Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1 Manual page 8

Configuring intrusion detection and prevention devices guide

Table of Contents

Configuring Intrusion Detection and Prevention Devices Guide

Chapter 4

Chapter 5

Chapter 6

viii

Violation Viewer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Modifying Profiler Settings (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Configuring Profiler Database Preferences (NSM Procedure) . . . . . . . . . . . . . . . . 26

Displaying Profiler Database Information (NSM Procedure) . . . . . . . . . . . . . . . . . 27

Querying the Profiler Database (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 28

Purging the Profiler Database (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Configuring Security Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Intrusion Detection and Prevention Devices and Security Policies Overview . . . . . 31

Configuring Predefined Security Policies (NSM Procedure) . . . . . . . . . . . . . . . . . . 33

Creating a New Security Policy (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 34

Modifying IDP Rulebase Rules (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Specifying Rule Match Conditions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Specifying IDP Rulebase Attack Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Specifying Rule Session Action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Specifying Rule IP Action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Specifying Rule Notification Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Specifying Rule VLAN Matches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Specifying Rule Targets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Specifying Rule Severity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Specifying Rule Optional Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Specifying Rule Comments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Configuring Exempt Rulebase Rules (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 45

Configuring Backdoor Rulebase Rules (NSM Procedure) . . . . . . . . . . . . . . . . . . . . 47

Configuring SYN Protector Rulebase Rules (NSM Procedure) . . . . . . . . . . . . . . . 49

Configuring Traffic Anomalies Rulebase Rules (NSM Procedure) . . . . . . . . . . . . . 51

Configuring Network Honeypot Rulebase Rules (NSM Procedure) . . . . . . . . . . . . 54

Configuring Application Rulebase Rules (NSM Procedure) . . . . . . . . . . . . . . . . . . 57

Working with Attack Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

Attack Objects in Intrusion Detection and Prevention Security Policies

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

Loading J-Security-Center Updates (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 62

Viewing Predefined Attack Objects (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 63

Working with Attack Groups (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Creating Dynamic Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Creating Static Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

Creating Custom Attack Objects (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 67

Configuring General Properties for Attack Objects . . . . . . . . . . . . . . . . . . . . . 67

Creating a Signature Attack Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

Verifying the Attack Object Database Version (NSM Procedure) . . . . . . . . . . . . . 75

Updating the IDP Detector Engine (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . 76

Configuring SNMP and Syslog Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

Configuring an SNMP Agent (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

Configuring Syslog Collection (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . 80

Table of Contents

Troubleshooting

Related Products for Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1

This manual is also suitable for:

Network and security manager 2010.3

Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1 Manual page 8

Troubleshooting

Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1

Related Products for Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1

This manual is also suitable for:

Table of Contents