HANU UNIVERSITY
FACULTY OF INFORMATION TECHNOLOGY
INDUSTRY PRACTICE REPORT
Teacher: Tran Quang Anh
Organization: Mi2 JointStock Company
Student: Vuong Thi Nhung
Class: 4c05
ID: 0501040071

Hanoi, 20
th
October 2009
i
Acknowledgement
I would like to express my gratitude to all those who gave me the possibility to complete this industry
practice.
I want to thank the Faculty of Information Technology of Hanoi University for giving me permission
to commence this industry practice. I have furthermore to thank the Dr Tran Quan Anh- the instructor
of this course -who gave and confirmed this permission and encouraged me to go ahead with my
industry practice.
Especially I am obliged to Mr. Nguyen Anh Vu, the general director of Mi2 Jointstock Company. I
want to thank him for all their help, support, and interest.
I am deeply indebted to my supervisor Vuong Trung Thang, the technical manager from Mi2 Jointstock
Company, whose help, stimulating suggestions and encouragement helped me in all the time of pratice
and writing of this industry practice.
My former colleagues, Nguyen Ngoc Son from Mi2 and Nguyen Viet Ha, supported me in my work.
Especially, I would like to give my special thanks to my parents whose patient love enabled me to
complete this work.
ii
Table of Content
I.Introduction to Mi2 Jointstock Company

1.Introduction to Mi2…………………………………………………………………………….1
2.Its products and services……………………………………………………………………….1
II. Aims and Objectives………………………………………………………………………………….1
III. Completed Tasks…………………………………………………………………………………… 2
IV.Brief Content Description
A. Week 1’s Work
1. Criteria for a good IPS……………………………………………………………… 3
2. Introduction to InstruShield IPS series……………………………………………… 3
3. IntruShield Essential functions……………………………………………………… 4
4.Operation Modes of IntruShield IPS………………………………………………… 4
B. Week 2’s Work
1.Steps to deploy IPS…………………………………………………………………….6
2. Configuration theory and practice…………………………………………………….6
3.English-Vietnamese Translation………………………………………………………8
C. Week 3’s Work
1. Cisco IPS fundamentals……………………………………………………………….9
2. Command line interface and practice……………………………………………… 11
3. Cisco IPS Device Manager (IDM) ………………………………………………… 17
V. Problem & Solution
1. Problem………………………………………………………………………………………18
2. Solution………………………………………………………………………………………19
VI.Self-Assessment…………………………………………………………………………………… 19
VII.
References………………………………………………………………………………………………20
VIII. Appendices
A. McAfee Email Gateway…………………………………………………………………… 21
B.McAfee Web Gateway……………………………………………………………………….24
iii
I.Introduction to Mi2 JointstockCompany and its products and services
1. Introduction to Mi2

Mi2 is a product distributor of McAfee, which was founded in 2006, formerly as a part of Misoft.
The company has two branches in Hanoi and Ho Chi Minh.It provides McAfee security products
that secure all kinds of network infrastructures from network core, network perimeters to
workstations.
McAfee IPSs and FoundStone are main products of Mi2 jointstock company.McAfee
Comprehensive, Best Solution is the best-built strategy for both hardware and software, the
combination of McAfee Systems Protection Solutions and McAfee Network Protection Solutions.
These are two main products that Mi2 offers apart from FoundStone, a top-ranked vunerability
assessment device.
2. Its products and services
McAfee System Protection Solution
McAfee System Protection Solution is the comprehensive security solution for all servers,
workstations and applications.This solution is composed of :
1. McAfee VirusScan: an anti-virus system
2. McAfee Anti-Spyware Enterprise: an anti-spyware system for enterprises
3. McAfee Host Intrusion Prevention:
4. McAfee Secure Content Management: a system that filters content at gateways.
5. McAfee SpamKiller: a system against unsolicited emails
McAfee Network Protection Solution
This is the prevention solution for both small and large network, which is composed of: McAfee
FoundStone- incident prevention system- and McAfee IntruShield, a system that prevents network
attacks.
II. Aims and Objectives
My purpose was to make research on Intrusion Prevention System (IPS) and to build an IPS
system Therefore, I asked for permission to take industry practice in Mi2 company, which is
specialized in distrubiting IPS products. Luckily, I was approved to stay there for 3 weeks with a lot
of support from the techninical staff.
1
III. Completed Task
IV. Brief Content Description

A. Week 1’s Content
1. Criteria for a good IPS
- Confidentiality: protects data confidentiality, preventing any copies which is not authenticated,
including Trojan, backdoor or programs designed to allow users to access without authentication.
- Integrity: protects data integrity, preventing data modification by network worm or programs
designed to modify or delete information.
Week Day Task Note
1
Mon Got to know the company and introduction
Participated in Mi2 Security Trainning
Tue Investigated the structure of company and its products and services
Investigated the criteria of a good IPS
Wed Did research on IntruShield products and the series of IntruShield
family
Thur Essential functions of IntruShield products
Fri Operation Modes of an IPS device
Sat Prepared for presentation for next Mi2 Security Trainning
2
Mon Participated in Mi2 Security Trainning
Tue Steps to deploy IPS
Wed Inline Mode configuration theory
Thur Configure –M 1200 with Inline Mode
Fri English-Vietnames translation for the company: McAfee Email
Gateway
English-Vietnames translation for the company: McAfee Web Gateway
Sat Prepared for Mi2 trainning presentation
3
Mon Participated in Mi2 Security Trainning
Got to know other IPS devices of Cisco
Tue Collected materials and configuration guide

Dowloaded, Installed and Built virtual machine of IPS cisco
Wed Cisco IPS command line interface
Thur Using the Cisco IDS Module (IDSM) and Cisco IDS Network Module
Fri Practice some basic commands in IPS Cisco
Sat Farewell and Got Evaluation from the instructor.
2
- Availability: ensure the resources available to legal users, preventing malicious programs such as
Trojan, worm, backdoors to Ddos attacks to consume bandwidth. Preventing attacks accurately:
prevent and detect attacks with high accuracy.
- Bandwidth guarantee: is the ability of preventing unauthenticated connect, malicious code,
making the bandwidth stable.
- Limit user’ intervention: IPS is built without the need of many manipulations or user’s
intervention.
- Alternative solution to management patch: the system has an ability of patching the system
vulnerable holes, struggling against sniffing of attackers although the system is not updated.
- Total Solution: not only prevents known and unknown attacks over time such as DDos,
backdoor, but also ensures the system bandwidth.
- Management: it should have the ability of integrating with workstation IPS, firewalls and can be
managed centrally.
2. Introduction to InstruShield IPS series
- IntruShield is a comprehensive system, a network device that prevents and detects attacks
timely at muti-gagagit speed.
- Protects against known or unknown attacks and DoS.
- Soft is programmed in chip ASIC, improves hardware performance, Sensors has many ports
that makes easy to use and manage the system using web browsers.
+ IntruShied M includes:
- IntruShield M-8000 Device
- IntruShield M-6050 Device
- IntruShield M-4050 Device
- IntruShield M-3050 Device

- IntruShield M-2750 Device
- IntruShield M-1450 Device
- IntruShield M-1250 Device
- IntruShield Security Management System (ISM) Software
- IntruShield Signature and Software Update Service
3. IntruShield Essential functions
- Automatic Prevention: The system automatically prevents some kinds of attacks such as: worms
through established policy.
- Attack Detection and Prevention: has been effectively proven in reality. The solution includes
both prevention and detection capability.
3
- Plug-and-Play: When the system is plugged, it runs immediately without user configuration. In
doing so, IPS must be pre-configured so that it can prevent attacks such as worms, viruses, etc…
- High efficiency and stability: To ensure the high reliability, it needs high availability (HA) mode:
HA of power or store.
- Many flexible deployment options: the system must support many deployment options such as:
inline, monitor, analysis.
- Works at layer 2: The IPS must work at layer 3 in OSI model.
- Fast security update:
- Focal management: Use the web interface to manage all the network
4. Operation Modes of IntruShield IPS
a. SPAN and TAP mode
Figure 1: Span Mode
In Span mode, the IntruShield device connects to the SPAN port of the switch/hub, working in
monitor mode.
It must put behind firewall and connect to the switch or hub through SPAN port.
Span and Tap Modes: The sensor can monitor hubs or the span ports of mutilple switches and then
inject several response actions. In tap mode, full-duplex monitoring allows a complete direction-view
of network traffic, enabling stateful analysis of traffic. Dedicated response ports enable indirect
response actions, such as initiating TCP resets to terminate malicious connections

4
Figure 2: Span and Tap Mode
b. Inline Mode
In inline mode, the box sits between the router and main network.So, it's recommended that you use the
appliance's high-availability mode in case of crash.
Figure 3: Inline Mode
B. Week 2’s Content
1. Steps to Deploy IPS
1. Install Intrushield Manager.
2. Put license file into c:\Intrushield\config\
5
a.License file should be change the name into
In Intrushield 5.0
C:\Program Files\McAfee\Network Security Manager\App\config
3. Setup Intrushield Sensor to talk with Intrushield Manager.
4. For 10/100 port, you must configure all equipment which will attached to IPS for port speed to
100 Mbps Full duplex or 10 Mbps Full duplex only.
5. Setup policy to deploy in the segment to “All Inclusive without audit” or “All Inclusive with
audit” first. These policies will not block any attack.
6. If customer would like to see block attack then you can use policy “Default Inline IPS” for use
recommend blocking.
7. If you want to use span mode, you need to use “dongle” connect between LAN cable and
detection port.
8. Every time you change policy in manger you need to do update to sensors also.
2. Configuration theory and practice
- Log in the IPS using putty with IP: 192.168.16.188
username: admin
pass: admin123
- Learning some command lines to verify, debug or configure the IPS.
- Examples of some commands in pratice

Show arp spoof status : show if arp spoof is enabled or not.
Arp spoof enable : to enable arp spoof mode
Arp spoof disable: : to disable arp spoof mode

command: show all commands in this mode for you
6
downloadstatus: show status of download
IntruShell@Intrushield1200> downloadstatus
[Download Status]

Signatures Downloaded : 0
Certificates Downloaded : 0
Software Upgrades : 0
DoS Profile Downloads from Manager : 0
DoS Profile Uploads to Manager : 0
Diagnostic Trace Requests : 0
Guest Portal SSL Cert Downloads from Manager : 0
Guest Portal SSL CSR Uploads to Manager : 0
IBAC AD file Downloads from Manager : 0
IBAC AD file Uploads to Manager : 0
set tcpudpchecksumerror drop: if tcp/udp checksum finds errors, drop this packet.
intruShell@Intrushield1200> set tcpudpchecksumerror drop
intruShell@Intrushield1200> show tcpudpchecksumerror
tcpudpchecksumerror: Drop
show tcpudpchecksumerror forward: if tcp/udp checksum finds errors, forward this packet.
7
intruShell@Intrushield1200> show tcpudpchecksumerror forward
tcpudpchecksumerror : Forward
show
[Sensor Info]

System Name : Intrushield1200
Date : 5/30/2009 - 20:42:45 UTC
System Uptime : 2 days 01 hrs 03 min 37 secs
System Type : I1200
Serial Number : B003000713
Software Version : 5.1.1.16
Hardware Version : 3.00
MGMT Ethernet port : auto negotiated to 100 mbps, full duplex
MGMT Ethernet port : link status : up
[Sensor Network Config]
IP Address : 192.168.16.188
Netmask : 255.255.255.0
Default Gateway : 192.168.16.5
Default TFTPserver : 192.168.16.194
SSH Remote Logins : enabled
[Manager Config]
Manager IP addr : 192.168.16.204 (primary intf)
Install TCP Port : 8501
Alert TCP Port : 8502
Logging TCP Port : 8503
show mgmtport : show management port
MGMT Ethernet port : auto negotiated to 100 mbps, full duplex
MGMT Ethernet port : link status : upMGMT Ethernet port : auto negotiated to 100 mbps, full
duplex
MGMT Ethernet port : link status : up
3. English-Vietnamese Translation
See appendices
B. Week 3’s Content
8
1. Cisco IPS fundamentals

First of all, I tried to get some basic knowledge of Cisco IPS. Nowadays, protecting your network
resources proactively is really in need in security. Most Intrusion Detection Systems (IDS)
passively monitor your network for signs of intrusive activity. When intrusive activity is detected,
the IDS provides the capability to block further intrusive activity from the suspect host. This
reactive approach does not prevent the initial attack traffic from reaching the targeted device. An
Intrusion Prevention System (IPS), however, can proactively stop even the initial attack traffic.
There are some necessary terms as given to understand beforehand.
Terminology Description
Inline mode Examining network traffic while having the ability to stop intrusive traffic from
reaching the target system
Promiscuous
mode
Passively examining network traffic for intrusive behavior
Signature engine An engine that supports signatures that share common characteristics (such as same
protocol)
Meta-Event
Generator
The capability to define meta signatures based on multiple existing signatures
Atomic signature A signature that triggers based on the contents of a single packet
Flow-based
signature
A signature that triggers based on the information contained in a sequence of
packets between two systems (such as the packets in a TCP connection)
Behavior-based
signature
A signature that triggers when traffic deviates from regular user behavior
Anomaly-based
signature
A signature that triggers when traffic exceeds a configured normal baseline
False negative A situation in which a detection system fails to detect intrusive traffic although

there is a signature designed to catch that activity
9
Terminology Description
False positive A situation in which normal user activity (instead of intrusive activity) triggers an
alarm
True negative A situation in which a signature does not fire during normal user traffic on the
network
True positive A situation in which a signature fires correctly when intrusive traffic for that
signature is detected on the network (The signature correctly identifies an attack
against the network.)
Deep-packet
inspection
Decoding protocols and examining entire packets to allow for policy enforcement
based on actual protocol traffic (not just a specific port number)
Event correlation Associating multiple alarms or events with a single attack
Risk rating (RR) A threat rating based on numerous factors besides just the attack severity
And then, There are various types of users that must be known in Cisco IPS:
Administrator
This user can do every operation via CLI. Some of the capabilities available to accounts with
Administrator access are as follows:
• Add users and assign passwords
• Enable and disable interfaces
• Assign interfaces to an interface group
• Modify host allowed to access appliance
• Modify sensor address configuration
• Tune signatures
• Assign virtual sensor configuration
• Manage routers for IP blocking
Operator
10

The second-highest user role is the Operator role. This account has some restrictions. Operator can do:
- Modify their own password
- Tune signatures
- Manage routers for IP blocking
Viewer
The lowest-privileged user role is the Viewer role. When you assign the Viewer role to an account, you
enable the user to view the configuration and event data on your appliance. The only appliance
information that users with this role can change is their password.
Service
This role can help you create a special account that can access the native operating system command
shell rather than the sensor’ CLI interface. It aims to provide an improved troobleshooting. . By default,
your sensor does not have a service account. You must create a service account to enable TAC to use
this account during troubleshooting.
2. Cisco IPS command line interface and practice
After installing Cisco IPS 4215, at first, I accessed using :
default username cisco
password ciscoips4215.
And then I tried to know with some basic configuration in Cisco IPS.
After booting, a CLI interface appeared, type setup to make initial configuration for this device.
After that, it displayed current configuration like this:
11
This is a type of question-answer, therefore, it’s easy to set up.
For example,
a. Basic Configuration
Continue with configuration dialog?[yes]:
Enter host name[Sensor]: IDS4215
Enter IP interface: 192.168.1.1/24
Enter telnet-server status[disabled]:
Enter web-server port[443]:
Modify current access list?[no]:

Modify system clock settings?[no]:
Modify virtual sensor "vs0" configuration?[no]: yes
Current interface configuration
Command control: Management0/0
Unused:
GigabitEthernet0/3
GigabitEthernet0/2
GigabitEthernet0/0
GigabitEthernet0/1
Promiscuous:
Inline:
None
Delete Promiscuous interfaces?[no]:
Add Promiscuous interfaces?[no]:
Add Inline pairs?[no]: yes
Pair name: perimeter
Description[Created via setup by user cisco]: Perimeter protection sensor
Interface1[]: GigabiEthernet0/3
Interface2[]: GigabiEthernet0/2
Pair name:
12
b. Adding and Removing Users
Herein, I added new user “test” with the privelege of an operator
In the Global Configuration mode, you can add new users to and remove existing users from your
sensor. The username Global Configuration mode command enables you to add new users. To remove
an existing user, simply insert the keyword no in front of the regular username command. The syntax
for the username command is as follows:
Sensor(config)# username name [password password] [privilege administrator|
operator|viewer|service]
d. Service Signature-Definition

The signature-definition mode is a third-level service mode that enables you to perform various
signature-related tasks, such as the following:
• Define fragment reassembly parameters
• Define stream reassembly parameters
• Modify specific signature characteristics
When entering this mode, you must specify the name of the instance configuration. Currently, the only
instance allowed is sig0. In the future, however, you may be able to specify multiple configuration
instances. To access the signature-definition mode, use the following command:
IPS4240(config)# service signature-definition sig0
IPS4240(config-url)#
e. Show interfaces
This command shows statistics and information of all interfaces available.
13
f. Configure Promiscuous Mode
Step 1 Log in to the CLI using an account with Administrator privileges.
Step 2 Enter interface submode.
sensor# configure terminal
sensor(config)# service interface
Step 3 Display the list of available interfaces.
sensor(config-int)# physical-interfaces ?
GigabitEthernet0/0 GigabitEthernet0/0 physical interface.
GigabitEthernet0/1 GigabitEthernet0/1 physical interface.
GigabitEthernet0/2 GigabitEthernet0/2 physical interface.
GigabitEthernet0/3 GigabitEthernet0/3 physical interface.
Management0/0 Management0/0 physical interface.
sensor(config-int)# physical-interfaces
Step 4 Specify the interface for promiscuous mode.
sensor(config-int)# physical-interfaces GigabitEthernet0/1
Step 5 Enable the interface.
14

sensor(config-int-phy)# admin-state enabled
You must assigned the interface to a virtual sensor and enable it before it can monitor traffic.
Step 6 Add a description of this interface.
sensor(config-int-phy)# description INT1
Step 7 Specify the duplex settings.
sensor(config-int-phy)# duplex full
This option is not available on modules.
Step 8 Specify the speed.
sensor(config-int-phy)# speed 1000
This option is not available on modules.
Step 9 Enable TCP resets for this interface if desired.
sensor(config-int-phy)# alt-tcp-reset-interface interface-name GigabitEthernet0/1
Step 10 Repeat Steps 4 through 9 for any other interfaces you want to designate as promiscuous
interfaces.
Step 11 Verify the settings.
g. Show users
h. Show configuration
15
k. Configure Inline Vlan Pair Mode
16
-
Step 1 Log in to the CLI using an account with Administrator privileges.
Step 2 Enter interface submode.
sensor# configure terminal
sensor(config)# service interface
sensor(config-int)#
Step 3 Verify that the subinterface mode is “none” for both of the physical interfaces you are
pairing in the
inline interface.
sensor(config-int)# show settings

Step 4 Name the inline pair.
sensor(config-int)# inline-interfaces PAIR1
Step 5 Display the available interfaces.
sensor(config-int)# interface1 ?
Step 6 Configure two interfaces into a pair.
sensor(config-int-inl)# interface1 GigabitEthernet0/0
sensor(config-int-inl)# interface2 GigabitEthernet0/1
You must assign the interface to a virtual sensor and enable it before it can monitor traffic (see Step
10).
Step 7 Add a description of the interface pair.
sensor(config-int-inl)# description PAIR1 Gig0/0 and Gig0/1
Step 8 Repeat Steps 4 through 7 for any other interfaces that you want to configure into inline
interface pairs.
Step 9 Verify the settings.
sensor(config-int-inl)# show settings
name: PAIR1

description: PAIR1 Gig0/0 & Gig0/1 default:
interface1: GigabitEthernet0/0
interface2: GigabitEthernet0/1
17

Step 10 Enable the interfaces assigned to the interface pair.
sensor(config-int)# exit
sensor(config-int)# physical-interfaces GigabitEthernet0/0
sensor(config-int-phy)# admin-state enabled
sensor(config-int-phy)# exit
sensor(config-int)# physical-interfaces GigabitEthernet0/1
sensor(config-int-phy)# admin-state enabled
sensor(config-int-phy)# exit

sensor(config-int)#
Step 11 Verify that the interfaces are enabled.
sensor(config-int)# show settings
Step 12 To delete an inline interface pair and return the interfaces to promiscuous mode.
sensor(config-int)# no inline-interfaces PAIR1
Step13. Verify the information
sensor(config-int)# show settings
3. Cisco IPS Device Manager (IDM)
The Cisco IDM is a Java-based web interface that enables you to configure and manipulate the
operation of your Cisco network sensors. Each IPS appliance running on your network has its own web
server that provides access to the IDM application on the sensor. The web server uses Transport Layer
Security (TLS) to encrypt the traffic to and from the sensor to prevent an attacker from viewing
sensitive management traffic. The web server is also hardened to minimize an attacker's ability to
disrupt or compromise its operation.
Following is the management interface:
18
As can be seen clearly from this picture, you can do any management tasks using Cisco IDM.
V. Problem and Solution
1. Problem
At first, my aim is to study the theory of IPS and then try to config the real IPS device. And finally, I
wanted to make a demo, in which I tried to attack the system and found out how this IPS worked,
blocked or alerted.
However, it is the IPS that is working in the real enviroment, I mean, the network of Mi2 company. I
was really grateful to them when they made permission for me to “touch” it.
But if I made a demo, it may affect the system. Furthermore, I could just practice some very basic
commands, which just show or verify the system, because if I changed some critical configurations, the
network of Mi2 company would be changed or crashed. Therefore, I thought I couldn’t master and
understand it deeply.
19
2. Solution

After searching and googling, I found out that Cisco IPS can be installed in a virtual machine. In so
doing, I could practice more. As a result, I downloaded and installed a virtual machine for Cisco IPS
4215.
I practiced with my joy, however, I found out that I couldn’t make a real demo, because, in reality,
Cisco IPS acts as a “transperant” device with no IP address and it needs to be plugged in the switch
port or sits between the router and the local network. In a virtual machine, it was nearly impossible.
And the industry practice ended with no answer to this problem.I hoped that in the future, I had a
chance to make a real-time demo.
VI. Self Assessment
At the end of industry practice, what I achieved was just superficial knowledge of IPS and a few
configurations for this device.
However, I could have any overview of IPS products in general from McAfee IPS products to Cisco
IPS products. Installation and configuration was not difficult for me but I still had a desire to make a
real demo that had not been conducted yet.
Apart from knowledge, I had a chance to understand the real working enviroment in an IT organization.
I hoped it could help me much in the future.

20
VI. References
Earl C 2005.CCSP IPS Exam Certification Guide. Cisco Press: 1-58720-146-1.
21
VII. Appendices
A. McAfee Email Gateway
Source: />eway.html
(Tiền thân là Ironmail)
Bảo vệ toàn diện email cho doanh nghiệp
Quy mô và tính đa dạng của những đe dọa bảo mật liên quan đến email vẫn tiếp tục gia tăng. Sản phẩm
McAfee Email Gateway tích hợp bảo vệ toàn diện tấn công bên trong cùng với ngăn cản dữ liệu
bên ngoài bị mất, quy chuẩn cao, báo cáo chi tiết và quản trị được đơn giản hóa. Bạn có thể có
được những tính năng và hiệu suất dành cho doanh nghiệp mà đáp ứng những yêu cầu công

việc có tính đòi hỏi khắt khe- và tất cả những cái đó tạo ra ít gánh nặng về quản trị.
1. Lợi ích và tính năng
• Lợi ích
- Bảo vệ trước những đe dọa bên trong: Chỉ ra và ngăn chặn những thư rác đến với độ chính
xác đến 90%, đồng thời chống lại virus, malware, phishing, directory harvest attack, tấn công từ
chối dịch vụ, bounceback attack, zero-hour attack và làn sóng thư rác, TrustedSouce
TM
có thể
đảm nhiệm hết những khả năng trên.
- Ngăn chặn mất dữ liệu bên ngoài: Ngăn chặn rò rỉ thông tin bằng nhận dạng dấu vân tay,
phân tích từ vựng và kỹ thuật tổng hợp mà bổ trợ cùng sự kết hợp giữa từ khóa và mẫu
để phát hiện ra cả dữ liệu có cấu trúc và dữ liệu không có cấu trúc; quản lý thư tín dựa
trên chính sách sau đó bảo vệ mất dữ liệu bên ngoài.
- Đơn giản hóa quá trình quản lý bảo mật thư điện tử: Tận dụng khả năng khởi tạo và gia cố
những chính sách 1 cách linh hoạt và khả năng ghi chép và báo cáo để đơn giản hóa quá
trình quản trị và quy chuẩn công việc- và giảm chi phí 1 cách đáng kể. Ngoài ra thì GLBA,
HIPAA, và SOX đều được hỗ trợ.
• Tính năng:
- TrustedSource global reputation intelligence
Dựa trên hệ thống máy chủ internet có tiếng đắt giá và toàn diện của thế giới,
TrustedSource liên tục giám sát và miêu tả đặc tính của những người gửi mail trên internet thông
qua mạng lưới toàn cầu gồm hơn 10,000 thành phần cảm biến (sensors) ở 82 quốc gia.
- McAfee Email Anti-virus:
Bảo vệ tích hợp trước virus và malware xuất phát từ email.
22