Table of Contents
Advertisement
Configuring Intrusion Detection and Prevention Devices Guide
Specifying General Options
14
Collecting specific information about your internal network
Starting the Profiler to enable your device to begin collecting data
Customizing Profiler preferences
You configure your device to collect specific information and compile it into the Profiler
database.
Configuring the Profiler
You can configure the Profiler using the Profiler settings available on the device settings
in the Device Manager. Using the Device Manager, double-click to access a device
managed in NSM, and click Profiler Settings.
The Profile Configuration dialog box appears with the General tab selected. Once you
select the device for profiling, you can configure the options for the device to collect data
from your internal network.
The following topics describe the steps to configure Profiler options:
Specifying General Options on page 14
Specifying Tracked Hosts on page 16
Specifying Context Targets on page 17
Specifying Alert Options on page 18
In this tab, indicate whether you want to enable Application Profiling and Probe and
Attempt and whether Non-tracked IP Profiles will be included in the profiling. Also indicate
the size of the Profiler database and whether to enable OS fingerprinting.
You configure Profiler general options to enable Profiler features.
OS fingerprinting passively detects the operating system of an end-host by analyzing
TCP handshake packets. To ensure that this works, you need to verify that OS
fingerprinting is first enabled on the profiled device. After you have configured the Profiler
with the tracked hosts and contexts, you must update the device.
OS fingerprinting works only for packets that contain a full-fledged TCP connection, that
is the TCP connection should have a SYN, SYN/ACK, and a FIN connection. OS
fingerprinting only works for operating systems that are supported on the device. A list
of the supported operating systems is available on the device in a file called
fingerprints.set at the following location:
/usr/idp/device/cfg/fingerprints.set
Configuring Network Objects
The first part of configuring the Profiler is to inform the device which network objects you
want the device to profile. When you start the Profiler, the device begins collecting data
from the selected hosts.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
Troubleshooting
