Firewalls & Host Intrusion Prevention Content
Firewalls & Host Intrusion Prevention
A firewall helps protect your computer by controlling incoming access to your computer. For ITS-managed Windows computers, ITS offers McAfee Host Intrusion Prevention, which incorporates both a stateful firewall and host intrusion protection. For Macintosh computers, there is a firewall incorporated within its operating system.
Personal Firewalls and Host Intrusion Prevention for Windows Computers
Firewall or intrusion protection software can cause your computer to malfunction if it is not installed, configured, and maintained properly. Please see Firewalls, Anti-Virus, and Host Intrusion Prevention for more information about this before installing any firewall or host intrusion prevention software.
RIT Faculty and Staff
McAfee's Host Intrusion Prevention (HIP) is available for use on all RIT-owned Windows computers at no additional charge to other departments of the Institute. When used in conjunction with e-Policy Orchestrator, HIP requires no configuration or maintenance on your part. HIP is deployed and managed with e Policy Orchestrator, so to install it, you must install the McAfee agent first. E-Policy Orchestrator will subsequently install and maintain HIP via the McAfee agent.
Installing Host Intrusion Prevention with ePO
- Install the McAfee agent. Many computers on campus already have the McAfee agent installed. If you have the McAfee agent icon in the notification area on the bottom right corner of your Windows screen, proceed to step 2. If you do not have the ePO agent, you can request it from the ITS Service Desk or your system administrator. If you call the ITS Service Desk, be sure to tell them your machine name, your own name, and your department name.
- HIP is installed automatically. At some point after the ePO agent is installed on your computer, Host Intrusion Prevention will automatically be installed unless you request otherwise. The HIP icon will eventually appear inside the box that opens when you click the red M:
But, this may not happen until after the machine is rebooted. Nevertheless, HIP becomes active as soon as it's installed and does not require a reboot.
Personally Owned (Home) and All Student Computers
McAfee's HIP is not licensed for use on personally owned or home computers. For these computers, including student computers, we recommend using Zone Alarm from Checkpoint Software. CheckPoint provides a free version of Zone Alarm for personally owned systems, and you can download it from the Zone Labs Web Site.
NOTE: Zone Alarm is only a firewall. It does not provide host intrusion protection.
Downloads for Personally-Owned Machines
Please DO NOT download and install these on RIT-owned machines – they are not the correct versions.
Official Microsoft Windows Update Service (Microsoft Internet Explorer on Microsoft Windows required)
Personal Firewalls, Anti-Virus, and Host Intrusion Prevention
A personal firewall is a program that you run on your computer which blocks any communication to and from that computer that has not been specifically allowed by you. As such, a desktop firewall can block malicious attempts to penetrate your computer and take control of it. Note, however, that firewalls work by making judgments about how software wants to communicate with your computer; they can only watch what is going out or coming in. Once a piece of mailicious software finds its way its way into your computer and is quietly wreaking havoc, it's too late for the firewall to do anything about it.
Host Intrusion Prevention
Host Intrusion Prevention adds a third level of protection to your firewall and anti-virus programs by continuously monitoring the software that's running in your machine. It detects and shuts down or blocks the action of suspicious programs based on how they're behaving, rather than on the basis of how they look or how they got into your computer.
Managing It All
Unforutunately the only way that security software like firewalls, anti-virus or host intrusion prevention can tell whether something is suspicious is by means of a large, complex and arcane set of rules that tell it how good software should look, act and communicate. If the rules and signatures that your software is using are too lenient, your security software could miss things that it should catch. If those rules are overly restrictive, they will cause desktop programs like email, your web browser, printing or just logging in to malfunction, and the cause of this malfuntion is usually very hard to trace when it happens. Finally, if those rules and signatures are too old, they'll miss newer forms of attack. Given the speed at which new threats now appear and spread through the internet, "too old" can be little more than a day or two.
Effectively managing all of this has become a monumental task that requires more time, attention, and technical knowledge than most of us have. The Mcafee Security Suite, together with ePO, provides a solution to this problem for RIT-owned machines. Once the ePO agent has been installed on an RIT-owned machine, the ePO server will automatically install both the McAfee Viruscan and Host Intrusion Prevention software, and maintain all of the rule sets, signatures aand updates necessary to keep that software working properly. In the event that something requres a change to the rule set, McAfee and ITS can anticipate and make this change, and the ePO server will send it to your computer automatically. You can also make individual changes yourself, although most people never need to concern themselves with this.
Installing Host Intrusion Prevention
If you have an RIT-owned computer and want to run the McAfee Security Suite, you should first remove any existing anti-virus software and turn off the Windows firewall in your Windows Security Center. (McAfee Host Intrusion prevention includes a far more capable firewall than the one Microsoft Provides.) Then install the ePO agent. You need not do anything further - within a few hours, the ePO agent will install the McAfee Security software, including VirusScan Enterprise and Host Intrusion Prevention.
If you have an ePO managed system and prefer to use a different firewall or anti-virus program, you can call the ITS Service Desk and ask to have the corresponding McAfee component removed. The remaining components should continue to operate and can co-exist with most other security software.
Home Contact View
Monday - Thursday: 7:30 A.M. - 9:00 P.M.
Friday: 7:30 A.M. - 5:00 P.M.
Saturday - Sunday: Noon - 5:00 P.M.