1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Software
  5. NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE...
  6. Manual

Creating A Signature Attack Object - Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1 Manual

Configuring intrusion detection and prevention devices guide
Hide thumbs
Table of Contents

Advertisement

Table 39: Attack Object Types (continued)
Type
Protocol Anomaly
Compound Attack

Creating a Signature Attack Object

Table 40: Custom Attack – General Properties
Property
False Positives
Copyright © 2010, Juniper Networks, Inc.
Description
Detects unknown or sophisticated attacks that violate protocol specifications (RFCs and common
RFC extensions).
You cannot create new protocol anomalies, but you can configure a new attack object that controls
how the security device handles a predefined protocol anomaly when detected.
If you do not know that exact attack signature, but you do know the protocol anomaly that detects
the attack, select this option.
Detects attacks that use multiple methods to exploit a vulnerability. This object combines multiple
signatures and/or protocol anomalies into a single attack object, forcing traffic to match all
combined signatures and/or anomalies within the compound attack object before traffic is identified
as an attack.
By combining and even specifying the order in which signatures or anomalies must match, you can
be very specific about the events that need to take place before IDP identifies traffic as an attack.
If you need to detect an attack that uses several benign activities to attack your network, or if you
want to enforce a specific sequence of events to occur before the attack is considered malicious,
select this option
Click Ok.
9.
To configure a signature attack object:
Configure general attack object properties. For information, see "Configuring General
1.
Properties for Attack Objects" on page 67.
On the Target Platform and Type page, select Signature and click Next.
On the Custom Attack–General Properties page, configure the settings described
2.
in Table 40 on page 69.
Description
Select the frequency that the attack object produces a false positive on your network: Unknown,
Rarely, Occasionally, Frequently.
Chapter 5: Working with Attack Objects
69

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1

Related Content for Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1

This manual is also suitable for:

Network and security manager 2010.3

Table of Contents