McAfee® Network Security Platform 6.0
Hardening the Manager Server for Windows 2003
9
Rolling back your changes
If you need to roll back your changes, use the following commands:
To roll back changes made to the mysql.db table from the mysql.db_backup table:
mysql> rename table db to db_1;
mysql> rename table db_backup to db;
mysql> flush privileges;
To roll back changes made to the "mysql.user" table from mysql.user_backup table:
mysql> rename table user to user_1
mysql> rename table user_backup to user;
mysql> flush privileges;
Remove debug shell at port 9001
In addition to denying traffic over port 9001 and 9002 (as per Install a desktop firewall) (on
page
2
), the debugging shell that runs on port 9001 can be disabled by modifying the
value o
f the iv.policymgmt.RuleEngine.BSH_Diagnostics
_Port record in the
iv_emsproperties
table.
To disable the port, set the value in the field called “value” = -1
Other best practices for securing Manager
Use a clean, dedicated machine for the Manager server and perform a fresh install of
the Manager software, including the installation of the embedded MySQL database.
No other software should be available on the server, with the exception of a host-
based firewall as described in Install a desktop firewall. (on page
2
)
Make sure the PC is in an isolated, physically secure environment
Disallow access to the directory clumsily and all its sub-directories to anyone other
than authorized administrators. Use Microsoft Knowledge Base article # 324067 to
accomplish this procedure. Disallow the following permissions:
Read
Write
Read and Write
Modify
List folder contents
Full
control
Disable HTTP TRACE request. It can be disabled with the following mod_rewrite
syntax in the Apache Server's httpd.conf file (available in the “<Network Security
Platform installation directory>/Apache/conf” directory).
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]