Specifying Alert Options - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01 Manual

Configuring intrusion detection and prevention devices guide

Hide thumbs Also See for NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01:

Manual (444 pages)

Administration manual (1026 pages)

Installation manual (244 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

Table of Contents

Configuring Intrusion Detection and Prevention Devices Guide

Specifying Alert Options

you to quickly identify the users using FTP on your network and the actions they perform

over that protocol.

When you first configure the Profiler, select all contexts. This enables the device to collect

data about every context on your network, giving you a complete view of your network

traffic. Later, when you have analyzed your traffic, you can eliminate contexts that you

know will not be used on your network.

Select Profile Context to include context information. If you clear Profile Context, IDP

profile data only includes high-level traffic data such as source, destination, and service.

If you want Profiler information to include context values and network probes (for

example, port scans), also configure the Profiler to include probes and attempts.

You configure Profiler context settings to determine whether Profiler logs include not

only host and application data but also data pulled from application contexts. For

example, if you specify context targets for FTP usernames, the Profiler logs will include

the username specified for the FTP connection in addition to the hostname and service

(FTP).

To specify Profiler context targets:

From Device Manager, double-click a device and then click Profiler Settings.

Click the Contexts To Profile tab.

Browse and select from the predefined list of contexts.

Click Apply.

NOTE: If you change Profiler settings, you must push a configuration update

to the device before the new settings take effect. From the Device Manager,

right-click the device, select Update Device, check Restart IDP Profiler After

Device Update, and click OK.

Indicate which profiler events you want to generate alerts for in the Alert Options tab.

Use this tab to configure the Profiler to indicate the appearance of a new host, protocol,

or port on your internal network. When you select New Host Detected, New Protocol

Detected, or New Port Detected, the device generates a specific log record, such as

PROFILER_NEW_HOST, in the Profiler Logs section of the Log Viewer when the device

discovers a new host, protocol, or port.

If you are configuring the Profiler for the first time, do not enable the new host, protocol,

or port alerts. As the Profiler runs, the device views all network components as new, which

can generate unnecessary log records. After the Profiler has learned about your network

and has established a baseline of network activity, you should reconfigure the device to

record new hosts, protocols, or ports discovered on your internal network. For details,

see the Network and Security Manager Administration Guide.

Table of Contents

Specifying Alert Options - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01 Manual

Specifying Alert Options

Troubleshooting

Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01

Related Content for Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01

Table of Contents