|
|}
== How HBSS Worksworks ==
The heart of the HBSS is the McAfee ePolicy Orchestrator (ePO) management engine. The engine is responsible for:
* Providing a consistent front-end to the point products
* Ensure application patch compliance
<!----==== Security Compliancecompliance Profilerprofiler ====
The Securitysecurity Compliancecompliance Profilerprofiler (SCP) was one of the original products provided in HBSS Baseline 1.0. It was removed from HBSS as of Baseline 2.0 and replaced with the Policypolicy Auditorauditor component. The SCP is an integral component of ePO that provides enterprise-wide reporting on security patches, including the Microsoft® operating systems.<ref>'''System Compliance Profiler''',http://www.mcafee.com/us/enterprise/products/promos/system_security_management/epolicy_orchestrator/compliance_profiler.html, 3/14/2010</ref>
---->
=== McAfee Pointpoint Productsproducts ===
McAfee considers a point product to be the individual software applications controlled by the ePO server. The HBSS point products consist of the following:
* Host Intrusionintrusion Preventionprevention Systemsystem (HIPS)
* Policy Auditorauditor (PA)
* Assets Baselinebaseline Modulemodule (ABM)
* Rogue Systemsystem Detectiondetection (RSD)
* Device Controlcontrol Modulemodule (DCM)
* Asset Publishingpublishing Serviceservice (APS)
==== Host Intrusionintrusion Preventionprevention Systemsystem ====
The Hosthost Intrusionintrusion Preventionprevention Systemsystem (HIPS) consists of a host-based firewall and application-level blocking consolidated in a single product. The HIPS component is one of the most significant components of the HBSS, as it provides for the capability to block known intrusion signatures and restrict unauthorized services and applications running on the host machines.
==== Policy Auditorauditor ====
Policy Auditorauditor (PA) was introduced in HBSS Baseline 2.0. Policy Auditor is responsible for ensuring compliance with mandates such as: [[Payment Card Industry Data Security Standard]] (PCI DSS), [[Sarbanes–Oxley Act of 2002]] (SOX), [[Gramm–Leach–Bliley Act]] of 1999 (GLBA), [[Health Insurance Portability and Accountability Act of 1996]] (HIPAA), [[Federal Information Security Management Act of 2002]] (FISMA), as well as the best practice frameworks [[ISO 27001:2005]] and Control Objectives for Information and Relatedrelated Technologytechnology ([[COBIT]]). PA maps IT controls against predefined policy content, McAfee Policy Auditor helps report consistently and accurately against key industry mandates and internal policies across your infrastructure or on specific targeted systems. Policy Auditor is an agent-based IT audit solution that leverages the Security Content Automation Protocol (SCAP) to automate the processes required for internal and external IT audits.<ref>{{cite web|title=McAfee Policy Auditor|url=http://www.mcafee.com/us/products/policy-auditor.aspx|accessdate=15 November 2012}}</ref>
==== Assets baseline Baseline Modulemodule ====
The Assetsassets Baselinebaseline Modulemodule, released in Baseline 1.0 as a [[Governmentgovernment off-the-shelf]] (GOTS) product, is used to address system baseline configurations and changes in order to respond to [[INFOCON|Informationinformation Operationsoperations Conditioncondition (INFOCON)]] (INFOCON) changes necessary during times of heightened security threats to the system. During the initial deployment stages of HBSS, the Assetsassets Modulemodule was juvenile and lacked much of the products intended capabilities. However, the application has fully evolved into a robust and feature packed version capable of handling the original software's design goals. ABM was originally known as Assets 1.0. It was upgraded to Assets 2.0 in HBSS Baseline 2.0. Later it was called Assets 3000 in HBSS Baseline 3.0.
==== Rogue Systemsystem Detectiondetection ====
The Roguerogue Systemsystem Detectordetector (RSD) component of HBSS is used to provide real-time detection of new hosts attaching to the network. RSD monitors network segments and reports all hosts seen on the network to the ePO Server. The ePO Server then determines whether the system is connected to the ePO Serverserver, has a McAfee Agent installed, has been identified as an exception, or is considered rogue. The ePO Serverserver can then take the appropriate action(s) concerning the rogue host, as specified in the RSD policy. HBSS Baseline 1.0 introduced RSD 1.0. RSD was updated to 2.0 in HBSS Baseline 2.0.
==== Device Controlcontrol Modulemodule/Datadata Lossloss Preventionprevention ====
The DCM component of HBSS was introduced in HBSS Baseline 2.0 specifically to address the use of USB devices on DOD Networks. JTF-GNO CTO 09-xxx, ''Removableremovable Flashflash Mediamedia Devicedevice Implementationimplementation Withinwithin and Betweenbetween Department of Defense (DOD) Networksnetworks'' was released in March, 2009 and allowed the use of USB removable media, provided it meets all of the conditions stated within the CTO. One of these conditions requires the use of HBSS with the DCM module installed and configured to manage the USB devices attached to the system.<ref>Tom Conway, ''DOD Can Safely Use USB'',http://blogs.mcafee.com/enterprise/public-sector/dod-can-use-usb-securely, (Securitysecurity Insightsinsights Blogblog), 3/9/2010</ref> The DCM was renamed to the Datadata Lossloss Preventionprevention (DLP) in HBSS Baseline 3.0 MR3.
==== Assets Publishingpublishing Serviceservice ====
The Assetsassets Publishingpublishing Serviceservice (APS) of HBSS was introduced in HBSS Baseline 4.0 to allow for enclaves to report on asset information to a third-party DoD entity in a standards-compliant format. It adds contextual information to HBSS assets and allows for improved reporting features on systems relying on HBSS data.
== Obtaining HBSS ==
| 