McAfee ePolicy Orchestrator (McAfee ePO) is the most advanced, extensible, and scalable centralized security management software in the industry.
A single console for all your security management.
The latest version of McAfee products
To determine the ePO version number when you are logged on to ePO:
ePO 5.x: The version number is shown on the left pane of the Menu screen.
You can also determine the version by checking the version information contained within the server.ini file on the ePO server. You can open this file using Notepad.
The default location for the server.ini file is as follows:
…Program FilesMcAfeeePolicy OrchestratorDB
ePolicy Orchestrator software is an extensible management platform that enables centralized policy management and enforcement of your security policies.
Using ePolicy Orchestrator software, you can perform these network security tasks:
These components make up ePolicy Orchestrator software.
McAfee ePO server : The Center of your managed environment. The server delivers security policies and tasks, controls updates, and processes events for all managed systems.
Database : The central storage component for all data created and used by ePolicy Orchestrator. You can choose whether to house the database on your McAfee ePO server or on a separate system, depending on the specific needs of your organization.
McAfee Agent : A vehicle of information and enforcement between the McAfee ePO server and each managed system. The agent retrieves updates, ensures task implementation, enforces policies, and forwards events for each managed system. It uses a separate secure data channel to transfer data to the server. A McAfee Agent can also be configured as a SuperAgent.
Master repository : The central location for all McAfee updates and signatures, residing on the McAfee ePO server. The master repository retrieves user-specified updates and signatures from McAfee or from user-defined source sites.
Distributed repositories : Local access points strategically placed throughout your environment for agents to receive signatures, product updates, and product installations with minimal bandwidth impact. Depending on how your network is configured, you can set up SuperAgent, HTTP, FTP, or UNC share distributed repositories.
Remote Agent Handlers : A server that you can install in various network locations to help manage agent communication, load balancing, and product updates. Remote Agent Handlers are comprised of an Apache server and an event parser. They can help you manage the needs of large or complex network infrastructures by allowing you more control over agent-server communication.
Registered servers : Used to register other servers with your McAfee ePO server. Registered server types include:
LDAP server : Used for Policy Assignment Rules and to enable automatic user account creation.
SNMP server : Used to receive an SNMP trap. Add the SNMP server’s information so that ePolicy Orchestrator knows where to send the trap.
Database server : Used to extend the advanced reporting tools provided with ePolicy Orchestrator software.
ePolicy Orchestrator software is designed to be extremely flexible. It can be set up in many different ways, to meet your unique needs.
The software follows the classic client-server model, in which a client system (system) calls into your server for instructions. To facilitate this call to the server, a McAfee Agent is deployed to each system in your network. Once an agent is deployed to a system, the system can be managed by your McAfee ePO server. Secure communication between the server and managed system is the bond that connects all the components of your ePolicy Orchestrator software. The figure below shows an example of how your McAfee ePO server and components inter-relate in your secure network environment.
1 Your McAfee ePO server connects to the McAfee update server to pull down the latest security content.
2 The ePolicy Orchestrator database stores all the data about the managed systems on your network,including:
3 McAfee Agents are deployed to your systems to facilitate:
4 .Agent-server secure communication (ASSC) occurs at regular intervals between your systems and server. If remote Agent Handlers are installed in your network, agents communicate with the server through their assigned Agent Handlers.
5 .Users log onto the ePolicy Orchestrator console to perform security management tasks, such as running queries to report on security status or working with your managed software security policies.
6 .The McAfee update server hosts the latest security content, so your ePolicy Orchestrator can pull the content at scheduled intervals.
7 .Distributed repositories placed throughout your network host your security content locally, so agents can receive updates more quickly.
8.Remote Agent Handlers help to scale your network to handle more agents with a single McAfee ePO server.
9 .Automatic Response notifications are sent to security administrators to notify them that an event has occurred.
Console-to-application server communication port 8443 ( TCP port that the ePO Application Server service uses to allow web browser UI access )
Until you create additional policies, all computers are assigned the McAfee Default policy.
The McAfee Default policy is configured with settings recommended by McAfee to protect many environments and ensure that all computers can access important websites and applications until you have a chance to create a customized policy.
You cannot rename or modify the McAfee Default policy. When you add computers to your account, the McAfee Default policy is assigned to them. When you delete a policy that is assigned to one or more groups, the McAfee Default policy is assigned to those groups automatically.
The first time you create a new policy, the McAfee Default policy settings appear as a guideline. This enables you to configure only the settings you want to change without having to configure them all.
After you create one or more new policies, you can select a different default policy for your account. In the future, new policies will be prepopulated with these default settings, and the new default policy is assigned to new computers (if no other policy is selected) and groups whose policy is deleted.
Agent wake-up communication port SuperAgent repository port: 8081
(TCP port that agents use to receive agent wake-up requests from the ePO server or Agent Handler.
TCP port that the SuperAgents configured as repositories that are used to receive content from the ePO server during repository replication, and to serve content to client machines)
The SuperAgent is an agent with the ability to contact all agents in the same subnet as the SuperAgent, using the SuperAgent wakeup call. Its use is triggered by Global Updating being enabled on the ePolicy Orchestrator (ePO) server, and it provides a bandwidth efficient method of sending agent wakeup calls.
If you operate in a Windows environment and plan to use agent wake-up calls to initiate Agent-server communication, consider converting an agent on each network broadcast segment into a SuperAgent.
SuperAgents distribute the bandwidth load of concurrent wake-up calls. Instead of sending agent wake-up calls from the server to every agent, the server sends the SuperAgent wake-up call to SuperAgents in the selected System Tree segment. When SuperAgents receive this Wake-up call, they send broadcast wake-up calls to all agents in their network broadcast segments.
The process is:
1.Server sends a wake-up call to all SuperAgents.
2.SuperAgents broadcast a wake-up call to all agents in the same broadcast segment.
3.All agents (regular agents and SuperAgents) exchange data with the server.
4.An agent without an operating SuperAgent on its broadcast segment is not prompted to communicate with the server.
To deploy enough SuperAgents to the appropriate locations, first determine the broadcast segments in your environment and select a system (preferably a server) in each segment to host a SuperAgent. Be aware that agents in broadcast segments without SuperAgents do not receive the broadcast wake-up call, so they do not call in to the server in response to a wake-up call.
Agent and SuperAgent wake-up calls use the same secure channels. Ensure that:
Agent handlers are the component of ePolicy Orchestrator that handles communications between agent and server.
Multiple remote handlers can help you address scalability and topology issues in your network, and in some cases using multiple agent handlers can limit or reduce the number of ePO servers in your environment. They can provide fault tolerant and load-balanced communication with a large number of agents including geographically distributed agents.
Agent handlers distribute network traffic generated by agent-to-server communication by assigning managed systems or groups of systems to report to a specific agent handler. Once assigned, a managed system performs regular ASCIs to its agent handler instead of the main ePO server. The handler provides updated site lists, policies, and policy assignment rules just as the ePO server does. The handler also caches the contents of the master repository, so that agents can pull product update packages, DATs, and other necessary information.
How you manage your scalability depends on whether you use multiple McAfee ePO servers, multiple remote Agent Handlers, or both.With ePolicy Orchestrator software, you can scale your network vertically or horizontally.
Vertical scalability: Adding and upgrading to bigger, faster hardware to manage larger and larger deployments. Scaling your McAfee ePO server infrastructure vertically is accomplished by upgrading your server hardware, and using multiple McAfee ePO servers throughout your network, each with its own database.
Horizontal scalability : Accomplished by increasing the deployment size that a single McAfee ePO server can manage. Scaling your server horizontally is accomplished by installing multiple remote Agent Handlers, each reporting to a single database.
Depending on the size and make-up of your organization, using multiple McAfee ePO servers might be required.
Some scenarios in which you might want to use multiple servers include:
Multiple remote Agent Handlers help you manage large deployments without adding additional McAfee ePO servers to your environment.
The Agent Handler is the component of your server responsible for managing agent requests. Each McAfee ePO server installation includes an Agent Handler by default. Some scenarios in which you might want to use multiple remote Agent Handlers include:
Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside the corporate network. The term is also used to describe software products that help a network administrator control what data end users can transfer.
Endpoint Encryption for PC (EEPC) is a computer security system that prevents data stored on a hard drive from being read or used by an unauthorized person. With EEPC, users are forced to identify themselves to the security system when the computer is started.
This is done by requiring up to three authentication methods:
If the person accessing the computer fails to enter the correct information, EEPC prevents access to the computer as well as the encrypted data stored within. To gain access to an EEPC protected PC when using a smart card, users must insert their card into the reader when the EEPC authentication screen is displayed, then type their password and optional user ID. After the smart card verifies the password and EEPC has established that the correct token is used, the user is then granted access to the computer.
On the server side, ePO consists of three separate services:
Under certain circumstances, particularly when there is a problem with the database, it is possible the Event Parser service stops working. This prevents new events from being added to the database, essentially leaving you blind. Check whether the Event Parser service is running and correct any problems if this is not the case.
Tags allow users to create labels that can be applied to systems manually or automatically, based on the criteria assigned to the tag.
Similar to IP sorting criteria, you can use tags for automated sorting into groups. Tags are used to identify systems with similar characteristics. If you organize some of your groups by such characteristics, you can create and assign tags based on such criteria and use these tags as group sorting criteria to ensure these systems are automatically placed within the appropriate groups.
You can do the following with tags:
Types of tags
There are two types of tags:
Tags without criteria : These tags can be applied only to selected systems in the System Tree (manually) and systems listed in the results of a query (manually or on a scheduled basis).
Criteria-based tags : These tags are applied to all non-excluded systems at each agent-server communication. Such tags use criteria based on any properties sent by agent. They can also be applied to all non-excluded systems on-demand.
McAfee Agent communicates with the McAfee ePO server periodically to send events and, ensure all settings are up-to-date.
These communications are referred to as agent-server communication. During each agent-server communication, McAfee Agent collects its current system properties, as well as events that have not yet been sent, and sends them to the server. The server sends new or changed policies and tasks to McAfee Agent, and the repository list if it has changed since the last agent-server communication. McAfee Agent enforces the new policies locally on the managed system and applies any task or repository changes.
The McAfee ePO server uses an industry-standard Transport Layer Security (TLS) network protocol for secure network transmissions.
When the McAfee Agent is first installed, it calls in to the server within few seconds. Thereafter, the McAfee Agent calls in whenever one of the following occurs:
The Agent-to-Server Communication Interval (ASCII) default setting is 60 minutes means that McAfee Agent contacts the McAfee ePO server once every hour.
McAfee ePO Admin Related Tutorials
|Security Testing Tutorial|
McAfee ePO Admin Related Interview Questions
|CISSP(Certified Information Systems Security Professional) Interview Questions||Security Testing Interview Questions|
|Oracle Security Interview Questions||Java security Interview Questions|
|Code Access Security (CAS) Interview Questions||Check Point Certified Security Administrator (CCSA) Interview Questions|
|Application Security Interview Questions||Spring Security Interview Questions|
|SQL Server Security Interview Questions||Information Security Analyst Interview Questions|
|Cloud Security Interview Questions||Bid Security Enhancement (BSE) Interview Questions|
McAfee ePO Admin Related Practice Tests
|CISSP(Certified Information Systems Security Professional) Practice Tests||Java security Practice Tests|
|Check Point Certified Security Administrator (CCSA) Practice Tests|
All rights reserved © 2020 Wisdom IT Services India Pvt. Ltd
Wisdomjobs.com is one of the best job search sites in India.