Solidcore Permission Sets
    • Reboot Free Activation
    • Inventory Management Enhancements
    • Inventory Management – Pull Inventory
    • Inventory By Application
    • Inventory By Systems
    • Inventory Application Drill-down
    • Inventory Binary Drill-down
    • Search Filters
    • Modifying Enterprise Trust Level

    Module 9: Event and Alerts

    • Understanding Events
    • What Creates an Event
    • When Are Events Sent Back?
    • Viewing Events
    • Advanced Filters
    • Selecting Columns to Display
    • Viewing the Details of an Event
    • Solidcore Events
    • Example of Solidcore Events
    • Application Control Events
    • Planning Automatic Responses
    • Throttling, Aggregation, and Grouping
    • Alerts
    • Understanding Alerts
    • Scenarios
    • Configuring a Solidcore Alert
    • Viewing an Alert
    • Support of SNMP Alerts
    • Customizing End User Notifications
    • Syslog Enhancements

    Module 10: Change Control Initial Configuration

    • Application Control & Change Control
    • Change Control & Integrity Monitoring
    • Scenario
    • File Integrity Monitoring
    • Workflow
    • Disable Solidcore
    • Enable Solidcore on the Endpoint
    • Verifying Client Task Completion
    • Integrity Monitoring Policies
    • Using Integrity Monitor
    • Creating an Integrity Monitor policy
    • Integrity Monitoring Policies
    • Testing your Monitoring
    • Reducing “Noise”
    • Example of Reducing “Noise”

    Module 11: Using the Policy Catalog and Managing Policies

    • Change Control Policies
    • Role of the Policy
    • Variables for Use in Policies
    • Example of Variables in a Rule Group
    • Scenario
    • Write Protect a File, Trusted Program can Alter
    • Write Protect a Registry Key, Program can Alter
    • Write Protect a File, Trusted User can Alter
    • Verifying only Trusted User can Alter
    • Read Protection must be Enabled
    • Read Protect a File, Trusted Program can Access
    • Emergency Changes
    • Content Change Tracking
    • One Click Exclusion (Advanced Exclusion Filtering)
    • One Click Exclusion Configuration
    • Troubleshooting

    Module 12: Dashboards and  Reporting

    • The Dashboard
    • ePO Dashboards
    • Queries As Dashboard Monitors
    • Dashboard Access
    • Dashboard Configuration
    • Solidcore Dashboards
    • Application Control Dashboard
    • Change Control Dashboard
    • Integrity Monitor Dashboard
    • Inventory Dashboard
    • Solidcore Queries
    • Reporting > Solidcore
    • Application Control > Inventory
    • Application Control > Image Deviation
    • Automation > Solidcore Client Task Log
    • Scenario
    • Creating a Customized Dashboard
    • Making a Dashboard Public
    • Set the Default Dashboard

    Module 13: Troubleshooting

    • Solidcore Architecture and Components
    • Solidcore 6.1.3 Architecture
    • Troubleshooting References
    • Location of Solidcore Files on Endpoint
    • ePolicy Orchestrator Application Server Service Logs
    • Solidcore Registry Keys on Endpoint
    • Solidcore Services
    • Troubleshooting Best Practice
    • Escalation Best Practices
    • Troubleshooting GTI Cloud Issues Best Practice
    • Top Issues – Task Failure
    • Top Issues – Denied Execution Issues
    • Top Issues – Denied Execution of a Network Share
    • Top Issues – Network Share
    • Top Issues – KB
    • Useful Tools
    • Solidcore Event Logs
    • Solidcore User Notifications
    • Solidcore Troubleshooting Tools
    • Escalation Tools
    • Solidcore Database Tables
    • Minimum Escalation Requirements (MER)
    • Running MER Tool on Client
    • Dump Tools

    Module 14: Case Studies

    • A Case from History
    • Unpatched, Known Vulnerabilities in the Client
    • Browser-based Exploits
    • The Remedy
    • Application Whitelisting
    • Increasing Compliance Requirements
    • Remedy
    • File Monitoring
    • Complete the Task

    Module 15: CLI Administration

    • Solidcore CLI
    • Location of Solidcore Files on Endpoint
    • Viewing the CLI Access
    • Enabling the CLI
    • Unlocking the CLI Locally
    • Securing the CLI
    • Using the CLI
    • SADMIN Commands
    • Solidifying from the CLI
    • Unsolidifying
    • What is Solidcore’s Status?
    • Beginning the Update Status
    • Ending the Update Status
    • Enabling and Disabling Solidifier
    • SADMIN Commands
    • Advanced SADMIN Commands
    • Solidcore Commands
    • New CLI Commands
    • Application Control Rules & Helpful Commands
    • Read/Write Protect Files
    • Change Control Commands – Write Protection
    • How To Write Protect a File
    • Modifying a Read/Write Protected Files
    • Change Control Features – Write Protection
    • Application Control
    • Authorize Command Arguments
    • Discovering and Adding Updaters
    • SADMIN Diag Notations
    • Discovering and Adding Updaters
    • Using Attributes to Control File Execution
    • Attributes
    • Using Attributes to Control File Execution
    • Viewing Solidcore Events
    • Event Sinks
    • Logging Events
    • Event Names and Log Entries
    • Product Tools

    Module 16: Best Practices

    • Review of Initial Setup Tasks
    • Systems Tree Infrastructure
    • Communication between ePO and Agent
    • Activation Options: Application Control Only
    • Inventory Collection Scan
    • Protection State Selection
    • Protection State Delivery
    • Testing Protection mechanisms
    • Policies and Rule Groups
    • Policy Tuning
    • Bypass Rules and Exclusions
    • Inventory and Whitelist
    • Updaters
    • Application Control Memory Protection
    • Maintenance
    • Basic Troubleshooting and FAQs
    • Solving Memory Discrepancies
    • Helpful Resources

    Målgruppe

    • System and network administrators, security personnel, auditors, and/or consultants concerned with network and system security should take this

    Forkunnskaper

    It is recommended that the students have a working knowledge of Microsoft Windows administration, system Administration concepts, a basic understanding of computer security concepts, and a general understanding of viruses and anti-virus technologies.

    Kursplan

      Feb 27 - Mar 2, 2018
    Oslo
      May 29 - Jun 1, 2018
    Oslo
      Sep 3 - Sep 6, 2018
    Oslo
      Nov 26 - Nov 29, 2018
    Oslo