Configuring Network Honeypot Rulebase Rules (Nsm Procedure) - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01 Manual

Configuring intrusion detection and prevention devices guide

Hide thumbs Also See for NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01:

Manual (444 pages)

Administration manual (1026 pages)

Installation manual (244 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

Table of Contents

Configuring Intrusion Detection and Prevention Devices Guide

Documentation

Configuring Network Honeypot Rulebase Rules (NSM Procedure)

Table 32: Traffic Anomalies Rulebase Rule Properties (continued)

Option

VLAN Tag

Severity

Install On

Comments

For more information, see the IDP Concepts & Examples guide.

Intrusion Detection and Prevention Devices and Security Policies Overview on page 31

Modifying IDP Rulebase Rules (NSM Procedure) on page 36

Configuring Network Honeypot Rulebase Rules (NSM Procedure) on page 54

Assigning a Security Policy in an Intrusion Detection and Prevention Device (NSM

Procedure) on page 119

The network honeypot rulebase is a method to detect investigation activities.

To configure a network honeypot rulebase rule:

In the NSM navigation tree, select Policy Manager > Security Policies.

Select and double-click the security policy to which you want to add the network

honeypot rulebase rule.

Function

Specifies that you can

configure a rule to only apply

to messages in certain VLANs.

Specifies if you can override

the inherent attack severity

on a per-rule basis within the

IDP rulebase.

Specifies the security devices

or templates that receive and

use this rule.

Specifies any miscellaneous

comment about the rule's

purpose.

Your Action

Set a value by selecting any of the

following options:

Any—This rule is applied to

messages in any VLAN and to

messages without a VLAN tag.

None—This rule is applied only

to messages that do not have a

VLAN tag.

Select VLAN Tags—Specifies

which VLAN tags the rule

applies to.

Set the severity to Default, Info,

Warning, Minor, or Critical.

NOTE: This column only appears

when you view the Security Policy

in Expanded Mode.

Select the target security device.

NOTE: You can also select

multiple security devices on which

to install the rule.

Enter any additional comments

about the rule.

Table of Contents

Configuring Network Honeypot Rulebase Rules (Nsm Procedure) - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01 Manual

Configuring Network Honeypot Rulebase Rules (NSM Procedure)

Troubleshooting

Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01

Related Content for Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01

Table of Contents