Network Security Platform 8.1.7.5-8.1.3.10 NTBA Release

8.1.7.5-8.1.3.10 NTBA Appliance Release Notes
Network Security Platform 8.1
Revision B
Contents
About this release
New features
Enhancements
Resolved issues
Installation instructions
Known issues
Find product documentation
About this release
This document contains important information about the current release. We strongly recommend that
you read the entire document.
This maintenance release of Network Security Platform is to provide few enhancements and fixes on
the Manager software.
•
Network Security Manager software version: 8.1.7.5
•
Signature Set: 8.6.33.7
•
Network Threat Behavior Analysis (NTBA) software version: 8.1.3.10
1
•
Endpoint Intelligence Agent (EIA): 2.2.0
•
Endpoint Intelligence Manager (EIM): 2.2.0
Network Security Platform version 8.1 replaces 8.0 release. If you are using version 8.0 and require any
fixes, note that the fixes will be provided in version 8.1. There will not be any new maintenance
releases and hot-fix releases on version 8.0.
With release 8.1, Network Security Platform no longer supports the Network Access Control module and
N-series Sensors. If you are using Network Access Control with N-series (NAC-only) Sensors, McAfee
recommends that you continue to use the 7.1.3.6 version. If you are using the Network Access Control
module in M-series Sensors, continue to use the 7.5.3.30 version. That is, you should not upgrade the
Manager or the Sensors to 8.1 for such cases.
Manager software version 7.5 and above are not supported on McAfee-built Dell‑based Manager
Appliances.
This version of 8.1 Manager software can be used to configure and manage the following hardware:
•
7.1, 7.5, 8.0, and 8.1 M‑series and Mxx30-series Sensors
•
8.0 and 8.1 Virtual IPS Sensors
•
7.1, 8.0, and 8.1 NS-series Sensors
•
7.1, 7.5, 8.0, and 8.1 XC Cluster Appliances
•
7.1, 7.5, 8.0, and 8.1 NTBA Appliance software (Physical and Virtual)
•
7.1 I-series Sensors
Currently port 4167 is used as the UDP source port number for the SNMP command channel
communication between Manager and Sensors. This is to prevent opening up all UDP ports for inbound
connectivity from SNMP ports on the sensor. Older JRE versions allowed the Manager to bind to the
same source port 4167 for both IPv4 and IPv6 communication. But with the latest JRE version
1.7.0_45, it is no longer possible to do so, and the Manager uses port 4166 as the UDP source port to
bind for IPv6.
Manager 8.1 uses JRE version 1.7.0_51. If you have IPv6 Sensors behind a firewall, you need to
update your firewall rules accordingly such that port 4166 is open for the SNMP command channel to
function between those IPv6 Sensors and the Manager.
New features
This release is to provide few bug fixes for some of the previously known Manager software issues,
and does not include any new feature.
Enhancements
This release of McAfee Network Threat Behavior Analysis includes the following enhancements.
Upgrade to OpenSSL 0.9.8za
NTBA has upgraded OpenSSL from 0.9.8x to 0.9.8za to address the vulnerabilities CVE-2014-0195,
CVE-2014-0221, CVE-2010-5298, and CVE-2014-0198.
2
Resolved issues
These issues are resolved in this release of the product. For a list of issues fixed in earlier releases,
see the Release Notes for the specific release.
Resolved Manager software issues
The following table lists the medium-severity Manager software issues:
ID #
Issue Description
964765 The Manager using Apache Struts is vulnerable to CVE-2014-0094.
964715 The Botnet DAT update fails on multiple Sensors.
962218 The effective time for Firewall and QoS policies is based on the local time zone of the
corresponding Sensor.
960959 The SNMP server setting configuration is not displayed after saving due to incorrect
redirection.
960656 SNMP alert notification fails sometimes due to incorrect calculation of the Manager uptime.
959996 The Manager sends wrong port speed value to the Sensor while configuring monitoring port
with SFP+.
959807 Alert filter in the Real-Time Threat Analyzer shows alerts from unknown country, irrespective
of the source and destination countries selected.
959410 The Manager raises an "INFO" alert for malicious files before the files are sent to ATD for
analysis, and "HIGH" alert after the files are confirmed to be malicious by ATD. Both alerts
are generated with an "Acknowledged" flag. The "Acknowledged" flag remains the same
irrespective of the severity of the alert which makes it difficult to differentiate the alerts
generated.
959221 The Real-Time Threat Analyzer shows an error for multicast host IPv4 addresses while
creating a new exception object.
957285 The Protection Profile page stops responding when opened in Chrome browser and
eventually leads to Java crashing.
956340 The Manager fault for exceeding the 10,000 AD user groups limit is displayed incorrectly in
the Manager.
954516 The scheduled configuration backup cannot be restored completely due to inclusion of all the
tables during backup.
953875 The password control settings displays the wrong error message "minimum number of
Characters should be between 1 and 20".
952088 The Real-Time Threat Analyzer triggers attack by the host even after creating an exception
object.
951549 The Manager's connection with XC-240 load balancer is not recovered if the link is down for
more than 9 minutes.
950005 When "Layer 7" data is selected to be included in the Next Generation report for alert data,
the report is generated for dates not included in the report schedule.
949576 Incorrect pop-up message is displayed when the SSL flow count entered is more than the
maximum allowed limit.
949202 Scripts for alert notification does not execute if the attack-severity variable
($ATTACK_SEVERITY$) is used.
947428 The Fault Log report generates events for template Sensors of XC Cluster but no other
Cluster members.
946781 The Chrome browser crashes when the Manager is opened in Windows 8.0 mode.
The following table lists the low-severity Manager software issues:
3
ID #
Issue Description
962714
Malware archive fault message is misleading.
Resolved NTBA Appliance software issues
The following table lists the medium-severity resolved NTBA Appliance software issues.
ID #
Issue Description
972041 When Antimalware scanning is enabled and a scan request file has special characters in the
filename, ips service crashes on NTBA.
966290 When an interface based zone is configured, some hosts are displayed as both internal and
external.
956854 When you define a router exporter on the Devices | Devices | <NTBA Appliance> | Exporters | Exporters |
New page, and select SNMP Version as 3, the exporter configuration does not work.
917836 On the Analysis | Endpoint Executables page, the top panel's Counts | Endpoints number might not
match the lower panel's Endpoints tab's number of endpoints.
916277 In rare conditions based on EIA traffic, EIA services might get restarted, which might cause
a loss of alert throttled persistent data.
Installation instructions
Manager server/client system requirements
The following table lists the 8.1 Manager server requirements:
Operating
system
Minimum required
Recommended
Any of the following:
Same as the minimum
required.
• Windows Server 2008 R2 Standard or Enterprise Edition,
SP1 (Full Installation), English operating system
• Windows Server 2008 R2 Standard or Enterprise Edition,
SP1 (Full Installation), Japanese operating system
• Windows Server 2012 Standard Edition (Server with a GUI)
English operating system
• Windows Server 2012 Standard Edition (Server with a GUI)
Japanese operating system
• Windows Server 2012 R2 Standard Edition (Server with a
GUI) English operating system
• Windows Server 2012 R2 Standard Edition (Server with a
GUI) Japanese operating system
• Windows Server 2012 R2 Datacenter Edition (Server with a
GUI) English operating system
• Windows Server 2012 R2 Datacenter Edition (Server with a
GUI) Japanese operating system
Only X64 architecture is supported.
4
Memory
8 GB
8 GB or more
CPU
Server model processor such as Intel Xeon
Same
Minimum required
Recommended
Disk space
100 GB
300 GB or more
Network
100 Mbps card
1000 Mbps card
Monitor
32-bit color, 1440 x 900 display setting
1440 x 900 (or above)
The following are the system requirements for hosting Central Manager/Manager server on a VMware
platform.
Table 5-1 Virtual machine requirements
Component
Minimum
Recommended
Operating
system
Any of the following:
Same as minimum
required.
• Windows Server 2008 R2 – Standard or Enterprise
Edition with SP1 English operating system
• Windows Server 2008 R2 – Standard or Enterprise
Edition with SP1 Japanese operating system
• Windows Server 2012 Standard Edition (Server with a
GUI) English operating system
• Windows Server 2012 Standard Edition (Server with a
GUI) Japanese operating system
• Windows Server 2012 R2 Standard Edition (Server with
a GUI) English operating system
• Windows Server 2012 R2 Standard Edition (Server with
a GUI) Japanese operating system
• Windows Server 2012 R2 Datacenter Edition (Server
with a GUI) English operating system
• Windows Server 2012 R2 Datacenter (Server with a
GUI) Japanese operating system
Only X64 architecture is supported.
Memory
8 GB
8 GB or more
Virtual CPUs
2
2 or more
Disk Space
100 GB
300 GB or more
Table 5-2 VMware ESX server requirements
Component
Minimum
Virtualization software • ESXi 5.0
• ESXi 5.1
• ESXi 5.5
CPU
Intel Xeon ® CPU ES 5335 @ 2.00 GHz; Physical Processors – 2; Logical
Processors – 8; Processor Speed – 2.00 GHz
Memory
Physical Memory: 16 GB
Internal Disks
1 TB
5
The following table lists the 8.1 Manager client requirements when using Windows 7 or Windows 8:
Minimum
Operating
system
Recommended
• Windows 7 English or Japanese
• Windows 8 English or Japanese
• Windows 8.1 English or Japanese
The display language of the Manager client must be
same as that of the Manager server operating
system.
RAM
2 GB
4 GB
CPU
1.5 GHz processor
1.5 GHz or faster
Browser
• Internet Explorer 9, 10 or 11
• Internet Explorer 11
• Mozilla Firefox
• Mozilla Firefox 20.0 or
above
• Google Chrome (App mode in Windows 8 is not
supported)
• Google Chrome 24.0 or
above
If you are using Google Chrome, add the Manager
certificate to the trusted certificate list.
For the Manager client, in addition to Windows 7 and Windows 8, you can also use the operating
systems mentioned for the Manager server.
The following table lists the 8.1 Central Manager / Manager client requirements when using Mac:
Mac operating system
Browser
• Lion
Safari 6 or 7
• Mountain Lion
For more information, see McAfee Network Security Platform Installation Guide.
NTBA Virtual Appliance system requirements
The following table lists the 8.1 NTBA Virtual Appliance requirements.
Table 5-3 VMware ESX server requirements for NTBA Virtual Appliance
Component
Recommended
Virtualization software VMware ESX 5.0 and higher
CPU
4 cores for T-VM, T-100VM, T-200VM
Memory
T-VM: 16 GB
T-100VM: 8 GB
T-200VM: 16 GB
Network ports
5 (One network management port and four network ports for NTBA Virtual
Appliance)
Storage
500 GB (partitions: 250 GB and 250 GB)
The NTBA OVA image comes with pre-installed NTBA Appliance software, including the recommended
configurations.
6
Upgrade recommendations
McAfee regularly releases updated versions of the signature set. Note that automatic signature set
upgrade does not happen. You need to manually import the latest signature set and apply it to your
Sensors.
The following is the upgrade matrix supported for this release.
Software Component
Software Version
Manager/Central Manager
• 7.1 — 7.1.3.5, 7.1.5.7, 7.1.5.10, 7.1.5.14
• 7.5 — 7.5.3.11, 7.5.5.6, 7.5.5.7
• 8.0 — 8.0.5.9, 8.0.5.11
• 8.1 — 8.1.3.4, 8.1.3.6
NTBA Appliance (T-200, T-500, T-VM,
T-100VM, T-200VM)
• 7.1 — 7.1.3.6, 7.1.3.19, 7.1.3.21, 7.1.3.25, 7.1.3.30
• 7.5 — 7.5.3.10, 7.5.3.30, 7.5.3.35
• 8.0 — 8.0.5.6
• 8.1 — 8.1.3.6
NTBA Appliance (T-600 and T-1200)
• 7.1 — 7.1.3.30
• 8.1 — 8.1.3.6
For more information, see the McAfee Network Security Platform Upgrade Guide.
Known issues
For known issues in this product release, refer to the following KnowledgeBase articles:
•
Manager software issues: KB81373
•
NTBA Appliance software issues: KB81378
Find product documentation
After a product is released, information about the product is entered into the McAfee online Knowledge
Center.
Task
1
Go to the Knowledge Center tab of the McAfee ServicePortal at http://support.mcafee.com.
2
In the Support Content pane:
•
Click Product Documentation to find user documentation.
•
Click Technical Articles to find KnowledgeBase articles.
3
Select Do not clear my filters.
4
Enter a product, select a version, then click Search to display a list of documents.
7
Copyright © 2015 McAfee, Inc. www.intelsecurity.com
Intel and the Intel logo are trademarks/registered trademarks of Intel Corporation. McAfee and the McAfee logo are trademarks/
registered trademarks of McAfee, Inc. Other names and brands may be claimed as the property of others.