Page 2
Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that are owned by or licensed to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312, 6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785.
Page 3
REGARDING LICENSE TERMS. 1. The Parties. The parties to this Agreement are (i) Juniper Networks, Inc. (if the Customer’s principal office is located in the Americas) or Juniper Networks (Cayman) Limited (if the Customer’s principal office is located outside the Americas) (such applicable entity being referred to herein as “Juniper”), and (ii) the person or organization that originally purchased from Juniper or an authorized Juniper reseller the applicable...
Page 5
(including Juniper modifications, as appropriate) available upon request for a period of up to three years from the date of distribution. Such request can be made in writing to Juniper Networks, Inc., 1194 N. Mathilda Ave., Sunnyvale, CA http://www.gnu.org/licenses/gpl.html...
Objectives Network and Security Manager (NSM) is a software application that centralizes control and management of your Juniper Networks devices. With NSM, Juniper Networks delivers integrated, policy-based security and network management for all security devices. Intrusion Detection and Prevention (IDP) series uses eight detection methods to detect malicious network traffic.
Table 4: Network and Security Manager and IDP Device Publications (continued) IDP Concepts & Examples Guide Details about the Juniper Networks Intrusion Detection and Prevention (IDP) series that uses multiple methods to detect and prevent network attacks. IDP is designed to reduce false positives to ensure that only actual malicious traffic is detected and stopped.
About This Guide Join and participate in the Juniper Networks Community Forum: http://www.juniper.net/company/communities/ Open a case online in the CSC Case Management tool: http://www.juniper.net/cm/ To verify service entitlement by product serial number, use our Serial Number Entitlement (SNE) Tool: https://tools.juniper.net/SerialNumberEntitlementSearch/ Opening a Case with JTAC You can open a case with JTAC on the Web or by telephone.
NSM Installation Overview NSM is a software application that enables you to integrate and centralize management of your Juniper Networks environment. You need to install two main software components to run NSM: the NSM management system and the NSM user interface (UI).
Using Templates and Configuration Groups in NSM Overview on page 8 NSM and Intrusion Detection and Prevention Device Management Overview NSM is the Juniper Networks network management tool that allows distributed administration of network appliances. You can use the NSM application to centralize status monitoring, logging, and reporting, and to administer IDP Series configurations.
Page 48
IDP Rulebase Protects your network from attacks by using attack objects to detect known and unknown attacks. Juniper Networks provides predefined attack objects that you can use in IDP rules. You can also configure your own custom attack objects. Exempt Rulebase You configure rules in this rulebase to exclude known false positives or to exclude a specific source, destination, or source/destination pair from matching an IDP rule.
Troubleshooting Security Policy Validation Errors (NSM Procedure) on page 118 Configuring Predefined Security Policies (NSM Procedure) The highly respected Juniper Networks Security Center team (J-Security Center) provides the default IDP security policy—named Recommended. We advise that you use this policy to protect your network from the likeliest and most dangerous attacks.
User role-based rules are evaluated before IP source rules. If a user role matches, and if the other match criteria are met, the rule is applied and IP address-based rules are not consulted. NOTE: Matching based on user role depends on integration with Juniper Networks Infranet Controllers.
Chapter 4: Configuring Security Policies To add attack objects recommended by Juniper Networks Security Center (J-Security Center), expand Recommended Attacks, browse groups, and select groups or individual attack objects. To add other predefined attack objects, expand All Attacks, browse groups, and select groups or individual attack objects.
Page 56
IDP closes the connection to the server but not to the client. Table 24 on page 40 describes the logic applied to the value Recommended, a setting coded in predefined attack objects provided by Juniper Networks Security Center. Table 24: IDP Rulebase Actions: Recommended Actions by Severity...
Configuring Intrusion Detection and Prevention Devices Guide Loading J-Security-Center Updates (NSM Procedure) The Juniper Networks Security Center (J-Security Center) routinely makes important updates available to IDP security policy components, including updates to the IDP detector engine and NSM attack database.
Filters attack objects based on the application that is vulnerable to the attack. Add Severity Filter Filters attack objects based on attack severity. NOTE: All predefined attack objects are assigned a severity level by Juniper Networks. However, you can edit this setting to match the needs of your network. Add Category Filter Filters attack objects based on category.