Host Based Security System: Difference between revisions

=== Significant HBSS Datesdates ===

== HBSS Componentscomponents ==

Throughout its lifetime, HBSS has undergone several major baseline updates as well as minor maintenance releases. The first major release of HBSS was known as Baseline 1.0 and contained the McAfee ePolicy Orchestratororchestrator engine, HIPS, [[Softwaresoftware Compliancecompliance Profilerprofiler]] (SCP), [[Roguerogue Systemsystem Detectiondetection]] (RSD), [[Assetasset Baselinebaseline Managermanager]] (ABM), and [[Assets]]assets software. As new releases were introduced, these software products have evolved, had new products added, and in some cases, been completely replaced for different products.

=== HBSS Baseline 4.5 MR2 Componentscomponents ===

==== Microsoft Productsproducts ====

! Software Applicationapplication

| Microsoft .NET Frameworkframework

| Microsoft .NET Frameworkframework

| Microsoft .NET Frameworkframework

| Microsoft .NET Frameworkframework

==== Optional Productsproducts/Componentscomponents ====

! Software Applicationapplication

| Symantec SEP/SAV Integrationintegration Extensionextension

| 8.7.0.570 (Evaluationevaluation)

| VirusScan Enterprise 8.7 Extensionextension

| VirusScan Reportreport Extensionextension

==== SIPRNet-only Only Productsproducts/Componentscomponents ====

! Software Applicationapplication

The heart of the HBSS is the McAfee ePolicy Orchestratororchestrator (ePO) management engine. The engine is responsible for:

Policy auditor (PA) was introduced in HBSS Baseline 2.0. Policy Auditorauditor is responsible for ensuring compliance with mandates such as: [[Payment Card Industry Data Security Standard]] (PCI DSS), [[Sarbanes–Oxley Act of 2002]] (SOX), [[Gramm–Leach–Bliley Act]] of 1999 (GLBA), [[Health Insurance Portability and Accountability Act of 1996]] (HIPAA), [[Federal Information Security Management Act of 2002]] (FISMA), as well as the best practice frameworks [[ISO 27001:2005]] and Control Objectives for Information and related technology ([[COBIT]]). PA maps IT controls against predefined policy content, McAfee Policy Auditor helps report consistently and accurately against key industry mandates and internal policies across your infrastructure or on specific targeted systems. Policy Auditor is an agent-based IT audit solution that leverages the Security Content Automation Protocol (SCAP) to automate the processes required for internal and external IT audits.<ref>{{cite web|title=McAfee Policy Auditor|url=http://www.mcafee.com/us/products/policy-auditor.aspx|accessdate=15 November 2012}}</ref>

The rogue system detector (RSD) component of HBSS is used to provide real-time detection of new hosts attaching to the network. RSD monitors network segments and reports all hosts seen on the network to the ePO Server. The ePO Server then determines whether the system is connected to the ePO server, has a McAfee Agentagent installed, has been identified as an exception, or is considered rogue. The ePO server can then take the appropriate action(s) concerning the rogue host, as specified in the RSD policy. HBSS Baseline 1.0 introduced RSD 1.0. RSD was updated to 2.0 in HBSS Baseline 2.0.

The DCM component of HBSS was introduced in HBSS Baseline 2.0 specifically to address the use of USB devices on DOD Networksnetworks. JTF-GNO CTO 09-xxx, ''removable flash media device implementation within and between Department of Defense (DOD) networks'' was released in March, 2009 and allowed the use of USB removable media, provided it meets all of the conditions stated within the CTO. One of these conditions requires the use of HBSS with the DCM module installed and configured to manage the USB devices attached to the system.<ref>Tom Conway, ''DOD Can Safely Use USB'',http://blogs.mcafee.com/enterprise/public-sector/dod-can-use-usb-securely, (security insights blog), 3/9/2010</ref> The DCM was renamed to the data loss prevention (DLP) in HBSS Baseline 3.0 MR3.

According to JTF-GNO CTO 07-12, all DOD agencies are required to deploy HBSS to their networks. DISA has made HBSS software available for download on their [[Public key infrastructure|PKI]] protected [https://patches.csd.disa.mil/ patch server]. Users attempting to download the software are required to have a [[Commoncommon Accessaccess Cardcard]] (CAC) and be on a .mil network. DISA provides software and updates free of charge to DOD entities.

Additionally, HBSS Administratorsadministrators require the satisfactory completion of HBSS training and are commonly appointed by the unit or section commander in writing.

In order to receive and administer an HBSS Systemsystem, Systemsystem Administratorsadministrators must satisfactorily complete online or in class HBSS Trainingtraining as well as be identified as an HBSS Administratoradministrator. Online training takes 30 hours to complete while in class training requires four days, excluding travel. An advanced HBSS class is also available to HBSS Administratorsadministrators wishing to acquire a more in-depth knowledge of the system. HBSS online and in class training is managed by DISA and information pertaining to these training classes can be obtained at the DISA [http://iase.disa.mil Information Assurance Support Environment] (IASE) website.

== HBSS Supportsupport ==

The DISA [[Fieldfield Securitysecurity Officeoffice]] (FSO) provides free technical support for all HBSS Administrators through their help desk. DISA has three tiers of support, from Tier I to Tier III. Tier I and Tier II support is provided by DISA FSO, while Tier III support is provided by McAfee. DISA FSO Support is available using one of the following methods:<ref>''IA Tools'', http://iase.disa.mil/tools/index.html, 3/14/2010</ref>

== The Futurefuture of HBSS ==