Specifying Idp Rulebase Attack Objects - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01 Manual

Configuring intrusion detection and prevention devices guide

Hide thumbs Also See for NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01:

Manual (444 pages)

Administration manual (1026 pages)

Installation manual (244 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

Table of Contents

Configuring Intrusion Detection and Prevention Devices Guide

Table 21: IDP Rulebase Match Condition Settings (continued)

Column

User Role

Destination

Service

Terminate

Specifying IDP Rulebase Attack Objects

Description

Select User Role–Displays the Select User Role dialog box where you can select or configure user

role matches.

If a value for User Role matches, the Source parameter is not consulted.

User role-based rules are evaluated before IP source rules. If a user role matches, and if the other

match criteria are met, the rule is applied and IP address-based rules are not consulted.

NOTE: Matching based on user role depends on integration with Juniper Networks Infranet

Controllers.

Select Address–Display the Select Address dialog box where you can select address objects for

destination servers.

Any–Matches any destination address.

Negate–Specifies any except those specified.

To use address negation:

Add the address object.

2. Right-click the address object and select Negate.

Default–Matches the service(s) specified in the rule attack object(s).

If you have enabled the Application Identification (AI) feature, the IDP process engine identifies

services even if they are running on nonstandard ports.

If you have not enabled AI and specify Default, the IDP process engine assumes that standard ports

are used for the service.

NOTE: If you do not enable AI and your service uses nonstandard ports, you must create a custom

service objects.

Any–Matches any service.

Select Service–Display the Select Service dialog box where you can select predefined or custom

service objects.

Enable or Disable–Marks the rule a terminal rule (or clears the mark). If a session matches a terminal

rule, the IDP process engine does not load any subsequent rules. It takes action, if any, according

to the terminal rule.

To add attack objects:

Right-click the table cell for attacks and select Select Attacks.

In the All Attacks/Groups box, expand Attack Groups.

Table of Contents

Specifying Idp Rulebase Attack Objects - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01 Manual

Specifying IDP Rulebase Attack Objects

Troubleshooting

Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01

Related Content for Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01

Table of Contents