Table of Contents
Advertisement
Table 1: New Features (continued)
Feature
Enhanced application
identification
Enhanced APE rulebase
features
Enhanced attack signature
Configurable syslog
communication
Bidirectional packet capture
Copyright © 2011, Juniper Networks, Inc.
Description
Beginning with IDP OS Release 5.1, the application identification feature can match extended
application signatures used in APE rulebase rules. Extended application signatures are also called
nested application signatures. The predefined extended application signatures developed for
IDP OS Release 5.1 include the most prevalent Web 2.0 applications running over HTTP. If your
security policy includes APE rules configured to match extended application signatures, the
application identification process identifies and generates the following HTTP contexts:
http-url-parsed, http-url-parsed-param-parsed, http-header-host, and http-header-content-type.
The application identification feature can then match application signature patterns in those
contexts.
J-Security Center updates application signatures and develops new ones as necessary. Beginning
with IDP OS Release 5.1, you can use NSM to browse predefined application objects, predefined
extended application objects, and application groups. You can also use NSM to create custom
application definitions, if needed. You cannot, however, create custom extended application
definitions.
For details, see
Using Application Identification
topics.
Beginning with IDP OS Release 5.1:
You can create rules that match extended application objects (also called nested application
objects).
You can apply a new action to matching rules: DiffServ + Ratelimiting.
If you use user-role based matching, you can set a global option to enable an aggregate limit
for matching user-roles (default) or a per-subscriber rate limit (by using a CLI command).
Understanding the APE Rulebase
For details, see
IDP OS Release 5.1 supports the following configurable constraints to enable you to fine-tune
custom attack signatures:
Within bytes—Configure a byte range where the attack pattern must be detected.
Within packets—Configure a packet range where the attack pattern must be detected.
Context checking—Configure a byte-length requirement for matching contexts.
This release also supports bit-level matching for binary protocols.
For details, see the
IDP Series Custom Attack Object Reference and Examples Guide
Beginning with IDP OS Release 5.1, you can specify the protocol and port to use for syslog
Configuring Syslog Collection (NSM Procedure)
messages. See
Beginning with IDP OS Release 5.1, you can use a new utility to capture packets at the Rx interface
(receiving interface) and also at the Tx interface (transmitting interface). See
jnetTcpdump to Capture Packets
,
Using Application Objects
and its related topics.
.
New and Changed Features
, and their related
.
.
Using
3
Advertisement
Table of Contents
