McAfee firewall 4.0 Manual De Usuario
Product Guide
43
5
McAfee Firewall’s Intrusion
Detection System
Detection System
About Intrusion Detection
Unlike other intrusion detection tools, McAfee Firewall’s powerful Intrusion
Detection System (IDS) is simple to configure and activate. Instead of
requiring users to learn and understand a complex set of attacks to build their
own defense lines against intrusions, McAfee Firewall’s development team
created a tool that, when activated with the click of a button, detects common
attack types and suspicious activity.
Detection System (IDS) is simple to configure and activate. Instead of
requiring users to learn and understand a complex set of attacks to build their
own defense lines against intrusions, McAfee Firewall’s development team
created a tool that, when activated with the click of a button, detects common
attack types and suspicious activity.
Unprotected computers can be victimized. For example, attackers can use a
TCP port scan to find out what services you are running on your machine.
Once this is accomplished, they can try to connect to those services and attack
your computer. If the attacker discovers that you are running a TELNET, ftp,
or Web server, the attacker can try each of your computer’s ports sequentially,
from 1 to 65535, until an open port is found that they can connect to.
TCP port scan to find out what services you are running on your machine.
Once this is accomplished, they can try to connect to those services and attack
your computer. If the attacker discovers that you are running a TELNET, ftp,
or Web server, the attacker can try each of your computer’s ports sequentially,
from 1 to 65535, until an open port is found that they can connect to.
McAfee Firewall’s IDS feature looks for specific traffic patterns used by
attackers. McAfee Firewall checks each packet that your machine receives to
detect suspicious or known attack traffic. For example, if McAfee Firewall sees
ICMP packets, it analyzes those packets for suspicious traffic patterns by
comparing the ICMP traffic against known attack patterns. When McAfee
Firewall matches packets with a known attack pattern, the software generates
an event to warn you of a possible security breach.
attackers. McAfee Firewall checks each packet that your machine receives to
detect suspicious or known attack traffic. For example, if McAfee Firewall sees
ICMP packets, it analyzes those packets for suspicious traffic patterns by
comparing the ICMP traffic against known attack patterns. When McAfee
Firewall matches packets with a known attack pattern, the software generates
an event to warn you of a possible security breach.
When intrusion detection is on, traffic is checked by the intrusion detection
system. When intrusion detection is active and McAfee Firewall detects an
attack, you can block further communication from the suspected machine’s IP
address indefinitely or for a specific time period. When an attack is detected,
McAfee Firewall alerts you with a Windows system tray notification.
system. When intrusion detection is active and McAfee Firewall detects an
attack, you can block further communication from the suspected machine’s IP
address indefinitely or for a specific time period. When an attack is detected,
McAfee Firewall alerts you with a Windows system tray notification.
NOTE
Because McAfee Firewall is analyzing packets and looking for
patterns of packets that identify specific types of attacks, this
feature may result in a very slight impact on your machine’s
performance.
patterns of packets that identify specific types of attacks, this
feature may result in a very slight impact on your machine’s
performance.
How to Configure the Intrusion Detection System
Use the steps below to configure McAfee Firewall’s intrusion detection
system:
system:
1
From the McAfee Firewall Home page, click Advanced Tasks.