Configuring Traffic Anomalies Rulebase Rules (Nsm Procedure) - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01 Manual

Configuring intrusion detection and prevention devices guide

Hide thumbs Also See for NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01:

Manual (444 pages)

Administration manual (1026 pages)

Installation manual (244 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

Table of Contents

Configuring Intrusion Detection and Prevention Devices Guide

Configuring Traffic Anomalies Rulebase Rules (NSM Procedure)

Assigning a Security Policy in an Intrusion Detection and Prevention Device (NSM

Procedure) on page 119

The traffic anomalies rulebase employs a traffic flow analysis method to detect attacks

that occur over multiple connections and sessions (such as scans).

To configure a traffic anomalies rulebase rule:

In the NSM navigation tree, select Policy Manager > Security Policies.

Select and double-click the security policy to which you want to add the traffic

anomalies rulebase rule.

Click New in the upper right corner of the policy viewer and select Add Traffic

Anomalies Rulebase.

Click the New button within the rules viewer to add a rule.

Modify the property of the rule by right-clicking the table cell for the property and

making your modifications.

Configure or modify the rule using the settings described in Table 32 on page 52.

Table 32: Traffic Anomalies Rulebase Rule Properties

Option

Match > Source

Match > Destination

Match > Service

Function

Specifies if you want to add,

delete, copy, or reorder rules.

Specifies the address object

that is the source of the

traffic.

Specifies the address object

that is the destination of the

traffic, typically a server or

other device on your network.

Specifies service objects in

rules to service an attack to

access your network.

Your Action

Right-click the table cell for the

rule number and make your

required modifications.

Select any to monitor network

traffic originating from any IP

address.

NOTE: You can also negate one

or more address objects to specify

all sources except the excluded

object.

Select the destination object.

NOTE: You can also negate one

or more address objects to specify

all destinations except the

excluded object.

Set a service by selecting any of

the available options.

NOTE: We recommend that you

do not change the default value,

TCP-ANY.

Table of Contents

Configuring Traffic Anomalies Rulebase Rules (Nsm Procedure) - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01 Manual

Configuring Traffic Anomalies Rulebase Rules (NSM Procedure)

Troubleshooting

Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01

Related Content for Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01

Table of Contents