Configuring Security Policies; Intrusion Detection And Prevention Devices And Security Policies Overview - Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1 Manual

CHAPTER 4

Configuring Security Policies

Intrusion Detection and Prevention Devices and Security Policies Overview

Copyright © 2010, Juniper Networks, Inc.
Intrusion Detection and Prevention Devices and Security Policies Overview on page 31
Configuring Predefined Security Policies (NSM Procedure) on page 33
Creating a New Security Policy (NSM Procedure) on page 34
Modifying IDP Rulebase Rules (NSM Procedure) on page 36
Configuring Exempt Rulebase Rules (NSM Procedure) on page 45
Configuring Backdoor Rulebase Rules (NSM Procedure) on page 47
Configuring SYN Protector Rulebase Rules (NSM Procedure) on page 49
Configuring Traffic Anomalies Rulebase Rules (NSM Procedure) on page 51
Configuring Network Honeypot Rulebase Rules (NSM Procedure) on page 54
Configuring Application Rulebase Rules (NSM Procedure) on page 57
An IDP security policy defines how the IDP device handles network traffic. It allows you
to enforce various attack detection and prevention techniques on traffic that traverses
your network.
For a detailed explanation of security policy features and components, and for examples,
see the IDP Concepts & Examples Guide.
To create an effective security policy, follow these basic steps:
Run the New Policy wizard to create a new security policy object. The new security
1.
policy can be based on a predefined template.
Use the Security Policy editor to add one or more rulebases.
2.
A rulebase is an ordered set of rules that use a particular detection method to identify
and prevent attacks.
Table 14 on page 32 describes the IDP security policy rulebases. A security policy can
contain only one instance of any rulebase type.
31