Network Security Platform 7.5.5.6-7.5.3.10 NTBA Release ... - McAfee

NTBA Appliance Release NotesNetwork Security Platform 7.5Revision AContentsAbout this documentNew featuresResolved issuesKnown issuesInstallation instructionsProduct documentationAbout this documentThis release notes is to announce the availability of a maintenance release for McAfee Managersoftware version 7.5. This release provides enhancements and few fixes on the Manager software.The software combination recommended by McAfee to use along with this release of Manager softwareare as listed below:• Network Security Manager software version: 7.5.5.6• Signature set: 7.6.8.1• NTBA Appliance software version: 7.5.3.10This version of 7.5 Manager software can be used to configure and manage the following hardware:I‐series Sensors, M‐series Sensors, N–series Sensors, NS–series Sensors, XC Cluster, and NTBAAppliances. This version of 7.5.5 Manager can be used to configure and manage 7.1.5 NS‐seriesSensors.Manager software version 7.5 and above are not supported on Dell‐based Manager Appliances.New featuresNS‐series Sensor supportThis release of 7.5 supports the next generation McAfee ® Network Security Platform hardware,NS‐series Sensor models: NS9100 and NS9200. The high‐port density NS‐series Sensors are designedfor high bandwidth links, to provide IPS/IDS capability with an aggregate performance of up to 20Gbps on NS9200 and 10 Gbps on NS9100 while monitoring segments in the full duplex mode (tap orinline).1

The NS‐series Sensors provide industry‐leading reliability and Active‐active high availability. They meetvarious regulatory, compliance, and safety requirements and provide a robust Sensor capacity. TheNS‐series Sensors are flexible to adapt to the security needs of any enterprise environment. Whendeployed at key network access points, they provide real‐time monitoring on high traffic loads todetect malicious activity and respond to the malicious activity as configured by the administrator.The NS‐series Sensor is a 2RU device.Features not supported by NS‐series Sensor• Jumbo frame parsing• Traffic Management• Packet capture• VLAN BridgingFor more details, see the NS‐series Sensor Product Guide.Manager infrastructure enhancementsIn Manager software release 7.5.5, the following enhancements are supported for Manager server andManager client:OS support for Manager Server installationIn the previous 7.5.3.x Manager version, Manager server installation were supported for the followingOS:• Windows Server 2008 R2 Standard or Enterprise Edition, English OS, SP1 (64 bit) (Full Installation)• Windows Server 2008 R2 Standard or Enterprise Edition, Japanese OS, SP1 (64 bit) (FullInstallation)With this release, in addition to the above OS , Windows Server 2012 Standard (Server with a GUI)English or Japanese is also supported.OS Support for Manager Client viewingIn the previous 7.5.3.x Manager version, Manager client viewing were supported for the following OS:• Windows 7• Windows XPWith this release, Windows 8 (English or Japanese) is also supported.Internet Explorer Support for Manager Client viewingIn the previous 7.5.3.x Manager version, Manager client viewing were supported for the followingInternet Explorer versions:• 8.0• 9.0With this release, Internet Explorer 10.0 is also supported.For more details, see the Installation Guide, Upgrade Guide.2

Host criticalityWith this release, you have the option to add criticality labels to each IPv4 and IPv6 address.Assigning criticality to a host gives you added visibility in Threat Analyzer by showing you thecriticality of the source and destination involved in an attack.For more details, see the Manager Administration Guide, IPS Administration Guide.Alert exceptionsIn this release, the Manager provides you the option of extending automatic acknowledgment toseveral alerts of a similar kind for a pre‐determined period.Until the previous version, you could automatically acknowledge both RFSB and non‐RFSB alertsbeyond a specific severity. The latest functionality builds on this logic by allowing you to select anyalert in Threat Analyzer and assign it to be acknowledged automatically until the host is cleaned.For more details, see the Manager Administration Guide, IPS Administration Guide.Manager usability enhancementsWith this release, the Manager has the following enhancements:• Display MDR status on the Manager application header: You can view the MDR status in theManager application header.• Automatic check for pop‐up blocker settings during login: In the earlier release, the Managerlogin page displayed a message, 'Please disable your browser's pop‐up blocker before attempting tolog into Network Security Manager' irrespective of pop‐up blocker settings in the browser.In release 7.5.5.x, if pop‐up blocker settings is enabled in the browser, you will not be able to typeyour login credentials. In such an instance, disable the pop‐up blocker settings in your browser andthen try to access the Manager using your login ID and password.• Display status on pending configuration changes: You can view the status and details aboutthe number of devices that have pending deploy configuration changes. The status of the pendingdeploy configuration is indicated as an icon in the top‐right corner of the menu bar.• Option to refresh the device list: In the earlier release of 7.5, you had to click the Refreshbutton in the Global sub‐tab to populate and view the refreshed device list under the Devicessub‐tab. In release 7.5.5.x, the Refresh button is displayed in the Devices sub‐tab itself.• Option for scheduling reports on a monthly basis: Earlier, the IPS Events reports and theConfiguration reports could be scheduled to be generated on a daily or weekly basis. With thisrelease, you can configure these report generation on monthly basis as well.For more details, see the Manager Administration Guide.Resolved issuesResolved Manager software issuesThe following table lists the high‐severity Manager software issues:3

ID #Issue Description834180 The Top High‐Risk Hosts dashboard is unable to support more than 1000 events.833710 Query to fetch data times out on the dashboards when the events count more than 1000.810568 Downloading packetlog fails on the Top High‐Risk Hosts and the Top Active Botnetsdashboards.The following table lists the medium‐severity Manager software issues:ID #Issue Description872964 Configuration update fails when user changes the Protection Logic to "Use a single set ofattack definitions for the entire policy (simpler)".847238 The Manager is vulnerable against CVE‐2011‐1473.845120 The members of the composite rule objects are getting disappeared automatically afterediting them through the composite rule object panel.845049 Fault synchronization is not working from Manager to Central Manager from few Managers.843852 Unable to edit Sensor action option for certain botnet attacks on the Manager.843759 The Dashboard for Update Status monitor shows as 'Error ‐ See system log' for NTBAdevices after the Manager upgrade.842986 Even when blocking is enabled for a signature, the Smart Blocking icon is not displayed inthe Policy Editor.841968 ePO extension is not working.841268 Memory leak is detected in the Manager, when GTI feature is enabled.840062 Suppressed alert entries show the action as 'attack blocked' instead of 'blocking simulated',when simulated blocking feature is enabled.838660 Unable to run Traditional reports exported to PDF.838332 Unable to download botnet detectors through the proxy server after the Manager upgrade.836341 Advanced search feature for signature is not returning accurate results.836110 No graphs are displayed on the Dashboard page when the Central Manager administratorlogs on to the Manager.835920 Active Signature set on the Manager is getting deleted on failure of a sigset import.834588 Bulk edit of the IPS policies is not working, when the attacks are selected using a filteroption.833224 The quick filter option in the Real ‐ Time Threat Analyzer is not working while exporting thevalues in CSV/PDF report. Instead all the values are getting exported.832566 NTBA: The Threat Analyzer displays invalid source port (0) for the UDP Port scan alertsreceived from the NTBA Appliance.830514 The granularity settings of the customized policies changes automatically.802133 Error message "Alert unavailable" is displayed when trying to open "Inbound UDP PacketVolume Too high" alert.Resolved NTBA Appliance software issuesThe following table lists the high‐severity NTBA Appliance software issues:ID #Issue Description814514 When multiple zones with interface only are created and edited, interfaces are not properlyassigned to the newly created zones.808823 The NTBA Appliance process can crash with certain combinations of communication rules.4

ID #Issue Description795035 When multiple traffic times are configured for a traffic hour, alerts are triggered even whenthe traffic hour does not match.790698 Not able to add more than 18 zone elements in a zone.The following table lists the medium‐severity NTBA Appliance software issues:ID #Issue Description820504 Some internal hosts appear in the Top External hosts by Reputation monitor and as aresult, right‐click option on those hosts does not work sometimes.811954 Unable to reset monitoring port IP address with 0.0.0.0.777605 Under rare conditions, the NTBA process crashes when doing URL reputation lookup withGTI enabled.Known issuesFor known issues in this product release, refer to the following KnowledgeBase articles:• Manager software issues: KB77069• NTBA Appliance software issues: KB77071Installation instructionsThe following table lists the 7.5 Manager server requirements:OSMinimum requiredAny of the following:• Windows Server 2008 R2 Standard or Enterprise Edition,English OS, SP1 (64 bit) (Full Installation)• Windows Server 2008 R2 Standard or Enterprise Edition,Japanese OS, SP1 (64 bit) (Full Installation)• Windows Server 2012 Standard (Server with a GUI)English OS• Windows Server 2012 Standard (Server with a GUI)Japanese OSOnly X64 architecture is supported.RecommendedSame as the minimumrequired.Memory 4GB 8GBCPU Server model processor such as Intel Xeon SameDisk space 100GB300GB or moreNetwork 100Mbps card 1000Mbps cardMonitor 32‐bit color, 1440 x 900 display setting 1440 x 900 (or above).Manager software version 7.5 and above are not supported on Dell‐based Manager Appliances.5

The following are the system requirements for hosting Central Manager/Manager server on a VMwareplatform.Table 5-1 VMware ESX server requirementsComponentMinimumVirtualization software • VMware ESX Server version 4.0 update 1 and version 4.1• ESXi 5.0• ESXi 5.1CPUMemoryInternal DisksIntel Xeon ® CPU ES 5335 @ 2.00GHz; Physical Processors – 2; LogicalProcessors – 8; Processor Speed – 2.00GHz.Physical Memory: 16GB1 TBTable 5-2 Virtual machine requirementsComponent MinimumOSAny of the following:• Windows Server 2008 R2 – Standard or EnterpriseEdition with SP1 (English) (64 bit)• Windows Server 2008 R2 – Standard or EnterpriseEdition with SP1 (Japanese) (64 bit)• Windows Server 2012 Standard (Server with a GUI)English OS• Windows Server 2012 Standard (Server with a GUI)Japanese OSRecommendedSame as minimumrequired.Only X64 architecture is supported.Memory 4 GB 8 GBVirtual CPUs 2 2 or moreDisk Space 100GB 300GB or moreThe following table lists the 7.5 Manager client requirements when using Windows 7 or Windows 8:OSMinimum• Windows 7 English or Japanese• Windows 8 English or JapaneseThe display language of the Manager client must besame as that of the Manager server OS.RecommendedRAM 2 GB 4 GBCPU 1.5 GHz processor 1.5 GHz or fasterBrowser • Internet Explorer 8.0, 9.0 or 10.0• Mozilla Firefox• Google Chrome• Internet Explorer 9.0• Mozilla Firefox 20.0 or above• Google Chrome 24.0 or aboveIf you are using Google Chrome, add the Managercertificate to the trusted certificate list.6

The following table lists the 7.5 Manager client requirements when using Windows XP SP3:MinimumRecommendedOSWindows XP SP3RAM 1 GB 2 GBBrowser • Internet Explorer 8.0• Mozilla Firefox• Internet Explorer 8.0• Mozilla Firefox 20.0 or aboveFor the Manager client, in addition to Windows 7, Windows 8, and Windows XP, you can also use theoperating systems mentioned for the Manager server.The following table lists the 7.5 Central Manager / Manager client requirements when using Mac:Mac OS• Lion• Mountain LionBrowserSafari 6For more information, see McAfee Network Security Platform Installation Guide.McAfee regularly releases updated versions of the signature set. Note that automatic signature setupgrade does not happen. You need to manually import the latest signature set and apply it to yourSensors.The following is the upgrade matrix supported for this release:NSP ComponentMinimum Software VersionManager/Central Manager • 6.1: 6.1.1.34, 6.1.5.13• 7.0: 7.0.3.10• 7.1: 7.1.3.5, 7.1.5.7• 7.5: 7.5.3.11NTBA Appliance software • 6.1: 6.1.1.29, 6.1.5.12• 7.0: 7.0.3.4• 7.1: 7.1.3.6, 7.1.3.19In release 7.5, in addition to the NTBA Virtual Appliance software, the following are also available:NTBA T‐100 Virtual Appliance, NTBA T‐200 Virtual Appliance.You can upgrade your earlier NTBA Virtual Appliance to NTBA T‐100 or T‐200 Virtual Appliancesoftware. However, once you have upgraded, you cannot downgrade. For example, if you haveupgraded your NTBA Virtual Appliance software to NTBA T‐200 Virtual Appliance, you cannotdowngrade to NTBA T‐100 Virtual Appliance or any version of NTBA Virtual Appliance.In release 7.5, there are specific software versions for NTBA T‐200 and NTBA T‐500 Appliances.You cannot load software versions across appliances. For example, you cannot load NTBA T‐200 imageon a NTBA T‐500 Appliance. The same applies to the NTBA Virtual Appliances as well.For more information, see McAfee Network Security Platform Upgrade Guide.7

Product documentationEvery McAfee product has a comprehensive set of documentation.Find product documentation1 Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com.2 Under Self Service, access the type of information you need:To access...User documentationDo this...1 Click Product Documentation.2 Select a product, then select a version.3 Select a product document.KnowledgeBase• Click Search the KnowledgeBase for answers to your product questions.• Click Browse the KnowledgeBase for articles listed by product and version.Copyright © 2013 McAfee, Inc. Do not copy without permission.McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States andother countries. Other names and brands may be claimed as the property of others.0A-00