Fine-tuning
After you install the Host Intrusion Prevention software, McAfee recommends that you configure it to provide the greatest amount of security while not conflicting with day-to-day activities. The default policies in Host Intrusion Prevention fit the broadest set of customer environments and may meet your needs. To fine-tune policies to fit your particular setting, we recommend the following practices:
- Carefully define your Host Intrusion Prevention security configuration. Evaluate who is responsible for configuring particular parts of the system and grant them appropriate access.
- Change the default IPS Protection or Firewall Rules policies, which provide increasing levels of preset protection.
- Modify severity levels of specific signatures. For example, when a signature is triggered by day-to-day work of users, adjust the severity level to a lower level. For more information, refer to Configuring the IPS Protection policy.
- Configure notifications, which alert specific individuals when particular events occur. For example, a notification can be sent when an activity that triggers a High severity event occurs on a particular server. For more information, refer to Setting up notifications for events.
Copyright © 2006 McAfee, Inc. All Rights Reserved.