Solved

Mcafee vulnerability manger 7.5 logical architecture

Posted on 2014-03-12
3
949 Views
Last Modified: 2014-03-19
HI Guies,

I am new to Mcafee MVM,fomarly known as foundstone.I have gone through their Product guide nad deployment guide.I am trying to draw logical architecture diagram for my enterprise to better understand components position and connectivity I need a generic diagram/Deployment scenario diagram.Can you please help?

Regards,
Rtantra
0
Comment
Question by:Rahul Patil
  • 2
3 Comments
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 39926225
hope this can help as starter, but eventuallt the MVM should be working with SIEMS capable to give the whole situational awareness of the security state of the environment monitored and goverance. MVM sensor sieve out the vulnerability (like sensor) and feeds this into its central Mvm mgr to provide the overview and the syslog or information can be further piped to SIEMS for bigger picture

https://community.mcafee.com/thread/26241?decorator=print&displayFullThread=true

And in broader sense as in this image across different locality and its intelligence feeds/signature online @ http://avaxhome.cc/pictures/145036

I see it no different from asset discovery as a whole  as it scan the network and grab the information to map the network kinda nessus deployment type ..
0
 
LVL 4

Author Comment

by:Rahul Patil
ID: 39937075
Thanks bredtan for the links.Do o you know some other architecure diagram links that will show deployment scenario diagrams like server roles installed in one or three servers?

Regards,
Rtantra
0
 
LVL 63

Expert Comment

by:btan
ID: 39937143
Not that I know it is publicly available on real deployment but the guide in page 21-23 may help.  It can be a practice is ideally the MVM should be an out of band or separate segment doing the scanning to minimise production traffic since the scanning is not a daily affair but scheduled most of the time to continuous maintain security posture up to mark. There again, key is the scan can reach the service in that targeted segment ultimately.

Different environments will differs as certain network may not be interconnected esp to consider the geographic challenges and firewalls guarding the segment targeted for scanning. We do want to plan such that scan engine is able to reach the maximum number of assets with as few firewalls or packet filtering devices as possible. Also we should consider slow network such as WAN link, whereby a scan avoid being held in an infinite waiting state.

Depending on the logistics and size of your network, you might need more than one scan engine to scan the network. E.g.

- For small networks and product evaluations: (0–2,500 IPs), single server

- For small to midsized deployments (more common one): (2,500–10,000 IPs),  Two servers: One configured as enterprise manager web portal and the other configured as a
database, API server, scan controller, and a scan engine with additional components.

- For large, distributed environments: (10,001–20,000 IPs), same as the midsized and add one more server for dedicated scan engine.

- For large, global, distributed and diverse networks: (20,001 - >100,000 IPs), 3 of the server as compared to midsized/large env, multiple secondary scan engines.

Also some extract from the guide to help

When two product servers are used, McAfee recommends that you deploy the enterprise manager on one system and the other product components on the second system. This provides more security because the enterprise manager can be placed outside your firewall, so users can access it, while the second system can be placed inside the firewall to gather accurate data from scanned systems.

However, having the scan engine and scan controller on the same system as the database can slow performance, based on the amount of data being processed. To improve performance when using two product servers, you could separate the scan engine and scan controller from the database. For example: the enterprise manager, scan engine,and scan controller on one system and the database and other MVM components on the second system.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
I've been an avid user and supporter of Malwarebytes Premium Version 2.x for years. It's an excellent product that runs alongside just about any Anti-Virus application without issues. It seems to have an uncanny ability to pick up many things that A…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question