Specifying Rule Session Action - Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1 Manual

Table 22: Attack Object Group Hierarchy
Group
Attack Type
Category
Operating System
Severity
Web Services
Miscellaneous

Specifying Rule Session Action

Copyright © 2010, Juniper Networks, Inc.
To add attack objects recommended by Juniper Networks Security Center (J-Security
3.
Center), expand Recommended Attacks, browse groups, and select groups or
individual attack objects.
To add other predefined attack objects, expand All Attacks, browse groups, and
4.
select groups or individual attack objects.
To add attack objects that belong to custom groups, expand the node for the custom
5.
group, browse subgroups, and select groups or individual attack objects.
To add custom attack objects that do not belong to groups, expand Attack List and
6.
select from custom attack objects.
Click OK.
7.
Table 22 on page 39 describes the attack object group hierarchy for recommended and
predefined attack objects provided by J-Security Center.
Contents
Contains two subgroups: anomaly and signature. Within each subgroup, attack objects are grouped
by severity.
Contains subgroups based on category. Within each category, attack objects are grouped by severity.
Contains the following subgroups: BSD, Linux, Solaris, and Windows. Within each operating system,
attack objects are grouped by services and severity.
Contains the following subgroups: Critical, Major, Minor, Warning, Info. Within each severity, attack
objects are grouped by category.
NOTE: Our severity rating is not based on CVSS (Common Vulnerability Scoring System). We do
include data from Bugtraq (Symantec) and CVE (Common Vulnerabilities and Exposures).
Contains subgroups based on Web services. Within services, attacked objects are grouped by
severity.
Contains attack objects that have a significant affect on IDP performance.
Actions are responses to sessions that match the source/destination condition and attack
object pattern. Actions protects your network from attacks.
If a packet triggers multiple rule actions, the IDP device takes the most severe action. For
example, if the rules dictate that a packet will receive a DiffServ marking and be dropped,
and then the packet will be dropped.
To specify a rule action, right-click the table cell and select your setting.
Table 23 on page 40 describes the actions you can set for IDP rulebase rules.
Chapter 4: Configuring Security Policies
39